Navigating your privacy and data protection requirements

As a Shopify merchant, it's essential to understand your obligations under applicable privacy and data protection laws and ensure that you configure and use the Shopify platform in a way that complies with applicable laws where you offer your store. Shopify provides tools and information to help you meet certain privacy obligations.

Understanding your responsibilities

Shopify provides the technology that powers your store, but any contract of sale with customers on your store is between you and your customer. This means that you're solely responsible for the creation, ownership, operation, and control of your Shopify store, the products you offer, and the markets where you offer your store, as well as all aspects of the transactions between you and your customers. This includes handling purchases, refunds, returns, fraudulent transactions, regulatory compliance, and adherence to local laws in your respective jurisdiction and where your customers are located.

Obligations resulting from your use of Shopify's services

As a merchant, you have an independent obligation to comply with privacy and data protection laws, including any obligations that result from your use of Shopify's services. To help ensure compliance, we recommend the following steps:

• Read the applicable legal and data protection terms and requirements that are described in your contracts with Shopify, including our Terms of Service ("Terms") and Data Processing Addendum ("DPA").
• Review the information we provide on our privacy compliance Help Center pages.
• Review available security documentation on our Compliance Reports page.
• Use our automated privacy settings.
• Read the available material on our subprocessors.
• Consider the overall risk concerning international transfers in their respective compliance documentation.
• If you have Shopify Network Intelligence enabled and are using Enhanced Services, then there may be additional requirements to make sure your customers are informed about how Shopify processes their data. You can learn more about the requirements when Shopify Network Intelligence is enabled here, and in our Terms and DPA.

Shopify is committed to supporting you in your compliance journey by providing the tools and information to help you comply with evolving privacy laws that may apply to your use of Shopify services.

Available resources

The following resources can be used to find more information on Privacy and Security at Shopify:

• Shopify website
• Shopify Legal
• Shopify Security
• Shopify Compliance Reports
• Shopify Help Center home page
• Shopify Help Center Privacy and Security
• Shopify Help Center Compliance