Skip to content
English
  • There are no suggestions because the search field is empty.

Prism Search & Merchandising - Privacy Policy

Privacy Policy — NetSource Prism Search & Merchandising

Last updated: June 19, 2026 Effective date: June 19, 2026

This Privacy Policy describes how NetSource Inc. ("NetSource", "we", "us", or "our") collects, uses, stores, shares, and protects personal information in connection with the NetSource Prism Search & Merchandising application (the "App") installed on Shopify stores from the Shopify App Store.

This policy is written to comply with the Shopify Partner Program requirements, the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA / CPRA), and Canada's PIPEDA.

If you are a merchant who has installed the App, this policy explains what we do with your store's data. If you are a customer of a Shopify store that uses the App, this policy explains what data the App processes on the merchant's behalf when you search, browse, and buy on that store.

 

1. Who we are

Data controller / business operator: NetSource Inc.

Support email: appsupport@netsourceinc.com

Website: https://www.netsourceinc.com

For data we process on behalf of a merchant (such as that merchant's customers' search and interaction data), the merchant is the data controller and NetSource is a data processor. For data we collect directly from merchants (account, billing, support), NetSource is the data controller.

 

2. Data we collect

2.1 Merchant data (the Shopify store that installs the App)

When a merchant installs the App, Shopify provides us with:

    • The store's myshopify.com domain, store name, primary email, country, time zone, currency, and plan
    • The store owner's name and email address
    • An OAuth access token that authorizes the App to call the Shopify Admin API on the merchant's behalf

We also collect:

    • Subscription and billing state — current plan tier (Starter / Growth / Pro / Enterprise), billing interval, trial status, development-store trial state, and Shopify subscription IDs. All charges are processed by Shopify Billing; we do not see or store payment-card information.
    • Configuration data created in the App — search and relevance settings, facet (filter) configurations, synonyms, merchandising rules (boost, bury, pin, hide, redirect, banner), collection and home-page merchandising views, complementary-product sets, A/B test definitions, and SEO landing-page content.
    • Setup service data (only if the merchant purchases the optional one-time "white-glove setup service") — the Shopify collaborator request code the merchant submits on the form, the contact email and freeform notes the merchant provides, and the Shopify one-time charge ID. The collaborator code is transmitted to our operations email inbox and is never displayed in log output.
    • Operational telemetry — non-PII metrics such as record counts, feature adoption rates, index size, AI token usage and cost, and aggregated revenue data, which are pulled into an internal NetSource portfolio dashboard. This dashboard contains aggregated business metrics; it does not contain individual customer PII.
    • Application error logs — when the App encounters an error, we may log the error message, stack trace, route or component name, shop domain, and structured metadata (such as a product or search-event ID involved). Error logs are retained for diagnostic purposes only and are pruned regularly.

2.2 Customer data (the merchant's storefront shoppers)

When a shopper interacts with search and discovery on a merchant's storefront, the App processes:

    • Search and interaction events — the search terms entered, normalized query text, number of results returned, filters (facets) applied, which products were clicked and at what position, add-to-cart events, zero-result searches, and which storefront surface the interaction came from (results, autocomplete, recommendations, collection, or merchandised grid)
    • Conversion and attribution data — when a search-influenced order is placed, the Shopify order ID, order value, and the products involved, used to attribute revenue to search and merchandising
    • Pseudonymous identifiers — an anonymous session identifier the App assigns, and the shopper's Shopify customer ID when they are logged in, used to power personalized ranking and to connect a search session to a resulting order
    • Device type — whether the interaction came from desktop, mobile, or tablet

The App reads Shopify customer and order records via the Shopify Admin API only as needed for personalization and attribution. We do not store shopper names, email addresses, phone numbers, postal addresses, or IP addresses in our search and analytics records, which are keyed on pseudonymous identifiers (session identifier and Shopify customer ID).

2.3 Product and catalog data sent to AI services

To power semantic search and AI features, the App sends product and catalog text (such as product titles, descriptions, vendors, types, tags, and option data) to OpenAI to generate text embeddings, extract structured attributes from descriptions, suggest synonyms, and interpret natural-language queries. We do not send shopper personal information to OpenAI. Data submitted to OpenAI's API is not used by OpenAI to train its models, under OpenAI's API data-usage policy.

