Privacy Policy For Shopify Stores

Written by Francesca Edwards (FreePrivacyPolicy Legal writer) and last updated on 21 October 2022.

Privacy Policy For Shopify Stores

If you run a Shopify store you should have a well-written Privacy Policy for your online shop.

This article will cover why your shop needs a Privacy Policy, how to add a policy and how to link to your policy in Shopify. In addition, there will be some examples of common clauses contained in various Shopify stores' Privacy Policies.

Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.

  1. Click on the "Free Privacy Policy Generator" button, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select platforms where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Enter the country and click on the "Next Step" button:
  7. FreePrivacyPolicy: Privacy Policy Generator - Enter the country - Step 2

  8. Continue with building your Privacy Policy while answering on questions from our wizard:
  9. FreePrivacyPolicy: Privacy Policy Generator -  Answer on questions from our wizard - Step 3

  10. Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.

    FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 4

    That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.



Why a Privacy Policy is Required For a Shopify Store

There are several reasons why your store requires a Privacy Policy, including legal requirements, limiting your legal risk, and building trust with your customers (or future customers).

Laws

There are a number of global laws that require Privacy Policies. Your Shopify store must meet the legal requirements of the country your consumers reside in.

Let's consider some of the applicable laws.

The California Online Privacy Protection Act (CalOPPA) is a state law that will be applicable to your Shopify store if any of your consumers live in California - even if your business has no physical presence in California. CalOPPA affects any business which collects personal data from Californian residents and is one of the strictest privacy and data protection laws in the world.

The General Data Protection Regulation (GDPR) is an EU regulation that came into effect in May 2018 with the aim to keep EU residents' data secure. The GDPR applies to any ecommerce store which allows EU residents to access and purchase goods and services from it - regardless of whether or not the shop is based within the EU.

Does your Shopify store offer goods or services to EU citizens? Does your store process or collect their data?

If you answered 'yes' to either of these questions, you need to ensure that your shop complies with the GDPR as there are tough penalties for non-compliance. This is the case even if you own a small Shopify store with a very small EU presence. If your shop has the potential to gain EU customers, the GDPR applies to you.

The Personal Information Protection and Electronic Documents Act 2000 (PIPEDA) is a Canadian law that requires ecommerce shops to have a clear and accessible Privacy Policy. If you have any Candian customers this law applies to your Shopify store.

The Privacy Act 1988 is Australia's Privacy Act that states that any business which offers services to Australian citizens must have a transparent Privacy Policy which discloses how their personal data is used.

If you have customers in California, Canada, Australia, the UK or anywhere in the EU, these laws will apply to your Shopify store.

Ecommerce Stores Collect Personal Data

Ecommerce Stores Collect Personal Data

Another reason your Shopify store needs a Privacy Policy is due to personal data collection. No matter what your store sells, or who it sells to, it will inevitably collect consumer data.

A Privacy Policy is essential to any business that collects any kind of personal data. The policy must explain what data is collected, if the data is shared and who with, how long the data is stored for and what control customers have over the data you collect.

Prior to writing your Privacy Policy, consider what types of personal data your Shopify store will collect. For example, it's likely that the user's IP address is captured as soon as they reach your page. Your store may also collect: names, home addresses, email addresses, telephone numbers.

Since your ecommerce shop needs to process payment information, it's highly likely it will collect billing and shipping details, as well as customer's credit card information. Even if your shop uses a third party to process your payments, the third party will collect this information which means your Privacy Policy needs to make consumers aware of this.

If you use a tool such as Google Analytics, additional personal data will be collected. This Google tool collects the users location, gender, what time they browsed, what pages they browsed through and how long they browsed for.

Limit Your Risk

A clear and well-drafted Privacy Policy will help to shield your shop from legal disputes concerning personal data and security by putting all the information out there.

Your Privacy Policy is the ideal place to manage your customer's expectations and to set out clear rules to avoid misunderstandings.

If any misunderstandings do occur - especially if a consumer brings a lawsuit against your online shop - a Privacy Policy which clearly states how personal data is handled will be very useful.

Build Trust

A Privacy Policy is more than just a legal safety net. It's a crucial part of building trust with your consumers. A transparent and open Privacy Policy is a sign of a company's credibility and trust. As an online store owner, use this as an opportunity to create brand trust by emphasizing how you are protecting consumer data and meeting customer's privacy expectations.

Differentiate your store from other stores by creating a personalized Privacy Policy which demonstrates your shops strong data protection protocols. To make sure consumers view your store as professional and trustworthy, you should ensure that your shop's policy is kept up to date with developing laws.

In order to build as much trust as possible with your customers, make sure your policy is easy to understand and jargon-free. Consumers shouldn't need a law degree to understand your Privacy Policy!

How to Add a Privacy Policy Page to Your Shopify Store

How to Add a Privacy Policy Page to Your Shopify Store

When you create a Privacy Policy for your shop, you should ensure that it is its own document located on the 'pages' section of your store. This is important for a couple of reasons.

Firstly, your customers will be able to locate the document whenever they want to and it will not be hidden away in another document.

Secondly, CalOPPA makes it a legal requirement to have a separate Privacy Policy with its own unique link - as opposed to the policy being part of another document.

The best way to ensure you are meeting these criteria and making your policies accessible to your customers is to add a Privacy Policy page. Pages are fully customizable and easily created through your Shopify admin dashboard.

