BoltOn Search (“we,” “us,” or “our”) operates the BoltOn Search platform, including the website at boltonsearch.com, the merchant dashboard, and the embeddable search widget (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and protect information from merchants who use our platform and from customers who interact with the search functionality on merchant stores.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Merchant Information

When you create a BoltOn Search account and connect your store, we collect:

Account information: name, email address, and password.
Store connection credentials: API keys, access tokens, store URLs, and other credentials necessary to sync your product catalog. These are stored securely and used solely to connect to your e-commerce platform.
Product catalog data: product names, descriptions, SKUs, prices, images, categories, custom fields, and other product attributes imported from your store.
Configuration data: search settings, synonym rules, merchandising rules, widget styling preferences, filter configurations, banner settings, and redirect rules.
Billing information: payment details are processed by our third-party payment processor and are not stored on our servers.

1.2 Customer Information

When shoppers use the BoltOn Search widget on a merchant's store, we collect:

Search queries: the terms customers search for, used for analytics and to improve search relevance.
Click data: which products customers click on from search results, used for analytics and popular product rankings.
Recent searches: stored locally in the customer's browser (localStorage) for convenience. This data never leaves the customer's device and is not transmitted to our servers.
Customer group identifier: if the merchant uses variable pricing, we read a cookie set by the merchant's e-commerce platform to determine which price group the customer belongs to (e.g., retail, wholesale). We do not set this cookie — we only read it.

1.3 Information We Do Not Collect

We want to be clear about what we do not collect from customers:

Personal names, email addresses, or contact information of shoppers.
Payment or credit card information of shoppers.
Browsing history outside of search interactions.
Location data or device identifiers.

2. How We Use Information

2.1 Merchant Data

To provide, maintain, and improve the Service.
To sync and index your product catalog for search functionality.
To generate search analytics and reports in your dashboard.
To apply your merchandising rules, synonyms, banners, and redirects.
To communicate with you about your account, updates, and support.

2.2 Customer Data

To deliver relevant search results to shoppers on your store.
To display the correct pricing based on customer group.
To generate aggregate search analytics for merchants (e.g., popular search terms, zero-result queries).
To improve search relevance and the overall quality of the Service.

3. Data Storage and Security

All data is stored on secure, encrypted infrastructure hosted on Google Cloud Platform and Supabase (PostgreSQL).
Store connection credentials (API keys, tokens) are encrypted at rest.
Each merchant's data is isolated through row-level security policies, ensuring no merchant can access another merchant's data.
API communications are encrypted in transit using TLS/HTTPS.
We implement industry-standard security practices including access controls, monitoring, and regular security reviews.

4. Data Sharing

We do not sell, rent, or trade any personal information to third parties. We may share data only in the following circumstances:

Service providers: we use trusted third-party services to operate the platform, including cloud hosting (Google Cloud), database services (Supabase), and AI processing (OpenAI for semantic search embeddings). These providers process data solely on our behalf and are bound by contractual obligations to protect your data.
Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

5. Cookies and Local Storage

BoltOn Search uses minimal browser storage:

Authentication cookies: used to keep merchants logged into the dashboard.
Recent searches (localStorage): the search widget stores the last 5 search terms in the shopper's browser for quick access. This data is stored entirely on the customer's device, is not transmitted to our servers, and can be cleared by the customer at any time through their browser settings.
Customer group cookie (read-only): the widget reads a cookie set by the merchant's e-commerce platform to determine pricing groups. BoltOn Search does not create, modify, or track this cookie.

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies on merchant stores.

6. Data Retention

Merchant data: retained for the duration of your active account. Upon account cancellation, your product catalog, search configuration, and analytics data will be deleted within 30 days.
Search query logs: retained for up to 12 months to provide analytics and improve search quality, then automatically purged.
Customer data: search queries and click data are stored in aggregate form associated with the merchant's account. No individually identifiable customer data is retained.

7. Your Rights

7.1 Merchant Rights

As a merchant, you have the right to:

Access and export your data at any time through the dashboard.
Update or correct your account information.
Delete your product catalog using the Delete Database feature.
Cancel your account and request deletion of all associated data.
Request a copy of all data we hold about your account.

7.2 Customer Rights

As a shopper using search on a merchant's store, you have the right to:

Clear your recent search history by clearing your browser's localStorage.
Contact us to request information about what search data, if any, is associated with your activity.

7.3 GDPR and CCPA

If you are located in the European Economic Area (EEA) or California, you may have additional rights under the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to access, correct, delete, or port your personal data, and the right to opt out of data sales (we do not sell data). To exercise these rights, please contact us using the information below.

8. Third-Party Services

The Service integrates with the following third-party platforms as part of normal operation:

ShopSite, Shopify, BigCommerce: to import product catalogs via their respective APIs.
OpenAI: to generate semantic search embeddings for improved search relevance. Product text (names, descriptions) is sent to OpenAI's API for embedding generation. OpenAI does not use this data to train their models.
Google Cloud Platform: for hosting, computing, and infrastructure services.
Supabase: for database hosting and authentication services.

Each of these providers has their own privacy policy. We encourage you to review them for details on how they handle data.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify merchants of material changes via email or a prominent notice on the dashboard. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]
Website: boltonsearch.com

Privacy Policy