How do I create a Privacy Policy on Shopify?

Cover - Pandectes - 
How do I create a privacy policy on Shopify_

Table of Contents


A privacy policy page is a page that states what personal data you collect from your visitors, why, and how you keep it private.

The purpose of this page is to inform your visitors about how their data is being handled. This page should be accessible for your visitors and kept in plain and readable language.

Why is a privacy policy important?

There are many countries that have their privacy laws requiring that stores collecting personal data have a proper privacy policy in place. If you are a store owner then you need to have a privacy policy page. This means that in order to create a privacy policy to protect your business and customers may be a serious headache because in most cases you’re not a lawyer.

You need to remember that a privacy policy page is required by law because your store collects data from users, either directly or indirectly. The most common way is through the orders because the data are stored in your store. Also if you have a contact form on your store, or any Instagram or Facebook integrations, or when you use analytics tools such as Google Analytics to track your visitors. Any business needs to consider the privacy policy because is related to user data, collection of information, third-party services, and how they collect the data of your customers as well as several other service providers that are connected with your store.

You also need to have in mind that in cases of failure to comply with these laws it can result in heavy fines and even prosecution. If your store business is based in the EU and/or CA or you are selling products/services to EU and/or CA citizens then you must have a GDPR/CCPA compliant privacy policy on your store.

Where do I put my privacy policy?

In most cases, you can add the privacy policy page link in the footer of your store. We recommend that you place your privacy policy in easy-to-find locations in your store. From your store admin, you can do it by visiting the Navigation option on the left menu and trying to add the privacy policy page on the footer menu.

Privacy policy and cookies

Cookies usually are the trickiest part of making your store compliant with regulations for privacy and data protection.

Most of the other data collection activities going on in connection to your store are both static and visible. The contact form or newsletter form only changes if you actively make changes to it, and the user is aware of giving personal information when they chose to fill them out.

Cookies, on the other hand, operate in the background. They are quietly dropped on the user’s computer and in more detail in the browser without the user being aware of what is going on. Sometimes this can be done also even without the knowledge of the store owner.

After that, the cookies can collect a lot of different types of data for any given length of time and send this data out to the origin script vendors.

Something very interesting is that cookies are numerous and dynamic, and they tend to change often.

Privacy policy and data protection

The General Data Protection Regulation (GDPR) requires that communication about the use of data is both specific and accurate.

This means, in practice, that whereas the remainder of the privacy policy may be a static document, the section on cookies should be updated fairly regularly. This is really important because if you add new apps to your store, then each app may generate new cookies on your store.

This issue can be solved if you choose a cookie solution like the Pandectes GDPR Compliance app for your store.

Pandectes GDPR Compliance app performs scans of your store, giving a complete overview of the cookies in use.

Tools for the privacy policy page


Generating your privacy policy page is not an easy task and you may have already searched about that on google. Here we can give you a hand on how you can do it the best way. First of all Shopify itself provides a free tool to prepare a legal notice with a Shopify generator that will follow the legal requirements. Don’t forget to include there your contact details.

This free privacy policy generator tool was developed and reviewed by legal experts on the platform. It includes the requirements of the General Data Protection Regulation (GDPR) to help make sure your business complies with the law and builds customer trust.

This tool has no cost to use it. It provides the following policy generators:

  • Privacy policy
  • Refund policy
  • Terms of service policy

The steps that you need to follow are the following:

  • Visit the free tool page
  • Enter your email and company information
  • Wait for your personalized privacy policy to arrive in your inbox
  • Customize your policy based on the suggestions provided

If you already have a store account you can just visit your online store settings page.

There you can click the policies box.

You can create your own legal pages, or create them from templates and customize them. The templates aren’t legal advice and need to be customized for your store. Among them, you will see a button for template generation to the already-mentioned pages.

When you add your store policies, they are automatically linked in the footer of your checkout pages. Customers might need to see your policies before they check out, so it’s a good idea to link those pages in your store navigation.

In order to add one or more of these legal pages to your store you will need from the admin page to access the online store option on the left menu and then the navigation option. After you select the menu in which you want to add the appropriate legal page you will select the drop-down privacy option.


There are also many free tools online that provide such a service such as termfeed or privacy policy generator.

Examples of Store Privacy Policies

Whether you select the internal tool or any external that you can find on google the most important part is to change the content in order to be aligned with your business and your store. In other words, your Privacy Policy should be personalized to your shop. However, there are some common clauses used across Privacy Policies that can be customized to suit your online shop’s needs.

Below are a few examples of common clauses which you may wish to include in your shop’s Privacy Policy:

What Personal Information is Collected

For example, you can mention that your store is collecting:

  • account information such as username, name, email, phone number, address
  • other contact information
  • location information
  • demographic information such as postcode, preferences, and interests
  • other information collected by third parties (ex. Facebook, Instagram, Google, ads)
  • search terms
  • browser information, browser language, browser type
  • any personal information may be collected by tracking technologies you use in your store

How Personal Information is Used

Here you can use a bullet point list to explain how you use the information you collect from your customers. The list is thorough but jargon-free:

  • to provide services that a customer requests
  • to respond to inquiries you receive from a user or in connection with a transaction the user initiated
  • to analyze, manage and improve the store pages and user experience
  • to segment your customers for marketing purposes
  • to generate members lists for offers and discounts

If Information is Shared with Third Parties

You need to make it clear that the store never sells information to third parties for marketing purposes. This statement is easy to understand and will help to build trust with the store’s consumers. The store is also clear that the only scenario where personal information is disclosed is if the law requires it to be. This is very important especially when we have to do with ad platforms.

How Long Information is Stored For

Privacy Policy may contain a short clause that explains how long personal data is kept. This section of the policy can go into more specific detail concerning the retention periods for different types of information.

How Personal Information is Protected

Here you can include a security section in the Privacy Policy. This section explains the specific steps the store takes to keep customer data secure. The platform of course has it’s own protection about that but you need to cover this section as well.

How Payments are Processed

An essential clause for any online store Privacy Policy is a payment clause. This clause needs to explain how customers’ payments are processed and if a third-party payment processor is used.

There are many third-party payment processors and service providers and it’s one may its own agreement. The purpose here is to advise your customers what information your payments processors collect and provides users with a link to your platform Privacy Policy:

Consumer Rights

In this section, you can provide a bullet point list of customer rights, which includes the right to delete data and to update or correct any incorrect data. These are also called data subject requests.

These requests are provided by the Pandectes GDPR Compliance app.

Pandectes GDPR Compliance app provides the e-privacy page from where customers or even guest users can make such requests and you as a store owner can fulfill their requests automatically. These requests contain personal information that why the app is not storing any such information and all the processes take place on your store side.


If you have a Shopify store you need a Privacy Policy for sure. As a business owner, you need to be aligned with the law. This is because stores inevitably collect personal data, and a Privacy Policy is a legal requirement for any business that collects personal information.

Privacy Policies are also a great way of building trust with your customer base, as well as providing your shop with a legal safety net should a dispute arise.

You can easily add your Privacy Policy to your store by creating a ‘Page’ and linking it to your footer or elsewhere on your store’s site.

Although your store’s Privacy Policy needs to be fully personalized, there are clauses that are commonly used and are capable of being adapted to suit your store’s needs. Using a template can help you include all the required information while still getting to personalize your Policy to be your own.

Make your Shopify Store GDPR/CCPA compliant today
Pandectes GDPR Compliance App for Shopify
Subscribe to learn more

You Might Also Like

Scroll to Top