Official Shopify Experts Official Shopify Experts
Get a Free Quote MENU
Blog
- Shopify Enhances Merchant Control Over Customer Data Privacy
Share
MENU
Shopify logo with a shield and lock icons.

Shopify Enhances Merchant Control Over Customer Data Privacy

Shopify is empowering its merchants with enhanced tools to manage customer data privacy, aligning with growing global regulations. The e-commerce giant has outlined clear procedures for store owners to handle customer requests for data access and deletion, reinforcing trust and compliance within the digital marketplace.

Merchant Responsibility in Data Protection

Shopify merchants are ultimately responsible for adhering to privacy and data protection laws applicable to their businesses. The platform provides functionalities to assist them in meeting these obligations, recognising that robust privacy practices are fundamental to e-commerce success and customer confidence.

Accessing and Exporting Customer Data

Customers may have the right to access their personal information, depending on their location. Shopify merchants can facilitate these requests by exporting a customer’s data processed by the platform. This involves navigating to the customer’s profile within the Shopify admin, requesting the data, and then providing it to the customer after verifying their identity, if legally required or consistent with store policies.

Key Takeaways:

  • Merchants must comply with relevant privacy laws.
  • Shopify provides tools for data access requests.
  • Identity verification may be necessary before sharing data.

Erasing Customer Personal Data

Merchants can initiate the erasure of a customer’s personal data from their Shopify store, including associated apps and channels. While Shopify removes details like names and addresses, transactional information such as sales figures and dates remain visible for record-keeping. It is the merchant’s duty to inform any third parties with whom the customer’s data was shared about the erasure request.

Processing Erasure Requests:

  • By default, erasure requests for customers with recent orders (within 180 days) are held for 180 days post-last order to accommodate potential chargebacks.
  • Merchants are notified of the scheduled erasure date.
  • Shopify Support can be contacted to override the default holding period.

Cancelling Erasure Requests

Merchants have a 10-day window to cancel an erasure request after submission. If initiated through the Shopify admin, only users within that store can cancel. If a partner app submitted the request, the partner must cancel it. Cancellation is managed directly from the customer’s profile in the Shopify admin.

Editing and Deleting Customer Profiles

Existing customer profiles can be edited directly within the Shopify admin. While individual profiles can be deleted, certain profiles, such as those linked to orders or erasure requests, cannot be removed. Deleting a customer profile is an irreversible action.

Sources