Before we dive into the nuts and bolts of how we protect your data, let’s take a step back: What is GDPR, really?

The General Data Protection Regulation (GDPR) is Europe's way of saying, "Your data, your rules." It’s a regulation that applies to any company — anywhere in the world — that processes the personal data of EU citizens. Whether you’re a local bakery in Paris or a SaaS company in New York, if you're handling EU customer data, GDPR is the law of the land.

At its core, GDPR is built on a few powerful principles:

• Transparency — Say what you do, and do what you say (in plain language, not legal riddles).
• Consent — Ask nicely before you track, store, or use someone’s personal information.
• Data Minimization — Collect only what you truly need, not what you might possibly want someday.
• Security and Accountability — Protect that data like it’s your own — because in many ways, it is.

In the fast-paced world of eCommerce and SaaS, GDPR isn’t just a regulation to comply with — it’s a trust signal. Customers are no longer handing over their information lightly, and businesses that respect that reality are the ones who stand out. For companies like Searchanise, where handling data is part of creating a seamless shopping experience, GDPR is essential — not just for avoiding fines, but for earning real customer loyalty.

Searchanise takes this responsibility seriously. Protecting your data isn’t a one-time project or a checkbox we tick — it’s an ongoing commitment woven into how we work, build, and think.

Anyone can claim they take data protection seriously, but at Searchanise, we believe actions speak louder than marketing slogans.

That’s why we didn’t just trust our own judgment. We invited independent auditors — the kind who live and breathe compliance checklists — to assess our systems, processes, and security measures from every angle. No shortcuts. No blind spots.

The result? All potential risks were identified, addressed, and eliminated. We didn’t just patch holes — we built a stronger ship. Today, we’re proud to say that Searchanise is fully GDPR-compliant, and we continue to strengthen our practices to stay ahead of evolving standards. Because protecting your trust is every bit as important as perfecting your store’s search experience.

Privacy isn’t just about what happens behind the scenes — it’s also about giving you a clear window into how your data is handled. At Searchanise, everything is kept out in the open (minus the confusing legal jargon).

That's why we’ve updated and published all the key documents you might need, right on our website:

• Privacy Policy — A straightforward overview of what data we collect, how we use it, and your rights as a user.
• Cookie Policy — What we track, why we track it, and how you can control it.
• Terms of Service — The fine print of using Searchanise, written to be as painless as possible.
• Data Processing Agreement (DPA) — How we handle data on your behalf, with full transparency.
• Standard Contractual Clauses (SCC) — For international data transfers, ticking all the necessary GDPR boxes.

Good intentions are great, but when it comes to data protection, good systems are even better. We don’t just hope for the best. We plan for it, train for it, and secure it from every angle.

Here’s how we keep your data safe, day in and day out:

• A dedicated GDPR contact email — gdpr@searchanise.io — where real people are ready to help with privacy inquiries (no bots, no endless loops).
• A Data Protection Officer (DPO) and an Information Security Officer (ISO) who make sure we walk the talk when it comes to compliance and cybersecurity.
• Multi-Factor Authentication (MFA) across all internal services, because “password123” just doesn’t cut it in 2025.
• Regular employee training on GDPR principles, safe data handling, and internal security policies — because protecting data starts with people, not just policies.
• Secure infrastructure that stores all customer data on trusted, protected servers, ensuring that security isn’t just skin-deep, but built right into the foundations.

We believe that consent isn’t a technicality, it’s a conversation. And like any good conversation, it should start before anything important happens.
That’s why, before users even begin using our app, we:

• Ask for explicit consent when installing the app — clearly and not buried in the fine print — for things like marketing emails.
• Make consent flexible, not final. Users can easily change their consents and email preferences anytime they like through the Settings page — no drama, no begging, no "Are you sure you want to leave?" pop-ups.

When it comes to personal data, our philosophy is simple: take only what’s necessary, keep it only as long as it’s needed, and then let it go.

Here’s how we put that into practice:

• No IP addresses are stored in our databases or in the third-party services we use (like Google Analytics and Amplitude). Because collecting extra data "just in case" isn’t our style.
• Automatic deletion kicks in 15 months after you uninstall the app. No forgotten files, no digital clutter. Just clean exits.
• Payment-related data may stick around a bit longer — but only for practical reasons like refunds or compliance with accounting rules.

In short: we don’t hoard. We protect your data while it matters and respectfully part ways when it doesn’t, because real respect for privacy means knowing when it’s time to say goodbye.

Let’s clear up one of the biggest questions: we do not collect or store your store customers’ personal data.

• We have no access to your customers' personal information, and nothing about them is stored in our systems.
• We do gather search analytics data — which simply records what users type into the search bar. This info is completely anonymous, not linked to any individual, and used only to help you optimize your store’s performance.
• Similarly, order-related data is tracked anonymously, again just to fuel your analytics and boost decision-making — not to build creepy profiles.

And just to reiterate: we do not store IP addresses — not for merchants, and not for their customers.

For our Shopify clients, we go the extra mile to make sure privacy is built right into the experience. If you’re using a cookie banner integrated with Shopify’s Customer Privacy API, good news:

• Cookies and local storage will respect your visitors’ choices — automatically adjusting based on the preferences they set.
• Compliance is maintained seamlessly across all touchpoints, without any awkward gaps or manual workarounds.

At Searchanise, GDPR compliance is an ongoing commitment that’s woven into the very fabric of how we operate. From our proactive approach to data protection to our transparent and clear communication, we’re dedicated to safeguarding your data at every step. This isn’t just about following regulations, it’s about building trust and ensuring that privacy remains a top priority in everything we do.

When your store uses a GDPR-compliant solution like Searchanise, your customers get the clarity, consent, and control they expect from modern online shopping. That means more confidence, stronger loyalty, and ultimately, a better experience for everyone involved.

If you have any questions about how we handle your data, feel free to contact us at gdpr@searchanise.io. We're always here to help. And if you ever want certain data deleted, just let us know — we’ll do our best to accommodate your request, as long as it doesn’t conflict with our contractual obligations.