Privacy for Merchants

For merchants using Shopify to power their stores

Introduction

If you are a merchant using Shopify to power your business, or a Supplier or Retailer participating in Handshake, we collect and use your personal information to provide you with the use of our platform and its services, and generally to help you better manage your business and your relationship with your customers. Additionally, please review our overall privacy policy that applies to everyone whose information we process.

What information we collect about you and why

We collect personal information when you sign up for Shopify, when you use our platform, or when you otherwise provide us information. We may also use third party service providers (like Sift), for example to help us review accounts for fraud or other concerns. In general we need information about you for you to be able to use our platform. We process your personal data in order to perform our contract with you or because it is in our legitimate interests to maintain our business relationship, prevent risk and fraud, provide effective services to you, improve our products and services, and to be responsive to you. In some cases, we only process your personal information with your consent.

What we collect How we use it
Information you provide us about you and your business, like your name, the name of your staff or other individuals associated with your business, company name, address, email address, and phone number.
  • To provide you with the use of our platform and other related services (e.g., to confirm your identity, to contact you about issues with the platform, to invoice you)
  • To advertise and market products or features to you
  • To comply with legal requirements
  • To prevent fraudulent use of our services
Payment information you provide us, such as your credit or debit card number or your bank account number. If you use Shopify Capital, we also collect information that you may choose to make available to us about your business’s bank accounts or financial assets.
Information about how you access Shopify websites, your account, and our platform, including information about the device and browser you use, your network connection, your IP address, and details about how you browse our websites and platform. We collect some of this information by using “cookies” or other similar technologies directly from your device. For more information about how we use these technologies, see our Cookie Policy.
  • To provide you use of, and to improve, our platform and other related services (e.g., identifying ways to make our platform easier to use or navigate)
  • To personalize the platform for you (e.g., by showing you apps in our app store that we believe may be useful to you)
  • To advertise and market products or features to you
  • To prevent fraudulent use of our services
If you use Shopify Payments, we collect more specific information you provide us about your business, including your business address, business type, business ID number, bank account information, date of birth (if you are an individual business owner), and in some circumstances, government-issued identification (such as your Social Security Number, Social Information Number, Employer Identification Number, or Tax Identification Number).
  • To create and manage your Shopify Payments account
  • To provide you with the Shopify Payments services
  • To conduct fraud and risk monitoring
  • To comply with legal requirements (such as “know your customer”, anti-money laundering, or anti-terrorism laws)
  • To provide tax documentation
Copies of government-issued and/or a picture of yourself holding your identification that you provide us.
  • If we need to verify your identity (e.g., to protect you against identity theft or fraud)
  • To verify that we are speaking with you if you contact us
  • To help us determine or verify account ownership
  • To comply with legal requirements
If your business is listed on Shop, you may voluntarily disclose personal data revealing the racial or ethnic origin or sexual orientation of the business owner.
  • To highlight collections of stores for the purpose of promoting diverse businesses

We also work with companies that provide us with information about merchants or prospective merchants (for example, to protect against fraud or if we’re sponsoring an event).

When and why we share your information with others

Running a business is hard, and we work with a variety of companies to help us provide you with a range of services to help you support your business. We sometimes share your personal information with these companies to help us provide you with Shopify services.

We also share your personal information with others:

  • to prevent or investigate suspected fraud, threats to physical safety, illegal activity, or violations of a contract (like our Terms of Service) or our policies (like our Acceptable Use Policy)
  • to help us conduct marketing and advertising
  • to comply with legal requirements, or to respond to court orders, or other similar government demands (for more information, please read our Government Access Policy)
  • in connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organisation, we will share your personal data with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.

Additionally, almost every merchant using the Shopify platform also uses non-Shopify services to support their business (for example, apps from our app store, sales channels, payment gateways, or shipping providers).

Shopify doesn’t control how these services use your personal information, and you should review any other service you use to make sure it meets your privacy expectations. When you choose to use non-Shopify services, you can review what access any app has to your information or your store’s information on the “App Details” page in the Shopify admin.

Your rights over your information

You can access and correct a lot of your personal information directly through the Shopify admin. For information you are not able to access or correct directly within the Shopify admin, please submit a data subject request through our online portal. Please refer to our Overall Privacy Policy for further information. Please note that some data subject rights only apply in certain circumstances, and all of these rights may be limited by law.

How long we retain your information

Because we need your personal information to provide Shopify services, we generally keep your personal information while you use Shopify products or services. If you close your store, you stop paying your subscription fees, or we terminate your account, we retain store information for two years before we begin the process of deleting or anonymizing personal information. We don’t do this immediately in case you reactivate your account, or if there is a legal complaint or audit relating to your business. If you contact us to request deletion of your store’s information, we will begin the process of deleting or anonymizing personal information after 90 days, except if we are legally required to retain specific information. If you have questions about this process, please contact our Support team. Please keep in mind that after we anonymize your personal information, we may continue to use non-identifiable information to improve our services.

Your customers’ information

In order to power your business, we collect and use personal information about your customers. In general, we collect and use this personal information as directed by you, and as further described in our Data Processing Addendum. Legally speaking, we are a “data processor” and a “service provider” as these terms are used in certain applicable privacy laws, including in Europe, the UK, and the US.

Because you decide how the personal information of your customers will be used, you need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information. You should do this by, at a minimum, posting a privacy policy on your store that describes the information you collect, how you use it, and who you share it with.

To help get you started with this, you can check out our privacy policy generator. Also, if you are collecting any “sensitive” personal information from your customers (for example, information about a consumer’s social security, drivers license, state identification card, or passport number; account log-in, financial account, debit or credit card numbers in combination with any required security codes or passwords; precise geolocation; health or genetic data, racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of a consumer’s mail, email or text messages; or criminal offense data), you should get the affirmative, express consent from your customers to use and process this information.