UK FREEPHONE 0800 634 8800 or Intl. +44 1621 859141
Cart 0

Privacy Policy

1. Introduction

Welcome to Shopify!

This Privacy Policy was written to help you better understand how we collect, use and store your information. Since technology and privacy laws are always changing, we may occasionally update this policy. If a significant change is made, we will be sure to post a notice in your account admin. If you continue to use Shopify after these changes are posted, you agree to the revised policy.

By signing up for any of the products or services offered by Shopify (together, the “Services”), or dealing with a merchant using Shopify’s Services, you are agreeing to the terms of this Privacy Policy and, as applicable, the Shopify Terms of Service. This Privacy Policy is a legally binding agreement between you (and your client, employer or another entity if you are acting on their behalf) as the user of the Services (referred to in this Privacy Policy as “you” or “your”) and Shopify Inc. and its affiliates, including Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., and Shopify (USA) Inc. (referred to in this Privacy Policy as “we”, “our”, “us” or “Shopify”). If we add any new features or tools to our Services, they will also be subject to this policy.

When we use the term “Personal Information” in this policy, it means any information related to an identifiable individual, but does not include the name, title, business address, or telephone number of an employee of an organization.

We will keep your Personal Information accurate, complete and up-to-date with the information that you provide to us. If you request access to your Personal Information, we will inform you of the existence, use and disclosure of your Personal Information as allowed by law, and provide you access to that information. We will always ask for your consent before using your Personal Information for a purpose other than those described in this Privacy Policy.

This Privacy Policy may be available in languages other than English. To the extent of any inconsistencies or conflicts between this English Privacy Policy and our Privacy Policy available in another language, the most current English version of the Privacy Policy at https://www.shopify.com/legal/privacy will prevail.

2. Information from merchants

Privacy matters! If you are a merchant, you agree to post a privacy policy on your storefront that complies with the laws applicable to your business. You also agree to obtain consent from your customers for the use and access of their Personal Information by Shopify and other third parties. In addition, if you are collecting any sensitive Personal Information from your customers (including information relating to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexuality), you agree to obtain affirmative, express consent from your customers for the use and access of sensitive Personal Information by Shopify and other third parties. To help you get started on creating your own privacy policy, check out our policy generator.

What information do we collect from merchants and why?

  • We collect your name, company name, address, email address, phone number(s) and credit card details.
    • We need this information to provide you with our Services; for example, to confirm your identity, contact you, and invoice you.
  • We collect data about the Shopify-hosted webpages that you visit. We also collect data about how and when you access your account, including information about the device and browser you use, your network connection and your IP address.
    • We need this information to give you access to and improve our Services.
  • Upon completing the sign-up process for the Services, and depending on your location, we may create a Shopify Payments account on your behalf. If you activate a Shopify Payments account (applicable only to Canada, US, UK, and Australia merchants), we collect your business address, business type, business ID number, date of birth (if you are an individual business owner), bank account information and government-issued identification information, such as your Social Security Number or your Social Insurance Number or, alternatively, if you are Canadian merchant and elect not to provide your Social Insurance Number, a copy of your government-issued identification.
    • We need this information to create a Shopify Payments account for you, to provide you with Shopify Payments services, including fraud and risk monitoring, and to comply with applicable legal and regulatory requirements.
  • We collect Personal Information about your customers that you share with us or that customers provide while shopping or during checkout.
    • We use this information to provide you with our Services and so that you can process orders and better serve your customers.
  • We will also use Personal Information in other cases where you have given us your express permission.

When do we collect this information?

  • We collect Personal Information when you sign up for our Services, when you access our Services or otherwise provide us with the information.

3. Information from our merchants’ customers

What information do we collect and why?

  • We collect our merchants’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address and device data.
    • We need this information to provide merchants with our Services, including supporting and processing orders, authentication, and processing payments. We also use this information to improve our Services.

When do we collect this information?

  • Information is collected when a merchant’s customer uses or accesses our Services, such as when a customer visits a merchant’s site, places an order or signs up for an account on a merchant’s site.

4. Information from Partners

Partners are individuals or businesses that have agreed to the terms of the Shopify Partner Program to work with Shopify to promote the Services by (a) referring clients to Shopify; (b) developing Shopify store themes for merchant use; or (c) developing apps using the Shopify Application Interface (API) for merchant use.

What information do we collect from Partners and why?

  • We collect your name, company name, website, twitter or other social media handles, phone number(s), address, business type, email address, PayPal Account, and GST/HST number.
    • We use this information to work with you, confirm your identity, contact you, and pay you.
  • We collect data about the Shopify-hosted webpages that you visit and how and when you access your account, including information about the device and browser you use, your network connection and your IP address.
    • We use this information to give you access to and improve our Services.
  • We collect Personal Information about your customers that you share with us or that they provide to us directly.
    • We use this information to work with you and to provide our Services to your customers.
  • We will also use Personal Information in other cases where you have given us express permission.

When do we collect this information?

  • We collect this information when you sign up for a Partner Account, when you sign up one of your customers for our Services, or when your customers sign up themselves. We also collect any additional information that you might provide to us.

5. Information from Shopify website visitors and support users

What information do we collect and why?

