Data and user privacy under GDPR

With the General Data Protection Regulations (GDPR) in effect as of May 25, 2018, it is crucial for any developer who works with European merchants, or works with merchants who have European customers, to disclose all data collection and usage through a privacy policy. GDPR clarifies and imposes new obligations on any party that collects, stores, or processes personal data of individuals located in Europe.

We have discussed elsewhere about GDPR generally, and how it affects Shopify and our merchants. But GDPR also probably affects most of the developers who are developing Shopify apps.

We want to make sure you are setting yourself up for GDPR compliance by carefully considering what (if any) personal data your app requires, subscribing to the mandatory GDPR webhooks, and creating a privacy policy if required.

Please note that GDPR is extremely complicated (the law is almost 90 pages long), and will apply differently to different apps. If you have any concerns, then we strongly recommend talking with a lawyer about how GDPR specifically applies to you.

This document is not intended to provide you with legal advice. It is intended to provide you with information about changes that Shopify is making in the Shopify App Store to help merchants prepare for GDPR, and to help you start to think about your data practices in the way that GDPR requires.

In this section

On this page