Data Privacy & Protection
Data Privacy & Protection
How WiserReview collects, processes, stores, and protects personal data. Covers GDPR alignment and our sub-processor list.
Tatvam Cloud Solutions, LLP | March 2026
1. Data We Collect
1.1 Data from End Consumers (Reviewers)
| Data Type | Source | Purpose |
|---|---|---|
| Name | Submitted with review or from platform order data | Display on review widget |
| Email address | Submitted with review or from platform order data | Review request emails, verification |
| Review content (text) | Submitted by customer | Display on merchant storefront |
| Star rating | Submitted by customer | Display on merchant storefront |
| Photos/videos | Optionally uploaded by customer | Display as user-generated content |
| IP address | Captured at submission | Fraud prevention, rate limiting |
| Order information | From connected e-commerce platform | Verified buyer badge, review request timing |
1.2 Data from Merchants
| Data Type | Source | Purpose |
|---|---|---|
| Store name & domain | Platform OAuth flow | Account setup, widget configuration |
| Email address | Registration | Account access, notifications |
| Password | Registration | Authentication (stored as bcrypt hash, never plaintext) |
| Product catalog | Platform API sync | Match reviews to products |
| Order data | Platform webhooks | Trigger review request emails |
| Billing information | Managed by Chargebee | Subscription management |
1.3 Data We Do NOT Collect
- Credit card and payment card data. All billing is handled by Chargebee (PCI DSS Level 1). No card data ever reaches WiserReview servers.
- Social Security Numbers or government IDs
- Health or medical information
- Biometric data
2. Data Flow
Data is encrypted from the point of processing. Deletion is permanent — backups follow MongoDB Atlas point-in-time recovery window.
Data flow summary:
- 1.Customer places order on merchant's store
- 2.E-commerce platform sends order webhook to WiserReview Backend API
- 3.Backend API stores order reference in MongoDB Atlas (AES-256 encrypted at rest)
- 4.Backend API queues review request job via Azure Service Bus; Review Display Service picks up the job and sends the email
- 5.Email sent via AWS SES (TLS encrypted, DKIM/SPF authenticated)
- 6.Customer clicks link → submits review via WiserReview form
- 7.Review stored in MongoDB Atlas (AES-256 encrypted at rest)
- 8.Pixel JS on merchant storefront fetches reviews via API (TLS 1.2+)
- 9.Reviews displayed to shoppers
3. Data Storage & Encryption
| Layer | Technology | Encryption |
|---|---|---|
| Primary Database | MongoDB Atlas | AES-256 at rest, TLS in transit |
| File Storage | Azure Blob Storage, AWS S3 | Server-side encryption at rest |
| Cache | Redis | Password-authenticated, no PII stored |
| Message Queue | Azure Service Bus | Encrypted at rest and in transit |
| Email Delivery | AWS SES | TLS in transit |
Storage Locations: Primary database and application servers: Microsoft Azure. CDN and WAF: Cloudflare (300+ global edge locations). Email delivery: AWS SES. File storage: Azure Blob Storage and AWS S3.
4. GDPR Compliance
4.1 Lawful Basis for Processing
Legitimate Interest
Merchants have a legitimate interest in collecting and displaying customer reviews to build trust.
Consent
End consumers voluntarily submit reviews.
Contractual Necessity
Processing required to deliver the service to merchants.
4.2 Data Subject Rights
| Right | How We Support It |
|---|---|
| Right to Access | Merchants can export all review data from the dashboard. End consumers can request their data via the merchant or by contacting us directly. |
| Right to Rectification | Review content can be edited by the merchant or upon request from the consumer. |
| Right to Deletion | Merchants can delete individual reviews. Full account deletion removes all associated data. Automated data deletion is supported via platform-level integration events. |
| Right to Data Portability | Review data can be exported in CSV format from the dashboard. |
| Right to Object | Customers can unsubscribe from review request emails at any time. |
4.3 Automated Data Deletion
WiserReview implements automated data deletion events through platform integrations:
| Event | Purpose |
|---|---|
| CUSTOMERS_DATA_REQUEST | Returns all stored data for a specific customer upon request |
| CUSTOMERS_REDACT | Deletes all stored data for a specific customer |
| SHOP_REDACT | Deletes all stored data when a merchant uninstalls the app |
4.4 Data Minimization
We only collect and retain data that is strictly necessary for the service to function:
- • Order data is used solely to trigger review requests and verify purchases
- • Customer emails are used solely for review request communications
- • No data is collected beyond what is required for review management
5. Data Retention & Deletion
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| Reviews | Retained while merchant account is active | Merchant deletes review, or account closure |
| Customer email/name | Retained while merchant account is active | GDPR deletion request, or account closure |
| Order references | Retained while merchant account is active | Account closure |
| Account data | Retained while account is active | Merchant requests account deletion |
| Error logs | 90 days | Automatic rotation |
| Cache data | Transient (hours) | Automatic expiration |
Upon account closure or deletion request: All merchant data is permanently deleted from primary databases. Backup retention follows MongoDB Atlas backup policies (point-in-time recovery window). CDN caches are purged.
6. Sub-Processors
| Sub-Processor | Purpose | Data Processed | Compliance |
|---|---|---|---|
| Microsoft Azure | Hosting, compute, storage, message queuing | All application data | SOC 2, ISO 27001, GDPR |
| MongoDB Atlas | Primary database | All structured data | SOC 2, ISO 27001, GDPR |
| Cloudflare | CDN, WAF, DDoS protection | Request metadata, cached assets | SOC 2, ISO 27001, GDPR |
| AWS SES | Email delivery | Customer email addresses, email content | SOC 2, ISO 27001, GDPR |
| AWS S3 | File storage | Uploaded media (photos/videos) | SOC 2, ISO 27001, GDPR |
| Chargebee | Billing & subscriptions | Merchant billing info (no card data stored by us) | PCI DSS Level 1, SOC 2, GDPR |
| SendGrid | Transactional email (secondary) | Email addresses, email content | SOC 2, ISO 27001 |
| OpenAI | AI-powered review generation, grammar correction | Review text content (no PII sent) | SOC 2 |
7. Data Sharing
- We do NOT sell personal data to any third party.
- We do NOT share personal data beyond what is strictly required for the service to function (i.e., sub-processors listed above).
- Merchant data is isolated Each workspace is logically separated. No merchant can access another merchant's data.
8. Cross-Border Data Transfers
- Primary data processing occurs on Microsoft Azure infrastructure.
- Email delivery via AWS SES may involve data transfer to AWS regions.
- Cloudflare CDN caches content at edge locations globally (only widget scripts and static assets are cached, no PII).
- All cross-border transfers are conducted under appropriate safeguards (Standard Contractual Clauses where applicable).
9. Incident Response & Breach Notification
- 1Affected merchants will be notified within 72 hours of discovery, in compliance with GDPR Article 33.
- 2A root cause analysis will be conducted and remediation steps implemented.
- 3The relevant supervisory authority will be notified where required.
Contact
For privacy-related inquiries or data subject requests:
Tatvam Cloud Solutions, LLP
[email protected]