Privacy Policy — Search Bar Pro
Search Bar Pro

Privacy Policy

Last Updated: March 31, 2026

Introduction

Welcome to the Privacy Policy for Search Bar Pro. Search Bar Pro is a Shopify application operated by Massive Monkey Ltd. that adds a smart, hovering search bar to Shopify stores.

This Privacy Policy explains how we collect, use, and safeguard information when merchants install and use the Search Bar Pro app (the "App") or visit our website (the "Website"). We are committed to protecting the privacy of both merchants and their customers.

We are based on the Isle of Man and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Isle of Man Data Protection Act 2018, and applicable US state privacy laws. As a Shopify app, we also comply with Shopify's Partner Program Agreement, API License and Terms of Use, and all mandatory privacy and data protection requirements for apps listed on the Shopify App Store.

Information We Collect

Data Collected via Shopify APIs

When a merchant installs Search Bar Pro, we access certain information through Shopify's APIs, including:

  • Store information: Shop name, domain, and Shopify plan details, used to configure and operate the App.
  • Product data: Product titles, descriptions, images, prices, and availability, used to power the search functionality within the merchant's store.
  • Theme information: Theme details required to ensure the search bar integrates correctly with the merchant's storefront.

Data Collected Directly from Merchants

We may collect the following information directly from merchants:

  • Email address: Used for account management, support, and service-related communications.
  • App configuration preferences: Customisation settings such as search bar colour, position, and behaviour.

Data Collected from Merchants' Customers

Search Bar Pro operates entirely within the merchant's storefront. We may collect limited data from end customers who interact with the search bar:

  • Search queries: The terms entered into the search bar, used to provide search results and may be used in aggregate to improve search relevance.
  • Basic browsing data: IP address, browser type, and device information, collected automatically through standard web server logs.

We do not collect payment information, personal identification details, or any other sensitive data from merchants' customers.

Cookies & Tracking Technologies

Search Bar Pro uses minimal cookies and tracking technologies:

  • Essential cookies: Required for the operation of the search bar widget, such as storing user preferences (e.g., whether the search bar has been dismissed).
  • Analytical data: We may collect anonymous, aggregated usage data to understand how the search feature is used and to improve our service. This data cannot be used to identify individual users.

We do not use cookies or tracking technologies for advertising, remarketing, or cross-site tracking purposes.

How We Use Your Information

We use the information we collect solely for the following purposes:

  • To provide, operate, and maintain the Search Bar Pro app and its search functionality.
  • To configure and customise the search bar according to the merchant's preferences.
  • To index and serve product search results within the merchant's store.
  • To provide customer support and respond to merchant enquiries.
  • To improve the App's performance, accuracy, and user experience.
  • To monitor usage and detect, prevent, and address technical issues.
  • To comply with legal obligations and Shopify's requirements.

We do not use collected data for purposes unrelated to providing the App's services. We do not sell, rent, or trade personal information.

Information Sharing & Third Parties

We do not sell your personal information. We may share information only in the following limited circumstances:

  • Service providers: With trusted third-party providers who perform services on our behalf, such as hosting, analytics, and email delivery. These providers are contractually obligated to protect your data and may only use it to perform services for us.
  • Legal requirements: To comply with applicable law, regulation, legal process, or governmental request.
  • Protection of rights: To protect and defend our rights, property, or safety, or that of our users or the public.
  • Shopify: As required by Shopify's Partner Program Agreement and API Terms of Use.

Data Retention

We retain merchant data for the duration of the App's installation on their Shopify store. If a merchant uninstalls the App, we will delete their store data and configuration within 30 days of uninstallation.

Aggregated, anonymised search analytics data may be retained for longer periods to improve the service, but this data cannot be used to identify any individual merchant or customer.

If you are legally required to retain certain data (e.g., for tax or regulatory purposes), we may retain that data for the legally mandated period.

Data Transfers & International Processing

Search Bar Pro is operated by Massive Monkey Ltd., based on the Isle of Man. Your data may be processed and stored on servers located outside of your country of residence, including in the European Economic Area (EEA) and the United States.

Where we transfer personal data outside of the EEA, we ensure appropriate safeguards are in place in accordance with GDPR requirements, such as standard contractual clauses or equivalent mechanisms.

Data Security

The security of your data is important to us. We implement commercially reasonable technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-128 or higher).
  • Secure storage of Shopify API tokens and secrets using dedicated secrets management.
  • Regular security reviews and updates.

However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Shopify Compliance

As a Shopify app listed on the Shopify App Store, Search Bar Pro complies with all mandatory requirements set out by Shopify, including:

  • Mandatory compliance webhooks: We implement and respond to all required Shopify compliance webhooks, including customers/data_request, customers/redact, and shop/redact.
  • Data subject requests: We process all data subject requests received through Shopify's compliance webhooks within 30 days.
  • Shopify API Terms: We access merchant and customer data solely through authorised Shopify APIs and use it only for the purposes disclosed in this policy.
  • Partner Program Agreement: We comply with the Shopify Partner Program Agreement, including the February 2026 updates regarding data protection and merchant data usage.

Your Data Protection Rights

Under applicable data protection laws, you may have the following rights:

  • Right of access: You have the right to request copies of your personal data.
  • Right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to data portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us using the details below.

US State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or any other US state with applicable privacy legislation, you may have additional rights, including:

  • The right to know what personal information we collect and how it is used.
  • The right to opt out of the sale or sharing of personal information. We do not sell or share personal information for targeted advertising.
  • The right to request deletion of your personal information.
  • The right to non-discrimination for exercising your privacy rights.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify affected merchants of any material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date at the top.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to submit a data subject request, please contact us:

Massive Monkey Ltd.
Flat 4, 54 Derby Square
Douglas
Isle of Man
IM1 3LP

Email: [email protected]