“Yotpo is a fundamental part of our recommended tech stack.”
Laura Doonin, Commercial Director
Effective Date: February 11, 2026
This Privacy Policy describes how Yotpo Ltd. (together with its affiliated companies – “Yotpo”, “we”, “our” or “us”) collects, stores, uses, and discloses your personal data when you interact with us, including when you:
Please note, this Privacy Policy applies in situations in which Yotpo processes such personal data as a “data controller”. It does not apply to personal data we process in our role as a “data processor” on behalf of our Clients (as defined below), as further explained in Section 10 below.
Specifically, this Privacy Policy describes our practices regarding:
Please read this Privacy Policy carefully and make sure that you fully understand and agree to it. If you are a Client (as that term is defined in our Terms of Service), please also review the Terms of Service which governs your use of the Services.
You are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own free will. However, please keep in mind that without it, we may not be able to provide you with the full range of our Services or deliver the best user experience when interacting with them. If you prefer not to share your personal data, or to have it processed by us or any of our Service Providers (defined below), please refrain from providing it, visiting or interacting with us including visiting our Sites, or using our Services. You may also submit a request to exercise your rights as explained in Section 9 below.
We collect and generate the following types of personal data:
(i) Client Data: data relating to identified or identifiable individuals that we collect, process and manage on our Clients’ behalf, as part of the Platform or the Services. Such data relates to end-users who place purchases on, or otherwise interact with, our Clients’ online stores.
Yotpo processes Client Data on behalf of, and under the instruction of the respective Client in our capacity as a “data processor”, in accordance with our Data Processing Addendum and other commercial agreements with such Client. For more information, please refer to Section 10 below.
Accordingly, this Privacy Policy, which describes Yotpo’s independent privacy and data processing practices as a “data controller”, does not apply to the processing of Client Data. If you have any questions or requests regarding Client Data, please contact the relevant Client directly.
(ii) User Data: personal data relating to our Clients’ Permitted Users and End Users (both as defined in the Terms of Service), including internal focal persons who directly engage with Yotpo concerning their organizational account, e.g., billing contacts and authorized signatories, and users of the Platform on behalf of such Clients, e.g., account administrators and users (together, “Users”).
We collect and generate the following types of personal data concerning our Users:
(iii) Prospect Data: data relating to our Clients, visitors of our website, participants at our events, and any other prospective client who visits or otherwise interacts with any of our Services (“Prospects”).
We collect and generate the following types of personal data concerning Prospects:
(iv) Business Contact Data: contact, contractual and billing details concerning our service providers, suppliers or partners, or individuals who are employed by them, to the extent their personal data has been shared with us in our capacity as a data controller (e.g., for billing and invoicing purposes and when managing business relationships) (“Business Contacts”).
We collect and generate the following types of personal data concerning our Business Contacts:
We collect such data either automatically, through your interaction with us or with our Services, or through third party services, social media, analytics tools, events we organize or participate in, and other business initiatives.
For the purposes of the California Consumer Privacy Act (“CCPA”), specifically in the last twelve (12) months, we have collected the following categories of personal information: Identifiers; Commercial Information; Customer Record Information; Internet or other electronic network activity information; Geolocation Data; Audio, Electronic, or Similar Information; and Inferences. We do not use or disclose sensitive personal information as defined in the CCPA.
We use personal data for the following purposes and in reliance on the lawful bases noted in the chart below:
| User Data | |
| Purpose | Legal basis for processing |
| To facilitate, operate, and provide our Services. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To authenticate the identity of our Users, and to allow them to access our Services. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To provide assistance and support. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To evaluate, test and monitor our Services, diagnose or fix problems and bugs, as well as develop new features, technologies, and improvements to the Services. | ▪ Legitimate Interest |
| To gain a better understanding of how individuals use and interact with our Sites and Services, and how we can improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services. | ▪ Consent (where applicable)
▪ Legitimate Interest |
| To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. Such activities allow us to highlight the benefits of using our Services, and thereby increase engagement and overall satisfaction with our Services. This includes contextual, behavioral and interests-based advertising based on activity, preferences or other data available to us or to our business partners. | ▪ Consent (where applicable)
▪ Legitimate Interest |
| To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To contact you with general or personalized service-related messages, as well as promotional messages that may be of specific interest to them. | ▪ Consent (where applicable)
▪ Legitimate Interest |
| To facilitate, sponsor and offer certain events, contests and promotions. | ▪ Legitimate Interest
▪ Consent |
| To publish your feedback and submissions to our Sites, public forums and blogs. | ▪ Legitimate Interest
▪ Consent |
| To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To create aggregated data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective services, conduct research, or for any other purpose. | ▪ Legitimate Interest
▪ Performance of a Contract |
| To enforce our agreements, resolve disputes, and protect our business interests and the interests and rights of third parties. | ▪ Legitimate Interest |
| To comply with court orders and warrants, prevent misuse of the Services, and take any action in any related legal dispute and proceeding. | ▪ Legitimate Interest
▪ Legal obligations |
| To comply with applicable laws and regulations. | ▪ Legitimate Interest
▪ Legal obligations |
If you reside in or are using the Services in a territory governed by privacy laws under which “Consent” is the only or most appropriate lawful basis for the processing of personal data (in general, or specifically with respect to the types of personal data you expect or elect to submit or have processed via the Services), your acceptance of this Privacy Policy will be deemed your consent to the processing of your personal data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at privacy@yotpo.com.