2.4 Data we do not collect

We do not collect, store, or transmit:

    • Payment-card numbers, CVVs, bank account details, or any other financial-instrument data — all payments flow through Shopify Billing
    • Shopper names, email addresses, phone numbers, postal addresses, or IP addresses in our search and analytics records
    • Social security numbers, government identification numbers, or biometric data
    • Health, religious, political, or other categories of "sensitive" personal information as defined by GDPR Article 9
    • Data from minors known to be under 13 (the App is not directed at children)
 

3. How we collect data

    • From Shopify — when the merchant installs the App and grants OAuth permissions, and on an ongoing basis through Shopify webhooks, the Shopify Web Pixel, and Admin API queries
    • From the merchant — when they configure search settings, facets, synonyms, merchandising rules, SEO pages, or purchase the optional setup service
    • From the merchant's shoppers — when they search, filter, click results, add to cart, or complete a purchase on the merchant's storefront. Storefront search requests are served through a Shopify app proxy that routes to our hosted backend.
    • From Shopify Billing — confirmation of approved subscriptions and one-time charges
    • From Amazon Simple Email Service (SES) — delivery and engagement events for the transactional emails the App sends (when SES is configured)

4. How we use data

We use merchant and shopper data only to:

    • Operate the App's core features — index the merchant's catalog, serve search results and instant autocomplete, build and apply filters, rank results, apply merchandising rules, and generate complementary-product recommendations.
    • Provide analytics and revenue attribution — measure search volume, conversion rate, and zero-result rate; identify queries that need attention; and attribute order revenue to the searches, surfaces, and merchandising rules that influenced them.
    • Power AI features — generate text embeddings for semantic search, mine product descriptions for attributes, suggest synonyms, and decompose natural-language queries, by sending product and catalog text (not shopper PII) to OpenAI.
    • Personalize ranking — adjust result ranking for a session or logged-in customer based on their prior search and interaction events.
    • Run A/B tests — when the merchant enables them, assign sessions to test variants and measure conversion to determine a winning configuration.
    • Generate SEO features — create indexable landing pages and XML sitemaps, and notify search engines of new URLs via IndexNow. Only page URLs (not personal data) are sent to search engines.
    • Process Shopify subscription billing — recurring plan charges and the optional one-time setup-service charge are created and confirmed through Shopify Billing using the access token granted at install.
    • Provide support — when a merchant emails us, we may review their App settings, analytics, or error logs to diagnose the issue.
    • Fulfill the optional setup service — when a merchant submits a Shopify collaborator request code, we use it once to accept the collaborator invitation, perform the agreed setup work, and then revoke or allow the collaborator access to expire.
    • Maintain operational quality — aggregate metrics (record counts, feature adoption, AI token usage, error rates) are pulled into an internal NetSource dashboard so we can monitor App health and prioritize improvements.
    • Comply with legal obligations — including responding to GDPR / CCPA data-subject requests, tax reporting, and lawful requests from regulators.

We do not sell personal information. We do not share personal information with third parties for advertising or profiling. We do not use shopper data to train machine-learning models, and product data sent to OpenAI is not used by OpenAI to train its models.

 

5. Legal basis for processing (GDPR / UK GDPR)

Purpose

Legal basis

Operating the App for the merchant

Contract (Art. 6(1)(b)) — between the merchant and NetSource

Processing shopper search and interaction data on the merchant's behalf

The merchant's legal basis under their own privacy policy; NetSource acts as a processor under Art. 28

Personalized ranking and analytics

The merchant's legal basis (consent or legitimate interest); the merchant is responsible for obtaining consent under applicable law

Billing and fraud prevention

Legal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f))

Aggregated portfolio analytics

Legitimate interest (Art. 6(1)(f)) — App quality and improvement; data is aggregated and contains no individual PII

Responding to data-subject requests

Legal obligation (Art. 6(1)(c))


 

6. Third parties we share data with (sub-processors)

We share data only with the following sub-processors, each of which provides infrastructure necessary to operate the App:

Sub-processor

Purpose

Location

Shopify Inc.

Source of merchant, catalog, customer, and order data; OAuth, webhooks, Admin API, Billing API

Canada / US / EU

Gadget.dev (Gadget Inc.)

Application hosting, database, scheduled actions, fallback email transport

United States (AWS)

OpenAI, L.L.C.

