Guidelines for Legal Requests for Information

All legal access requests from third parties seeking information held by Shopify should be properly filed through the Legal Access Request form. Our form requires you to create a Shopify account and verify your email address to submit a request. Creating an account allows Shopify to verify your identity for security purposes – it does not sign you up for a Shopify store. Once you have verified your email address, our form will auto-populate some of your contact information for ease of use.

These guidelines provide instructions when a third party wants to request information that Shopify holds. If you are seeking your own information, please consult our Privacy Policy for more information about your right of access.

If you are a law enforcement official or government regulator and wish to report a store for illegal activity or otherwise violating our Acceptable Use Policy, please complete the provided Takedown Request form to accompany your submission, including as much supporting information as possible.


These guidelines illustrate how Shopify balances our legal obligations, the requesting party’s needs, and the interests of our Merchants, their Customers, or our Partners when we receive legal requests for information.

  • “Merchants” are the businesses who use Shopify’s platform or services to power their stores in any capacity.

  • “Customers” are people who visit or make a purchase from a Merchant's store using the Shopify platform or services.

  • "Consumers" are people who us Shopify's Shop App or have a Shop Pay account.

  • Partners” are third parties who provide services to Merchants, such as: developing apps or themes that can be used in a Merchant’s store; helping Merchants build or set up their stores; building third party integrations with other platforms; or referring potential entrepreneurs looking to become a Merchant.

If we change our practices for responding to legal requests for information, we will update these guidelines. For a more detailed explanation about Shopify’s approach to third-party requests for information, please review the Shopify Legal Requests for Information Whitepaper.

Our Principles

These are the principles that guide us when we respond to legal requests:

  • When a third party requests identifiable non-public information (such as personal or financial information about a Merchant), we will only share this information in response to valid and enforceable legal process in accordance with the remainder of the provisions of this Whitepaper, and we will take appropriate steps to minimize the amount of information that we disclose to satisfy the request. We will generally refuse to disclose non-public information if the legal request or court order is addressed to the wrong Shopify entity or address, or is issued by an entity that lacks jurisdiction over the Shopify entity that has possession of the responsive information.

  • We will notify affected individuals and entities before we produce information about them unless we are legally prohibited from doing so.

  • When a third party requests information, we will only provide the specific information sought in the request. We will interpret requests for “all information” consistent with the principles described in the Guidelines.

  • When a third party requests information about a Merchant’s Customers, we will first instruct the requestor to obtain that information directly from the Merchant, unless:

    • The requestor cannot obtain the data directly from the Merchant due to the Merchant being under a criminal investigation that would be jeopardized by the Merchant being made aware of the request; or,
    • The Merchant has been terminated by Shopify for fraudulent activity or for otherwise violating our Terms of Service and no longer has access to their Shopify account.

Legal requests for information must be submitted online through our Legal Access Request form.

To submit a request:

  1. Create an account, or sign in if you already have one.
  2. Fill in the required fields (please see our Shopify Legal Requests for Information Whitepaper for more details about the types of information Shopify controls and which entity controls that information).
  3. Complete the mandatory fields, declarations, and electronic signature.
  4. After submitting the form, you will receive an email with the subject line “Shopify Legal Access Request: Attach supporting documentation”. You must respond to this email with the supporting document(s) attached to complete your submission. Shopify will notify affected individuals and entities before we produce information about them unless you specify a statute, law, or regulation, or provide a court order that legally prohibits us from doing so.

Shopify does not maintain productions indefinitely – it is your responsibility to download and safeguard the information that has been provided or notify Shopify of the length of time you request that Shopify maintain the production and the basis for your request.

Please note that submitting a legal request through our online form does not waive your obligation to provide documentation compelling our response to your request nor does it waive Shopify’s right to object to the request after review.

Frequently Asked Questions

Broadly, what type of information does Shopify control?

Shopify has custody and control over certain information about Merchants, Customers, Consumers, and Partners. We have provided a detailed explanation of the type of information we control in our Shopify Legal Requests for Information Whitepaper. Please note that Shopify does not control the flow of funds to a Merchant—this is done independently by the third-party payment processor used by the Merchant (even if they are using Shopify Payments, this is done by Stripe). As such, we cannot garnish receivables or apply liens or levies, even on money generated through Shopify Payments.

What Shopify entity should my request be directed to?

It depends on the information you are seeking. Most requests seek information about our Merchants or Partners, in which case your request should be directed to the Shopify entity that directly contracts with the Merchant or Partner. You can find the specific contracting entity in our Contracting Party Chart. For other information requests, you should consult our Shopify Legal Requests for Information Whitepaper to determine which Shopify entity controls the information you are seeking. You should contact the Merchant directly if you are seeking information about a Merchant’s Customer.

Shopify only stores a Merchant’s payment card information if they have subscribed to a paid Shopify service using a payment card.

What happens if my request does not comply with Shopify’s guidelines?

After submitting your request through the Legal Access Request form, we will review the attached document to confirm that you have (1) sought information from the correct entity and address, (2) provided a subpoena, court order, or other document that legally requires us to respond (i.e., jurisdiction exists and you have the right to obtain the information under applicable law), and (3) identified a statute, law, or regulation or provided a court order that legally prohibits disclosure if you specified that your request should be kept secret. If we determine that any of those things are missing, we will advise you of the problem and give you an opportunity to correct it. For additional information on how we view jurisdiction or why we may object to your request, you should consult our Shopify Legal Requests for Information Whitepaper.


These Guidelines are provided for informational purposes only. Its contents are subject to change over time. The information in these Guidelines do not modify any existing contractual arrangements and may not be construed as legal advice. Nothing in these Guidelines shall be construed as a waiver of any right or privilege and Shopify reserves the right to modify this document at any time.

Last updated: April 26, 2024
© 2024 Shopify Inc.