You put a lot of trust in Shopify, and we take that seriously. Our certifications and the standards we choose to meet are one way we demonstrate our commitment to maintaining your trust.
PCI Security Standards Council is a globally recognized organization dedicated to maintaining standards for the secure processing of credit card transactions. It helps vendors, like Shopify and Shopify merchants, process credit card payments securely and protect cardholder information.
Shopify is certified Level 1 PCI DSS compliant. For more information, see our PCI page.
Service Organization Control (SOC) reports are an assessment of a company’s information systems by third-party auditors that certify that the company meets an independent set of standards, including criteria related to the security and availability of its services.
Shopify has been issued SOC 2 Type II and SOC 3 reports for the service we provide to our customers.
For more information, download a copy of the SOC 3 report.
Shopify has designed its platform to enable you to offer your customers transparency into and control over their personal information. Shopify believes in making it easy for you to use its platform in a manner that complies with privacy and data protection laws around the world.
Shopify does what it can to set you up for success, but there are also steps you will need to take on your own. Refer to our help center pages on General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) to start thinking about privacy laws that are applicable to your store. If you have specific legal questions about which laws apply to you, or questions specific to your business, you should consult with a local lawyer who is familiar with data protection laws.
Shopify’s Transparency Report provides data about legal requests for information about our merchants, customers, and partners for 2018. It describes how requests are evaluated, and how often they are filled.
Read our Transparency Report.