Text embeddings for semantic search, description attribute extraction, synonym suggestions, and natural-language query understanding. Receives product and catalog text only; no shopper PII. Does not use API data to train its models.

United States

Amazon Web Services (AWS) — Simple Email Service (SES)

Sending transactional emails (such as setup-service notifications), when configured

United States

We do not share personal data with advertising networks, analytics providers, data brokers, or any other third party not listed above. We do not transfer personal data to any country that does not provide an adequate level of protection without appropriate safeguards (e.g., Standard Contractual Clauses).

7. Data retention

    • Active merchant data is retained for as long as the App is installed on the merchant's store.
    • Search and interaction events (raw search, click, and conversion records) are retained for a configurable period, with a default of 90 days. Aggregated, daily analytics derived from these events are retained for longer-term trend reporting.
    • Product index and configuration data are retained for the lifetime of the merchant's installation.
    • Application error logs are retained for up to 90 days.
    • Internal portfolio-dashboard snapshots (aggregated, non-PII) are retained for up to 36 months for trend analysis.
    • Setup-service collaborator request codes are deleted from our systems as soon as the setup work is complete, and in no case retained more than 30 days after submission.

7.1 When the merchant uninstalls the App

When the merchant uninstalls the App:

    • The merchant's OAuth access token is revoked immediately by Shopify
    • Active Shopify subscriptions are cancelled
    • In-flight setup-service requests are cancelled
    • Within 48 hours, Shopify sends us the shop/redact webhook; on receipt we delete the store's configuration, search index, search and analytics events, merchandising rules, synonyms, SEO pages, and all other store-specific records. This delay window is mandated by Shopify and gives merchants who reinstall within 48 hours an opportunity to recover their data.

7.2 Customer-initiated deletion

When a merchant invokes "Erase customer data" in their Shopify admin, Shopify sends us the customers/redact webhook. On receipt we delete or de-identify the search and interaction events associated with that customer's Shopify customer ID.

When a merchant invokes "Request customer data" in their Shopify admin, Shopify sends us the customers/data_request webhook. We compile the search and interaction events associated with that customer's Shopify customer ID and make them available to the merchant for delivery to the customer, within 30 days as required by GDPR.

8. Security

We protect personal information using the following safeguards:

    • Encryption in transit — all data is transmitted over TLS 1.2 or higher between Shopify, the merchant, the shopper's browser, our hosted backend, and our sub-processors
    • Encryption at rest — the App's database (hosted on Gadget.dev) is encrypted at rest using AES-256
    • Access control — OAuth tokens, API keys, and AWS credentials are stored as environment variables in the hosting platform and are never committed to source control. Production credentials are accessible only to authorized NetSource staff.
    • Tenancy isolation — every database query is scoped to a single merchant's shop ID; we have audited the codebase to prevent cross-store data access
    • Webhook signature verification — all incoming Shopify webhooks have their HMAC signatures verified before processing
    • Least privilege — the App requests only the Shopify access scopes it actually needs (see Section 13)
    • Monitoring — error logs are reviewed regularly; security-relevant errors trigger ops alerts
    • Incident response — in the event of a confirmed data breach affecting personal data, we will notify affected merchants without undue delay and, where required, the appropriate supervisory authority within 72 hours of becoming aware

No system is perfectly secure; we cannot guarantee absolute security but we work continuously to maintain industry-standard protections.

 

9. Your rights (data subjects)

Depending on where you live, you may have the right to:

    • Access the personal data we hold about you
    • Rectify inaccurate or incomplete personal data
    • Erase your personal data ("right to be forgotten")
    • Restrict or object to processing
    • Data portability — receive your data in a structured, machine-readable format
    • Withdraw consent at any time, where processing is based on consent
    • Lodge a complaint with a data protection authority (e.g., your local EU supervisory authority, the UK ICO, or the California Attorney General)
    • Opt out of any "sale" or "sharing" of personal information (CCPA / CPRA) — note that NetSource does not sell or share personal information as defined by these laws

9.1 How to exercise these rights

    • Shoppers of a Shopify store using the App — first contact the merchant directly. The merchant is the data controller and can fulfill most requests through their Shopify admin (which will trigger our GDPR webhooks). If the merchant is unresponsive, you may contact us at appsupport@netsourceinc.com and we will assist within 30 days.
    • Merchants — contact us directly at appsupport@netsourceinc.com.

