Privacy requirements

With privacy laws in jurisdictions such as the European Economic Area, United Kingdom, and United States, it's crucial for app developers who work with merchants to disclose all data collection and usage through a privacy policy. Privacy laws such as the General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), Colorado Privacy Act, and Virginia's Consumer Data Protection Act clarify and impose obligations on any party that collects, processes, or stores personal data of an individual.

We've discussed data privacy legislation on our blog and how it affects our merchants, but privacy laws may also apply to developers that build Shopify apps.

We want to ensure that you're setting yourself up for success by complying with any applicable privacy laws and carefully considering what, if any, personal data your app requires, by subscribing to the mandatory webhooks, and by creating a privacy policy if required.

Privacy laws are complex, and will apply differently based on how personal data is collected, processed, or stored. If you have any concerns, then we strongly recommend consulting a lawyer about which privacy laws specifically apply to you.