StarScore

Privacy Policy

Last Updated: April 13, 2026

Introduction

This Privacy Policy describes how HI SUPREME GOODS (“we,” “us,” or “our”) collects, uses, and shares personal information when you install or use the StarScore app (“the App”) in connection with your Shopify-powered store, or when you interact with a Shopify store that has the App installed.

StarScore is a product reviews and star ratings app for Shopify. This policy applies to two categories of individuals: Shopify merchants who install the App, and customers of those merchants who submit reviews or interact with review features on merchant storefronts.

Information We Collect from Merchants

When you install StarScore on your Shopify store, we collect the following information through Shopify’s OAuth authentication process:

Store information: Your Shopify store domain, store name, and Shopify access token (encrypted at rest). This is required to authenticate the App and provide its core functionality.

Product information: Product titles, handles, SKUs, and featured images from your Shopify catalog. This is used to associate reviews with the correct products and generate structured data for Google.

Order information: Order IDs and customer email addresses from fulfilled orders. This is used to send post-purchase review request emails (Pro plan) and to verify whether a reviewer is a confirmed buyer.

Account and billing information: Your selected plan (Free or Pro) and associated billing details, processed through Shopify’s billing system.

Information We Collect from Customers

When a customer submits a review through the StarScore widget on a merchant’s store, we collect:

Review content: The reviewer’s name, email address, star rating (1–5), review title, and review body text.

Verification data: We cross-reference the reviewer’s email address with the merchant’s order history to determine verified buyer status. We do not use this email for any purpose other than verification and review management.

We do not collect payment information, browsing behavior, IP addresses for tracking purposes, or any data beyond what is described above.

How We Use Your Information

We use the information we collect for the following purposes:

Providing the App’s core functionality: Displaying star ratings and reviews on merchant product pages, computing aggregate ratings, and storing review data.

Generating structured data: Outputting valid JSON-LD schema markup on product pages so that Google and other search engines can display star ratings in search results.

Sending review request emails: For merchants on the Pro plan, we send post-purchase emails to customers asking them to review their purchase. These emails are sent on behalf of the merchant and include an unsubscribe option.

Verified buyer badges: Cross-referencing reviewer email addresses with order data to display a “Verified Buyer” badge on qualifying reviews.

Review moderation: Allowing merchants to approve, reject, or respond to reviews through the App’s admin dashboard.

App improvement: Aggregate, anonymized usage data (such as total review counts and average ratings across all stores) may be used to improve the App. We do not sell personal data or use it for advertising.

How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

With Shopify: We store aggregate rating data (average rating and review count) in Shopify product metafields so that ratings can be displayed on your storefront without additional API calls.

Email delivery services: If you are on the Pro plan, we use a third-party email service provider (such as SendGrid or Resend) to deliver review request emails. These providers process email addresses solely for the purpose of email delivery and are bound by their own privacy policies and data processing agreements.

Database hosting: Review data is stored in a managed database service (such as PlanetScale or Neon). These providers act as data processors and are bound by data processing agreements.

Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

Data Retention

We retain merchant data (store information, reviews, and settings) for as long as the App is installed on your store. If you uninstall StarScore, we will delete your store data, including all reviews and customer information, within 30 days of uninstallation.

Review data submitted by customers is retained for as long as the merchant’s App installation is active and the merchant has not deleted the review. Merchants can delete individual reviews at any time through the App’s admin dashboard.

Data Security

We take reasonable measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Shopify access tokens are encrypted at rest using AES encryption. All data is transmitted over HTTPS/TLS.

Webhook verification: All incoming Shopify webhooks are verified using HMAC-SHA256 signatures to prevent tampering.

Input sanitization: All review content is sanitized to prevent cross-site scripting (XSS) and other injection attacks.

Rate limiting: Review submission endpoints are rate-limited to prevent abuse.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Rights Under GDPR and Other Privacy Laws

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you may have the following rights:

Right of access: You can request a copy of the personal data we hold about you.

Right to rectification: You can request that we correct inaccurate or incomplete data.

Right to erasure: You can request that we delete your personal data, subject to certain legal obligations.

Right to restrict processing: You can request that we limit how we process your data.

Right to data portability: You can request your data in a structured, commonly used format.

Right to object: You can object to the processing of your data for certain purposes.

To exercise any of these rights, please contact us at the email address listed below. We will respond to your request within 30 days.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We do not sell personal information. You have the right to know what personal information we collect, request its deletion, and not be discriminated against for exercising your privacy rights. To make a request, contact us at the email address below.

Shopify

StarScore is built on Shopify’s platform. When you use a Shopify store with StarScore installed, Shopify may independently collect and process your data in accordance with its own privacy policy, available at https://www.shopify.com/legal/privacy.

Children’s Privacy

The App is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will post the updated policy on this page and update the “Last Updated” date. We encourage you to review this policy periodically.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: info@hisupreme.com

Business: HI SUPREME GOODS