We and our authorized Service Providers (defined below) maintain, store and process personal data in the United States of America, Israel, the United Kingdom, European Union, Australia, the Philippines, and other locations, as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law.
While privacy laws may vary between jurisdictions, Yotpo is committed to protecting personal data in accordance with this Privacy Policy and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
Yotpo Ltd. is headquartered in Israel, and Yotpo UK Limited is established in the UK. Both jurisdictions are considered by the European Commission, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and the UK Secretary of State to offer an adequate level of protection for the personal data of residents of the EEA, Switzerland and the UK, respectively. We transfer personal data from the EEA, Switzerland and the UK to Israel on this basis. For data transfers from the EU, Switzerland or the UK to countries which are not considered to offer an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission, FDPIC and the UK Information Commissioner’s Office (ICO). You can request a copy of the applicable SCCs by contacting us as indicated in Section 11 below.
Yotpo Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and will be further liable in cases of onward transfers of your personal data to third parties (including our Service Providers).
Yotpo Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Yotpo Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern for personal data transferred under the DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
We retain your personal data for as long as it is reasonably necessary to maintain and expand our relationship and provide you with our Services and offerings; to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g., as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise), all in accordance with our data retention policy. Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
If you have any questions about our data retention policy, please contact us by email at privacy@yotpo.com.
We may disclose your personal data to certain third parties and other recipients in accordance with this Privacy Policy and as described below:
For the avoidance of doubt, we may disclose your data in additional situations, pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, disclose or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.
For the purpose of the CCPA, in the last 12 months, we have disclosed Identifiers; Internet or other electronic network activity information; Geolocation Data; Commercial Information; Customer Record Information; Audio, Electronic or Similar Information; and Inferences to the third parties listed above.
We and our Service Providers use cookies, pixels, tags and other technologies to provide and monitor our Services and Sites, to ensure that they perform properly, to analyze our performance and marketing activities, and to personalize your experience. Such cookies and similar files or tags may also be temporarily placed on your device. Certain cookies and other technologies serve to recall personal data, such as an IP address, as indicated by you. To learn more about our practices concerning cookies and tracking, please see our Cookie Policy. You may also use the “Cookie Settings” feature available in our footer depending on your location and activity on our Services, as applicable.
While we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, you can manage your cookie preferences, including whether or not to accept them and how to remove them, through your browser settings. Please bear in mind that disabling cookies may complicate or even prevent you from using the Services.
We also use the web analytics tool Google Analytics. This tool helps us understand users’ behavior on our Services, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. Further information about the privacy practices of our analytics service provider is available at: www.google.com/policies/privacy/partners. Further information about your option to opt-out of this analytics service is available at: https://tools.google.com/dlpage/gaoptout.
Please note that if you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt out, so an additional opt-out will be necessary to prevent additional tracking.
We engage in service and promotional communications, through email, phone, SMS and notifications.
Service Communications: We may contact you with information regarding our Services. For example, we may send you notifications (through any means available to us) of changes or updates to our Services or legal terms, billing issues, log-in attempts or password reset notices, etc. Please note that you will not be able to opt out of receiving certain service communications which are integral to your use (like password resets or billing notices).
Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities or any other information of a promotional nature we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or email), through the Services, or through our marketing campaigns on any other sites or platforms.
You can typically control your communications and notifications settings from your Yotpo user profile settings, or otherwise in accordance with the instructions included in the communications sent to you. If you do not wish to receive promotional communications, you may notify us at any time by sending an email to: privacy@yotpo.com, changing your communications preferences in your user profile settings, or by following the “unsubscribe”, “stop”, “opt-out” or “change email preferences” instructions contained in the promotional communications you receive.
To protect your personal data held with us, we use industry-standard physical, procedural and technical security measures, including encryption as appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as described in Section 5 above. To learn more, please visit our Security page.
Individuals have rights concerning their personal data under applicable law, including the EU or UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Such rights may include, to the extent applicable to you according to the laws that apply to you, the right: (i) to know/request access to personal data (specific pieces of personal data collected; categories of personal data collected; categories of sources from whom the personal data was collected; purpose of collecting personal data; categories of third parties to whom we have disclosed personal data), (ii) to request rectification or erasure of personal data held with Yotpo, (iii) to restrict or object to such personal data’s processing (including the right to direct us not to sell your personal data for targeted advertising), (iv) to port such personal data, or (v) to equal services and prices. To exercise any of these rights you may have, please contact us by email at: privacy@yotpo.com. You may also have the right to lodge a complaint with your local data protection authority.
To the extent applicable to you, you may also designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.
