Last updated: October 1, 2024
Cookie Policy
This document is meant to explain the types of cookies and other tracking technologies that Shopify may place on your device, either when you are visiting our web properties, or if you are visiting the storefront of a merchant who uses our platform to power their site.
What are cookies?
A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on the Shopify website, including strictly necessary, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor. Read more about cookies (and other similar tracking technologies) and how we use the data collected through these technologies, in our Privacy Policy.
What cookies do we use and why?
Some cookies are necessary to allow you to browse our website, use its features, and access secure areas. The use of these cookies is essential for the website to work. For example, we use user-input cookies for the duration of a session to keep track of their input when filling in forms that span several pages.
We also use functional cookies to remember choices you’ve made or information you’ve provided, such as your username, language, or the region you are in. This allows us to tailor your website experience specifically to your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you agree to the “remember me” function) to allow users to authenticate themselves on subsequent visits or to gain access to authorized content across pages. The functional cookies we use include:
- User-centric security cookies to detect authentication abuses for a limited persistent duration, like repeated failed login attempts. These cookies are set for the specific task of increasing the security of the service.
- Multimedia content player session cookies (flash cookies) are used for the duration of a session to store technical data needed to play back video or audio content (e.g. image quality, network link speed, and buffering parameters).
- Load balancing session cookies are used for the duration of the session to identify the same server in the pool in order for the load balancer to redirect requests appropriately.
- User interface customization persistent cookies are used to store a user’s preference regarding a service across web pages.
Shopify is dedicated to optimizing user experience and we use many tools to help us improve our website and our commerce platform. To this end, we use reporting and analytics cookies to collect information about how you use our website or our merchants’ storefronts, and how often. The performance cookies we use include:
- First party analytics cookies - we use these cookies to estimate the number of unique visitors, to improve our websites and our merchants’ websites, and to detect the most searched for words in search engines that lead to a webpage. These cookies are not used to target you with online marketing. We use these cookies to learn how our websites and our merchants’ websites are performing and make relevant improvements to improve your browsing experience.
- Third party analytics cookies - we also use Google Analytics and other third-party analytics providers listed below to help measure how users interact with our website content. These cookies “remember” what our users have done on previous pages and how they’ve interacted with the website. For more information on Google Analytics, visit Google’s information page. For instructions on how to opt out of Google Analytics, see below.
Advertising cookies are used on our website to tailor marketing to you and your interests and provide you with a more personalized service in the future. These cookies remember that you visited our website and we may share this information with third-parties, such as advertisers. Although these cookies can track your device’s visits to our website and other sites, they typically cannot personally identify you. Without these cookies, the advertisements that you see may be less relevant and interesting to you. Read more about how companies use cookies to conduct targeted or retargeted advertising here. We do not set advertising cookies through our merchants’ storefronts ourselves, though merchants may choose to do so independently.
Finally, social media and content cookies are placed by many social media plugins (for example the Facebook ’like’ button), and other tools meant to provide or improve the content on a website (for example services that allow the playing of video files, or that create comments sections). We integrate these modules into our platform to improve the experience of browsing and interacting with our websites. Please note that some of these third party services place cookies that are also used for things like behavioural advertising, analytics, and/or market research.
Merchant storefronts
When merchants use our platform to power their online stores, we place the following cookies for visitors of their stores.
Cookies Necessary for the Functioning of the Store
Name | Description | Duration |
---|---|---|
_ab | Used to control when the admin bar is shown on the storefront. | 1y |
_abv | Persist the collapsed state of the admin bar. | 1y |
_checkout_queue_token | Used when there is a queue during the checkout process. | 1y |
_cmp_a | Used for managing customer privacy settings. | 1d |
_identity_session | Contains the identity session identifier of the user. | 2y |
_master_udr | Permanent device identifier. | session |
_pay_session | The Rails session cookie for Shopify Pay | session |
_secure_account_session_id | Used to track a customer's session for new customer accounts. | 30d |
_session_id | Used for providing reporting and analytics. | 2y |
_shopify_country | Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request. | 30min |
_shopify_essential | Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data. | 1y |
_storefront_u | Used to facilitate updating customer account information. | 1min |
_tracking_consent | Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. | 1y |
auth_state_<<id>> | Stores authentication state before redirecting customers to third party for authentication. | 25min |
card_update_verification_id | Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout. | 20min |
cart | Contains information related to the user's cart. | 2w |
cart_currency | Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. | 2w |
cart_sig | A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. | 2w |
cart_ts | Used in connection with checkout. | 2w |
cart_ver | Set every time a cart is updated and used to track cart version mismatches. | 2w |
checkout | Used in connection with checkout. | 21d |
