Privacy Policy
Ethbat helps merchants collect, moderate, and display customer reviews. This policy explains what data we process, why we process it, and the controls available to merchants and customers.
Roles and ownership
The merchant remains the owner of its store data, product data, customer relationships, and submitted review content. For customer data imported from a merchant store, the merchant acts as the data controller and Ethbat acts as a service provider or processor under the merchant's instructions.
Data we process
- Merchant account, store identity, integration settings, and security logs.
- Product identifiers, names, images, links, and product status.
- The minimum order information required to create a verified review request.
- Encrypted customer contact details when needed for delivering a review request.
- Review text, rating, optional media, moderation state, and verification status.
- Technical security data such as timestamps, hashed abuse fingerprints, and limited diagnostic events.
Data we do not need
Ethbat does not require payment card data, payment credentials, full shipping addresses, order prices, or account passwords from merchant customers. Merchants must not send such data to Ethbat.
Purposes
We use data only to operate the service, synchronize products and eligible orders, create and deliver review requests, prevent fraud and abuse, moderate and display approved reviews, provide support, and meet legal obligations. We do not sell merchant or customer personal data.
Cookies and analytics
Ethbat uses essential authentication cookies to keep merchant sessions secure. Limited product analytics may be used to understand page and feature usage. We do not use customer order contacts for advertising profiles.
Security and retention
Sensitive customer contact data is encrypted in transit and at rest at the application level, restricted to trusted server operations, excluded from normal application logs, and scheduled for deletion after its purpose ends. The default contact retention target is no more than 90 days unless a shorter period is configured or law requires otherwise. No online service can promise absolute security, but Ethbat applies layered controls and investigates suspected incidents.
Sharing and service providers
Current service providers may include Vercel for hosting and analytics, Supabase for authentication and database infrastructure, ImageKit for review media, and Resend or Formspree for email and contact forms. Providers are used only as needed to operate Ethbat, with purpose-limited access and technical safeguards. We may disclose data where legally required or necessary to protect users and the service.
Merchant and customer rights
Merchants may access, correct, export, disconnect, or request deletion of their data, subject to lawful retention. Customers may ask the relevant merchant or Ethbat to access, correct, withdraw publication consent, or delete personal review data where applicable. Identity may need to be verified before fulfilling a request.
Merchant responsibilities
The merchant must have a valid legal basis and provide any required notice or consent before sharing customer data or sending review requests. The merchant must honor opt-outs, avoid unsolicited marketing, and configure only eligible order events.
Contact and changes
Privacy requests can be sent through the contact methods published on ethbat.online. Material policy changes will be dated and communicated where appropriate.