It makes sense to use pages for posting information that isn't frequently updated, such as legal documents and 'about us' pages. Additionally, these are sections that customers like to reference frequently and therefore must be in an accessible place.

You can add your Privacy Policy with the following steps:

  1. Underneath the 'Sales Channels' section on the left side of your screen, click 'Online Store' then click 'Pages' from the menu:
  2. Shopify dashboard: Sales Channels menu showing Pages

  3. Once you've clicked 'Pages' a screen will appear containing an 'Add page' button. If you click this button Shopify will bring up the following screen:
  4. Shopify dashboard: Add Page screen

  5. Enter your title (Privacy Policy) and the Policy's content in the blank text box.

    Make sure that you click the 'Save' button at the top right once you are happy with your title and content.

  6. To the right-hand side of the screen is a box marked 'Visibility.' This is where you decide whether to publish immediately, add a specific date to publish or keep the page hidden from your online store. Make sure your page is visible.
  7. Shopify dashboard: Page Visibility option

Now that your page will be live, you can link it to your store.

How to Link to Your Privacy Policy in Shopify

Once you've created and added your Privacy Policy, it's important to link to it whenever necessary to make sure it's always accessible to customers. For example, adding a link before checkout is very important as it gives customers a final chance to view the policy prior to purchasing from your shop.

To link to your Privacy Policy follow these steps:

  1. Go back to your 'Online Store' located on the left-hand side of your screen and go to the 'Navigation' section:
  2. Shopify dashboard: Sales Channels menu showing Navigation

  3. From 'Navigation' click 'Footer menu', which is written in blue in the center of the screen. After you've clicked 'Footer menu' the following screen will appear:
  4. Shopify dashboard: Footer menu screen

  5. Click on 'Add menu item' at the bottom of that screen and the following box will open:
  6. Shopify dashboard: Add menu item screen

  7. Type or paste your link to your Privacy Policy page and click the 'Add' button.

Your link will now be added to your site footer for your users to easily access.

Examples of Shopify Store Privacy Policies

Your Privacy Policy should be personalized to your shop. However, there are some common clauses used across Privacy Policies which can be customized to suit your online shop's needs.

Below are a few examples of common clauses which you may wish to include in your shop's Privacy Policy:

What Personal Information is Collected

State what types of personal information you collect. Be as specific as possible here.

SoYoung's Privacy Policy is clear about the information it collects from customers. In addition, the policy is written in short, simple sentences which makes it easy to comprehend:

SoYoung Privacy Policy: What We Collect clause

How Personal Information is Used

Disclose how you use the information that you collect. Be transparent about all the ways in which you'll be using it.

Shop Beer Gear uses a bullet point list to explain how it uses the information it collects from its customers. The list is thorough but jargon-free:

Shop Beer Gear Privacy Policy: Use of Information Collected clause

If Information is Shared with Third Parties

If you're going to share the information with any third parties, either freely or by selling it, you must disclose this in your Privacy Policy.

Leif makes it clear that the shop never sells information to third parties for marketing purposes. This statement is easy to understand and will help to build trust with the store's consumers. The shop is also clear that the only scenario where personal information is disclosed is if the law requires it to be:

Leif Privacy Policy: Disclosure of personal information clause

How Long Information is Stored For

Let users know how long you plan to keep their personal information for. Let them know when you delete date, or how they can request to have it deleted.

ColourPop's Privacy Policy contains a short clause which explains how long personal data is kept for:

ColourPop Privacy Policy: Data Retention summary clause

The above clause links to a longer clause further down in the policy which goes into more specific detail concerning the retention periods for different types of information. In addition, the retailer states its criteria for determining retention periods:

ColourPop Privacy Policy: Retention Periods and Criteria for Determining Retention Periods clauses

How Personal Information is Protected

Users want to know that you take steps to secure their personal data, and your Privacy Policy is the perfect place to disclose this.

Retailer Rebecca Minkoff includes a security section in its Privacy Policy. This section explains the specific steps the store takes to keep customer data secure:

Rebecca Minkoff Privacy Policy: Security clause

How Payments are Processed

An essential clause for any online shop's Privacy Policy is a payment clause. This clause needs to explain how customer's payments are processed and if a third party payment processor is used.

ColourPop's 'Processing Your Payment' clause explains that Shopify Payments is used as a third party payment processor.

Importantly, the clause advises consumers what information Shopify Payments collect and provides users with a link to Shopify's Privacy Policy:

ColourPop Privacy Policy: Processing your payment clause

Consumer Rights

Privacy laws give users rights when it comes to their personal data, and you'll need to inform users of these rights in your Privacy Policy.

Gymshark provides a bullet point list of customer rights, which includes the right to delete data and to update or correct any incorrect data:

Gymshark Privacy Notice: User rights clause

Summary

If you have a Shopify store you need a Privacy Policy. This is because online shops inevitably collect personal data, and a Privacy Policy is a legal requirement for any business that collects personal information.

Privacy Policies are also a great way of building trust with your customer base, as well as providing your shop with a legal safety net should a dispute arise.

You can easily add your Privacy Policy to your Shopify store by creating a 'Page' and linking it to your footer or elsewhere on your store's site.

Although your shop's Privacy Policy needs to be fully personalized, there are clauses which are commonly used and are capable of being adapted to suit your store's needs. Using a template can help you include all the required information while still getting to personalize your Policy to be your own.