Privacy Policy
Last updated: January 2025
This Privacy Policy describes how Maddisys Ltd ("we", "us", or "our") collects, uses, and protects information when you use our RatedRight application ("Service"). This policy applies to the RatedRight Shopify application and the ratedright.app website.
Information We Collect
Information from Shopify
When you install RatedRight, we receive access to certain information from your Shopify store, including:
- Store information (name, domain, email)
- Order information (for review request automation)
- Product information (for displaying reviews)
- Customer information (email for review requests)
Review Data
We collect and store reviews submitted through our platform, including:
- Review content (text, ratings, photos, videos)
- Reviewer information (name, email)
- Review metadata (timestamps, verification status)
Contact Information
We gather contact information when you submit forms on our website, including your name and email address.
Usage Data
We automatically collect certain information about how you use our Service, including:
- Widget views and interactions
- Feature usage patterns
- Technical details such as IP addresses and browser information
- Error logs and diagnostics
How We Use Information
We use the information we collect to:
- Provide and maintain the Service
- Send review request emails on your behalf
- Display reviews on your storefront
- Generate analytics and insights
- Respond to inquiries and provide customer support
- Improve and develop new features
- Meet legal requirements
Information Sharing
We will never sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.
We may share information with:
- Service Providers: Third-party services that help us operate (see Sub-processors section below)
- Integrations: When you connect third-party services (e.g., Klaviyo, Google Shopping)
- Legal Requirements: When required by law or to protect our rights
Sub-processors
We use the following third-party service providers to operate our Service:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Cloud hosting and database | EU (Belgium) |
| SendGrid (Twilio) | Email delivery | USA |
| OpenAI | AI-powered features | USA |
| Shopify | E-commerce platform | Canada/USA |
International Data Transfers
Maddisys Ltd is based in the United Kingdom. Some of our sub-processors are located in the United States and other countries outside the UK and European Economic Area.
When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs): We use EU/UK-approved standard contractual clauses with our US-based sub-processors
- Data Processing Agreements: All sub-processors are bound by data processing agreements that require them to protect your data
- Adequacy Decisions: Where applicable, we rely on adequacy decisions for transfers to countries deemed to provide adequate protection
You can request a copy of the safeguards we use by contacting us.
Cookies & Tracking
Our website uses cookies for:
- Remembering your preferences
- Analysing site traffic and performance
- Improving user experience
You can control cookies through your browser settings. Disabling cookies may affect some website functionality.
Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- HTTPS encryption for all data transmission
- Regular security assessments
- Limited access protocols
- Secure storage procedures
However, no method of transmission over the Internet is 100% secure.
Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Contact form data is typically retained for up to two years for customer service purposes. You can request deletion of your data at any time.
Your Rights
Under GDPR and UK data protection law, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Restrict processing of your data
- Data portability (export your data)
- Object to processing
GDPR Compliance
For users in the European Economic Area and United Kingdom, we process data in accordance with GDPR and UK GDPR. Our legal basis for processing includes contract performance, legitimate interests, and consent where applicable.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
Data Controller
The data controller responsible for your personal data is:
Maddisys Ltd
Company Registration: 05215218
Registered in England and Wales
Email: privacy@ratedright.app
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Email: privacy@ratedright.app
- Contact form: Contact us
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Maddisys Ltd - Company Registration: UK No. 05215218