NP Search — Privacy Policy

Effective date: 19 April 2026 · Last updated: 14 July 2026

This Privacy Policy describes how Neuroplugin collects, uses, and discloses information when merchants and their end shoppers use the NP Search app on Shopify. Questions: info@neuroplugin.com.

1. Information we collect

From the merchant

Shopify grants us two read-only catalog scopes, read_products and read_inventory, plus write_app_proxy for the signed /apps/npsearch storefront route. Shopify also requires write_pixels and read_customer_events to connect the consent-aware Web Pixel used for completed-purchase attribution. NP Search does not request protected customer scopes, so customer email, phone and address fields are unavailable. We read product catalog data (title, description, vendor, tags, SKU, price, stock, images, variant options, collections) and shop configuration (domain, currency, timezone, language). We never modify your catalog, inventory or publications, and never collect payment details or admin user emails.

From end shoppers

When a shopper uses search or the optional pre-query product shelf: query text when a query exists; product clicks; successful direct add-to-cart metadata; the interaction surface used (results, predictive suggestions, zero-result recovery, or pre-query discovery); price, availability or merchant-defined product-option filter refinements and their resulting product count; response latency; and random shop-local search/session identifiers. Discovery-shelf events contain no search query and do not create a search record. For a Shopify-consented completed checkout, the pixel sends only a matching attributed line's product/variant ID, quantity, discounted merchandise value, currency, non-customer order ID, attribution type and interaction surface. It never sends unrelated order lines, customer identity, contact/address details or payment data. These identifiers are not Shopify customer IDs. Events are logged per shop, not per person.

The browser keeps at most 24 anonymous product-interaction touchpoints for seven days in that shop's local storage. A direct NP Search add also carries private _nps_* line-item properties so the matching purchase can be attributed precisely. These values contain only random search/session IDs, query text when one exists, and the non-personal interaction-surface label; they are not used across shops or for advertising.

The consent-aware Web Pixel sends its allowlisted purchase-attribution payload directly to our EU-hosted NP Search endpoint so it also works when a storefront is password-protected or otherwise access-gated. A shop-isolated HMAC authentication token generated from our app secret is sent inside the non-persisted request body, not in the URL. The token identifies the installed shop, not a shopper, and carries no customer or order information. Invalid or modified tokens and non-allowlisted payloads are rejected.

Repeated successful query phrases may appear in that same shop's storefront “Trending” panel. A phrase is eligible only after at least three occurrences; queries shaped like email addresses, URLs, phone numbers, or order identifiers are suppressed. The optional discovery shelf ranks published, in-stock products from aggregate purchases, adds, and opens in that shop. Neither surface includes shopper identity, and data is never mixed across shops.

Machine learning inputs

Queries, clicks, and product metadata train a per-shop learning-to-rank model. No cross-shop data mixing.

Anonymous usage metering

For plan allowances and usage billing, we store a random shop-local search-intent identifier, the installed plan at the time of the event, event time, whether the event is billable, and delivery/retry status for Shopify billing. This ledger does not contain the query, a Shopify customer ID, shopper identity, contact details, payment data, or device fingerprint. It remains active when optional search analytics are disabled so we can apply the Free allowance, prevent duplicate charges, and report paid usage accurately.

2. How we use information

We do not use this data for advertising, resale, or cross-shop profiling.

3. How we share information

Only with: Shopify (platform), our EU-based hosting infrastructure, legal authorities when required, or an acquirer in the event of a business transfer. We do not sell personal data. We do not use third-party analytics (no Google Analytics, no Meta pixel, no Segment).

4. Data retention

5. Your rights

Access, correction, deletion, restriction, portability, and objection rights as per GDPR / UK GDPR / CCPA. Email info@neuroplugin.com. We respond within 30 days. Uninstalling triggers full data deletion within 48 hours.

6. Security

Data at rest: LUKS disk encryption. In transit: TLS 1.3. Access tokens: encrypted in DB, rotated per re-auth. Production access: two staff with MFA + SSH keys, least-privilege app-level DB credentials. Breach notifications within 72 hours.

7. Children

NP Search is a merchant tool. Not directed at children under 16; we don't knowingly collect their data.

8. Changes

Material changes will be emailed to merchants at least 30 days before taking effect.

9. Contact

Data controller: YCY CONSULTING AND INVESTMENT SL (NIF B22450688), a Sociedad Limitada registered in Spain, trading as Neuroplugin
Email: info@neuroplugin.com
Postal: Calle Mester de Clerecía 34, 28978 Cubas de la Sagra (Madrid), Spain

For Shopify-platform privacy questions: privacy@shopify.com.