Data and user privacy under GDPR

With the General Data Protection Regulations (GDPR) in effect as of May 25, 2018, it is crucial for any developer who works with European merchants, or works with merchants who have European customers, to disclose all data collection and usage through a privacy policy. GDPR clarifies and imposes new obligations on any party that collects, stores, or processes personal data of individuals located in Europe.

We've discussed GDPR in our blog, and how it affects Shopify and our merchants. But GDPR also probably affects most of the developers who are developing Shopify apps.

We want to make sure that you're setting yourself up for GDPR compliance by carefully considering what, if any, personal data your app requires, by subscribing to the mandatory GDPR webhooks, and by creating a privacy policy if required.

The GDPR law is complex, and will apply differently to different apps. If you have any concerns, then we strongly recommend consulting a lawyer about how GDPR specifically applies to you.

This document isn't intended to provide you with legal advice. It's intended to provide you with information about changes that Shopify is making in the Shopify App Store to help merchants prepare for GDPR, and to help you start to think about your data practices in the way that GDPR requires.