We will not charge a fee for reasonable requests. We may require proof of identity for sensitive requests. We will respond within 30 days, or up to 60 days for complex requests (with notice).

 

10. International transfers

Our infrastructure is located in the United States (Gadget.dev / AWS / OpenAI). If you are located outside the United States — for example, in the European Economic Area, the United Kingdom, or Canada — your personal data will be transferred to and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on:

    • The European Commission's Standard Contractual Clauses (SCCs) with our sub-processors
    • The UK International Data Transfer Addendum where applicable
    • Additional technical safeguards (encryption, access control) where required by the Schrems II decision

Shopify, Gadget, OpenAI, and AWS each maintain their own GDPR-compliant cross-border-transfer mechanisms.

 

11. Children's privacy

The App is a B2B tool offered to Shopify merchants. It is not directed at children, and we do not knowingly collect personal information from anyone under the age of 13 (or 16 in jurisdictions where that is the applicable threshold). If you become aware that a child has provided us with personal information, please contact us and we will delete it.

 

12. Emails we send

The App sends a small number of transactional emails only — for example, notifications and confirmations related to the optional white-glove setup service. These are sent via Amazon SES (when configured) or Gadget's built-in email transport, and relate directly to a service the merchant has requested.

The App does not run a marketing-email or storefront-reminder program and does not email the merchant's shoppers. Because the emails we send are transactional and tied to a requested service, they are not subject to marketing unsubscribe. Email delivery and engagement tracking, where present, is limited to operational metrics and is not linked to any third-party advertising platform.

 

13. Shopify access scopes we use

The App requests the following Shopify Admin API scopes. Each scope is requested only because it is required for a specific App feature.

Scope

Why we need it

read_products / write_products

Read catalog data (titles, descriptions, vendors, types, tags, variants, prices, metafields) to build and maintain the search index; write product metafields used by collection/home merchandising views and feature flags

read_inventory

Reflect stock availability in ranking and out-of-stock handling

read_locations

Resolve inventory locations for multi-location merchants

read_orders

Attribute order revenue to search and merchandising, and analyze co-purchases to build complementary-product recommendations

read_content

Read the store's published pages and blog articles so the storefront search can return them as informational results, matching what native Shopify search includes. This is store content, not shopper personal data. 

 read_legal_policies 

Read the store's published policies (such as shipping, returns,      privacy, terms, and contact information) so the storefront search  can return them as informational results, matching what native    Shopify search includes. This is store content, not shopper personal data

read_themes

Detect whether the merchant's theme supports the App's blocks and embeds, and detect theme changes so storefront placements stay installed

read_files / write_files

Store and serve image assets used by the App (such as merchandising banner images and store images)

 

14. Cookies and storefront tracking

The App's admin interface runs as an embedded application inside the Shopify admin and uses only the cookies required for the App's session to work; we do not place advertising or third-party tracking cookies.

On the merchant's storefront, the App uses a Shopify Web Pixel and an app-embed script to record search queries, filter usage, clicks, and conversions for search analytics and revenue attribution. To do this, the App stores an anonymous session identifier and a short list of recently viewed products in the shopper's browser (using local storage), and stamps a session marker on the shopper's cart so that a resulting purchase can be attributed to search. This data is keyed on pseudonymous identifiers and is not linked to any third-party advertising platform.

 

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, legal requirements, or sub-processors. When we make a material change, we will update the "Last updated" date at the top of this policy and, where required by law, notify merchants by email or via an in-app banner.

The current version is always available at the URL where you accessed this policy.

 

16. Contact us

If you have questions about this Privacy Policy, our data practices, or wish to exercise a data-subject right:

NetSource Inc.

Email: appsupport@netsourceinc.com

Website: https://www.netsourceinc.com

For data-protection-specific inquiries (GDPR / UK GDPR Article 13–22 requests, CCPA / CPRA verifiable consumer requests), please use the same email and include "Privacy Request" in the subject line so we can route it appropriately.

 

 End of Privacy Policy. 

 

NetSource Commerce, Inc. | Headquarters - 3700 South Pine Avenue, Ocala, FL 34471 | Tel (800) 709-3240 | Fax (352) 401-0353