App privacy policies

To help with GDPR compliance, or to gain merchant trust through clarifying exactly how merchant and buyer data is being used, you must provide a privacy policy and link to it from your Shopify App Store listing. These requirements are the same for both listed and unlisted apps.

One of the things that GDPR requires is for businesses including app businesses) to provide their customers/users with very specific information about how your app/product collects and uses personal information. You should explain your data practices however you think will be most effective, and we also provided an App Privacy Policy Template to get you started.

In particular, we recommend that you include:

  • What information do you collect through Shopify’s APIs?
  • What information do you collect directly from the merchant? For example, do you ask them for contact details? Do you generate automated logs relating to their use of your app?
  • What information do you collect directly from merchants’ customers? For example, do you drop cookies or use other tracking technologies on their devices? Do you log information relating to how customers visit or navigate particular stores?
  • How do you use the information you collect? Do you use this information for any purposes aside from providing your app’s services?
  • For how long do you store or retain the data you collect?
  • Are you established in Europe? Are you storing or processing information outside of Europe?
  • How can merchants contact you if they have additional questions (note that some jurisdictions require that you include a physical address as well)?

If you have any concerns about how best to describe your app’s data practices beyond what’s listed above, then we recommend consulting with a lawyer about your specific needs.