Please note that when you ask us to exercise any of your rights under this policy or applicable law, we may need to ask you to provide certain credentials to make sure that you are who you claim you are (to avoid disclosure to you of personal data related to others) and to provide further information to better understand the nature and scope of data for which you request access. Such additional data will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request, or proof of request fulfillment).
We may redact from the data that we will make available to you, any personal data or confidential information related to others.
In compliance with the EU-U.S. DPF, and the UK Extension of the EU-U.S. DPF and the Swiss-U.S. DPF Principles, Yotpo Inc. commits to resolve complaints about our collection or use of your personal data. EEA, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework compliance should submit inquiries to dpo@yotpo.com. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, Yotpo Inc. has further committed to cooperate with EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (UK ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to independently address complaints that we have been unable to resolve.
Please note that under certain conditions (as described under the DPF Principles Yotpo adheres to) you can invoke a binding arbitration by delivering a notice to Yotpo Inc. via dpo@yotpo.com. Please also note that Yotpo Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Certain data protection laws and regulations, such as the EU GDPR, UK GDPR or the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent such laws and regulations apply.
Yotpo is the “data controller” of Yotpo Prospect Data, User Data and Business Contact Data. With respect to such data, we assume the responsibilities of data controller (solely to the extent applicable under law) as set forth in this Privacy Policy. In such situations, our Service Providers processing such data will assume the role of “data processor”.
Yotpo is the “data processor” of Client Data, which we process on behalf of our Client (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms, our Data Processing Addendum (to the extent applicable) and other commercial agreements with such Client. Our Service Providers, who process such Client Data on our behalf, are the “sub-processors” of such data.
Our Clients are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on their behalf or at their request, as well as all individuals whose personal data may be included in Client Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Client. Our Clients are also responsible for handling data subject rights requests under applicable law.
If you would like to make any requests or queries regarding personal data we process as a data processor on our Clients’ behalf, including accessing, correcting or deleting your data, please contact the Client directly.
Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Services. The amended version will be effective as of the date it is published. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us or via the Services. After such notice period, all amendments shall be deemed accepted by you.
Opt out of Sale/Sharing for Targeted Advertising
Under some US data protection laws, like the CCPA, our disclosure of certain internet activity and device information with third parties through cookies may be considered a “sale” or “sharing” of personal information for targeted advertising. We do so in pursuit of the business and commercial purposes described in Section 2 above.
For the purposes of the CCPA, in the last 12 months we have “sold” or “shared” Internet or Other Electronic Network Activity Information, Geolocation Data, and Commercial Information with our analytics and advertising partners and service providers.
You may opt out of all cookies that may result in a “sale” and/or “sharing” of your personal information in the following ways:
If you have any questions or would like to exercise your rights under the CCPA, you can contact privacy@yotpo.com.
External Links: While our Services may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave our Services for the website or application of such third parties, and to read the privacy policies of each website and service you visit. This Privacy Policy applies only to our Services.
Our Services are not designed to attract children: Our Services are not designed to attract children who are underage according to data protection laws in their respective jurisdictions. We do not knowingly or intentionally collect personal data from such underage children and do not wish to do so, and we request that anyone underage refrains from providing their personal data to us. If you believe that we might have any such data, please contact us at privacy@yotpo.com. If we are made aware that a person who is underage according to the law applicable to them is using the Services, we will attempt to prohibit and block such use and will make all necessary efforts to delete any personal data stored with us with regard to that child, except where retention is required for legal purposes. For the purposes of the CCPA, Yotpo does not knowingly sell or share the personal information of individuals under the age of 16.
Data Protection Officer: Yotpo has appointed PrivacyTeam Ltd. as our Data Protection Officer, for monitoring and advising on Yotpo’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. If you have any comments or questions regarding our Privacy Policy, if you have any concerns regarding your Privacy or if you wish to make a complaint about how your personal data is processed by Yotpo, you can contact privacy@yotpo.com or dpo@yotpo.com.
EU Representative: SMSBump Ltd., a Yotpo company situated in Bulgaria, has been designated as Yotpo’s representative in the European Union for data protection matters pursuant to Article 27 of the GDPR. SMSBump may be contacted on matters related to the processing of personal data of individuals in the EU. To make such an inquiry, please send an email to privacy@yotpo.com.
UK Representative: Yotpo UK Limited has been designated as Yotpo’s representative in the United Kingdom for data protection matters pursuant to Article 27 of the UK GDPR. Yotpo UK may be contacted only on matters related to the processing of personal data of individuals in the UK. To make such an inquiry, please send an email to privacy@yotpo.com.
Database Controller: For the purposes of Israel’s Protection of Privacy Law, Yotpo Ltd. serves as the “Database Controller” for personal data processed in connection with this Privacy Policy that originates from Israel, and can be contacted at privacy@yotpo.com.
Questions, concerns or complaints: If you have any comments or questions regarding our Privacy Policy, or if you have any concerns regarding your personal data held with us, please contact us at: privacy@yotpo.com.
“Yotpo is a fundamental part of our recommended tech stack.”
Laura Doonin, Commercial Director
Join a free demo, personalized to fit your needs