  • From Shopify website visitors, we collect information about the device and browser you use, your network connection and your IP address. We may also receive Personal Information when you purchase tickets or make other requests to Shopify via any of our websites.
  • From telephone support users, we collect your phone number and call audio.
  • From chat support users, we collect your name, email address, information about the device and browser you use, your network connection, your IP address and chat transcript.
  • From forum users, we collect your name, email address and website URL.

We use this information to service your account, enhance our Services, and answer any questions you may have.

When do we collect this information?

  • We collect this information when you visit Shopify-hosted webpages or engage with us either by email, web form, instant message, phone, or post content on our websites (including forums & blogs). We also collect any additional information that you might provide to us.

6. Information from cookies and similar tracking technology

What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.

Why does Shopify use cookies and similar tracking technology?

  • We use cookies to recognize your device and provide you with a personalized experience.
  • We also use cookies to serve customized ads from Google and other third-party vendors.
  • Our third-party advertisers use cookies to track your prior visits to our websites and elsewhere on the Internet in order to serve you customized ads.
  • Opting out: You may be able to opt out of customized ads by visiting the Ads Preferences Manager, and the Google Analytics Opt-out Browser Add-on. If you use our website without opting out, this means that you understand and agree to data collection for the purpose of providing you with remarketing ads.
  • We may also use web beacons, tracking technology and other automated tracking methods on our websites, in communications with you, and in our products and services, to measure performance and engagement.

7. When and why do we share Personal Information with third parties?

  • Shopify works with third parties to help provide you with our Services and we may share Personal Information with them to support these efforts. In certain limited circumstances, we may also be required to share information with third parties to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also receive Personal Information from our partners and third parties.
    • Personal Information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
    • Personal Information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.
  • Shopify is responsible for all onward transfers of Personal Information to third parties in accordance with the EU-U.S. Privacy Shield Principles, the U.S.-Swiss Safe Harbor Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
  • Shopify will always ask for your consent before sharing your Personal Information with third parties for purposes other than those described in this Section 7.

8. What do we do with your Personal Information when you terminate your relationship with us?

  • We will continue to store archived copies of your Personal Information for legitimate business purposes and to comply with the law.
  • We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our Services.

9. What we don’t do with your Personal Information

  • We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.
  • We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, Shopify may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.

10. How do we keep your Personal Information secure?

  • We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.
  • We perform annual audits to ensure our handling of your credit card information aligns with industry guidelines. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by a third-party qualified security assessor.
  • No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

11. How do we protect your information across borders?

  • Shopify may transmit Personal Information outside of your jurisdiction of residence. Shopify remains responsible for Personal Information that is transferred to a third party abroad for processing or to support our efforts in providing our Services to you. Any Personal Information transferred to a third party for data processing is subject, by law, to a comparable level of protection as that provided by Shopify. A “comparable level of protection” means a level of protection generally equivalent to that provided by Shopify.
  • We comply with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of Personal Information from the European Union (“EU”) and the European Economic Area (“EEA”), and we comply with the U.S.-Swiss Safe Harbor Framework regarding the collection, use and retention of Personal Information from Switzerland. We have certified that we adhere to the Privacy Shield Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement and liability.
    • Generally, Shopify receives Personal Information from the EU, EEA or Switzerland as an agent acting on the instructions of its user and in its capacity as a “data processor”, with the user being the “data controller”. In such cases, where Shopify receives Personal Information from the EU, EEA or Switzerland for processing on behalf of its user, Shopify’s user remains responsible for the Personal Information and its processing in accordance with EU, EEA or Swiss law and Shopify will follow its user’s instructions and will co-operate with its user to comply with the EU-U.S. Privacy Shield Principles, the U.S.-Swiss Safe Harbor Principles, and this Privacy Policy.
    • If you are located in the EU, the EEA or Switzerland and believe Personal Information has been used in a way that is not consistent with this policy or the EU-U.S. Privacy Shield Principles or U.S.-Swiss Safe Harbor Principles, or if you have further questions or concerns related to this Privacy Policy, please get in touch using the contact information posted at the bottom of this Privacy Policy. If your complaint or dispute remains unresolved, you may also contact the International Centre for Dispute Resolution®, the international division of the American Arbitration Association® (ICDR/AAA). This organization provides independent dispute resolution, free of charge. ICDR/AAA can be contacted at http://info.adr.org/safeharbor/.
    • If after exercising the dispute resolution mechanisms described above, you feel your concerns regarding a potential violation of Shopify’s obligations under the EU-U.S. Privacy Shield Principles have not been resolved, you may seek resolution via binding arbitration. For additional information about the binding arbitration process, please visit www.privacyshield.gov.
    • With respect to our certification to the EU-U.S. Privacy Shield Framework, Shopify is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
    • For more information about the EU-U.S. Privacy Shield or to access Shopify’s certification statement, please visit www.privacyshield.gov. For more information about the U.S.-Swiss Safe Harbor Framework, please visit http://www.export.gov/safeharbor/.

12. Control and access to your Personal Information

You retain all rights to your Personal Information and can access it anytime. In addition, Shopify takes reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. You can update many types of Personal Information, such as payment or contact information, directly within your account settings. If you are unable to change your Personal Information within your account settings, please contact us to make the required changes. It’s important to remember that if you delete or limit the use of your Personal Information, the Services may not function properly.

If you have any questions about your Personal Information or this policy, please contact:

Chief Privacy Officer
privacy@shopify.com
(613) 241-2828

Last updated: September 27, 2016
© 2016 Shopify Inc.