According to laws such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, websites with users in certain regions and states must abide by certain rules and standards when creating privacy policies. We’ll cover these requirements in more detail later in this article.
Managed Solution (Recommended)
Step 2: Answer a few simple prompts and questions, and go through all of the steps until you reach “Final Details.”
Use a Template
You can add, remove, and edit existing language and clauses in Microsoft Word or Google Docs, so the policy says what you want it to say. On the other hand, if you like what’s in the template, you don’t have to change, add, or remove anything.
Do It Yourself (Not Recommended)
According to Shopify, you need to mention the following. Some of these may overlap with what the law requires you to include anyway.
1. How you collect personal information
To include all the information you gather from your users, go through your Shopify store’s registration process yourself and make a list of the pieces of information you’re required to fill in, such as:
- Email addresses
- Billing addresses
- Shipping addresses
- Phone numbers
- Credit card details
Your Shopify store also probably collects other personal information from visitors, such as:
- Browser type
- IP address
- Device ID
- Cookie data
- What website led a user to your store
Some of this data may not strike you as particularly “personal,” but it is defined as “personal data” by the GDPR and other privacy legislation. As such, you need to research how Shopify processes and collects this kind of personal information on your behalf.
2. How you use personal information
You also need to disclose how your website uses personal information. Discuss, in detail, why you collect your users’ personal information and make sure you’re gathering only the information you need to gather.
For example, you may be gathering personal information for the following reasons as an ecommerce shop:
- Email addresses for updating customers on their orders and sending marketing emails
- Shipping addresses for shipping customers’ orders
- Payment card details, names, and billing addresses for processing payments
- Cookie data for targeted advertising and security purposes
3. Your customers’ privacy rights
Almost all privacy laws require you to outline your customers’ privacy rights.
Make sure to mention the following:
- What users can do to change, modify, or delete their personal information
- What users can do to opt out of cookies and other tracking methods
- Whom users can contact if they have any questions about their privacy rights
You should consider including language that covers all of the requirements below regardless of where you and your users are located because anyone from any country can access your website.
General Data Protection Regulation (GDPR)
- Your Shopify site’s contact details: List your shop’s representative’s name and contact information.
- Whether you’re using an automated decision-making system and how you’re using it: This probably doesn’t apply to most Shopify stores. However, if you’re using such a system for your Shopify site, talk about how you set it up and the possible consequences of using this system.
California Online Privacy Protection Act (CalOPPA)
CalOPPA is a less comprehensive version of the GDPR. However, there are two requirements that are unique to it.
- Has the word “privacy” in it
- Stands out from the surrounding text (i.e., it uses a different color, size, or font)
Children’s Online Privacy Protection Act (COPPA)
COPPA is a US law, but it applies to every company or website that collects information from children in the US who are under the age of 13.
California Consumer Privacy Act (CCPA)
An office or physical presence is not required in California (or the United States) for a business to fall under the CCPA scope — so you must comply with the CCPA if your company collects data from California residents and meets at least one of the following thresholds:
- You have annual gross revenues of at least $25 million.
- You derive 50% or more of your annual revenues from selling Californian consumers’ personal information.
- You annually buy, receive for commercial purposes, sell, or share for commercial purposes, the personal information of over 50,000 consumers, households, or devices in California.
The CCPA gives California consumers the right to request that you delete their personal information and request that you provide them with a copy of their personal information.
Shopify has built-in features to allow you to do this, and a dedicated page that explains how to use their services in CCPA compliant way.
Step 1: Log in to Shopify and click “Online Store” on the navigation bar on the left.
Step 2: Click on “Pages.” Then, click on the green “Add Page” button in the top right-hand corner.
Most ecommerce privacy polices are linked to from within a website footer.
Step 1: Go to “Navigation” on the navigation bar on the left.
Step 3: Then, click “Add menu item.”
Good Examples of Shopify Store Privacy Policies
Here are some great examples of Shopify store privacy policies you can reference.
Here’s an example of a well-organized section that tells users why and how the website is collecting their information and what types of personal information it’s collecting:
Hiut Denim Co.