checkout_one_remember_me | Used to prefill checkout with the details from the previous checkout. | 1y |
checkout_prefill | Encrypts and stores URL parameters containing PII which are used in cart permalink URLs. | 5min |
checkout_session_lookup | Used in connection with checkout. | 3w |
checkout_session_token_<<id>> | Used when a checkout session is established on the server. | 3w |
checkout_token | Captures the landing page of the visitor when they come from other sites. | session |
customer_account_locale | Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts. | 1y |
customer_payment_method | Stores what payment method is being updated for subscriptions. | 1h |
customer_shop_pay_agreement | Used to help verify a new Shop Pay payment instrument. | 20min |
device_fp_id | Device fingerprint identifier to help prevent fraud. | session |
device_id | Session device identifier to help prevent fraud. | session |
discount_code | Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout. | session |
dynamic_checkout_shown_on_cart | Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout. | 30min |
hide_shopify_pay_for_checkout | Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer. | session |
identity-state | Stores state before redirecting customers to identity authentication. | 1d |
identity-state-<<id>> | Stores state before redirecting customers to identity authentication. | 1d |
identity_customer_account_number | Stores an identifier used to facilitate login across the customer's account and storefront domains. | 12w |
keep_alive | Used when international domain redirection is enabled to determine if a request is the first one of a session. | session |
locale_bar_accepted | Preserves if the modal from the geolocation app was accepted. | session |
locale_bar_dismissed | Preserves if the modal from the geolocation app was dismissed. | 1d |
localization | Used to localize the cart to the correct country. | 2w |
logged_in | Identity logged-in hint. | 12w |
login_with_shop_finalize | Used to facilitate login with Shop. | 5min |
master_device_id | Permanent device identifier. | 1y |
order | Used to allow access to the data of the order details page of the buyer. | 3w |
pay_update_intent_id | Stores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument. | 20min |
preview_theme | Used to indicate whether the theme is being previewed. | session |
previous_checkout_token | Used to prefill checkout with the details from the previous checkout. | 1y |
previous_step | Used in connection with checkout. | 1y |
profile_preview_token | Used for previewing checkout extensibility. | 5min |
receive-cookie-deprecation | A cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation. More information about this cookie can be found here. | session |
remember_me | Used to prefill checkout with the details from the previous checkout. | 1y |
secure_customer_sig | Used to identify a user after they sign into a shop as a customer so they do not need to log in again. | 1y |
shop_pay_accelerated | Indicates if a buyer is eligible for Shop Pay accelerated checkout. | 1y |
shopify-editor-unconfirmed-settings | Stores changes merchant does in the editor to update the preview. | 16h |
shopify_pay | Used to log in a buyer into Shop Pay when they come back to checkout on the same store. | 1y |
shopify_pay_redirect | Used to accelerate the checkout process when the buyer has a Shop Pay account. | 1y |
storefront_digest | Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. | 1y |
tracked_start_checkout | Used in connection with checkout. | 1y |
user | Used in connection with Shop login. | 1y |
user_cross_site | Used in connection with Shop login. | 1y |
wpm-domain-test | Used to test Shopify's Web Pixel Manager with the domain to make sure everything is working correctly. | session |
Reporting and Analytics
Name | Description | Duration |
---|---|---|
_landing_page | Capture the landing page of visitor when they come from other sites. | 2w |
_orig_referrer | Allows merchant to identify where people are visiting them from. | 2w |
_shopify_ga | Contains Google Analytics parameters that enable cross-domain analytics measurement to work. | session |
_shopify_s | Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. | 30min |
_shopify_sa_p | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_sa_t | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_y | Shopify analytics. | 1y |
checkout_one_experiment | Used when a checkout is eligible to Checkout One and has been assigned to an experiment (control group or test group). | session |
shop_analytics | Contains the required buyer information for analytics in Shop. | 1y |
unique_interaction_id | Used for checkout metrics. | 10min |
Shopify’s websites
When visitors load Shopify’s websites, we generally place the following Shopify cookies.
Cookies Necessary for the Functioning of the Sites
Name | Description | Duration |
---|---|---|
_identity_session | Contains the identity session identifier of the user. | 2y |
checkout | Used in connection with checkout. | 21d |
user | Used in connection with Shop login. | 1y |
Reporting and Analytics
Name | Description | Duration |
---|---|---|
_assignment | Shopify analytics. | 1y |
_landing_page | Capture the landing page of visitor when they come from other sites. | 2w |
_orig_referrer | Allows merchant to identify where people are visiting them from. | 2w |
_shopify_s | Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. | 30min |
_shopify_sa_t | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_y | Shopify analytics. | 1y |
Additionally, we use pixels and tags from the following third parties, which may in turn place cookies.
Cookies Necessary for the Functioning of the Sites
Third Party | Description | Privacy Policy |
---|---|---|
Cloudflare | Shopify uses Cloudflare Network as a Service for edge routing. | https://www.cloudflare.com/privacypolicy/ |
Drift | We use Drift to help with conversational marketing to customers while they visit our websites. | https://www.drift.com/privacy-policy/ |
Reporting & Analytics
Third Party | Description | Privacy Policy |
---|---|---|
Fullstory | We use Fullstory to help measure how users interact with our websites. | https://www.fullstory.com/legal/privacy/ |
Google Analytics | We use Google Analytics to help measure how users interact with our websites. | https://policies.google.com/privacy |
Google Tag Manager | We use Google Tag Manager to help manage analytics vendors. | https://policies.google.com/privacy |
Vidyard | We use Vidyard to provide video content and measure how users interact with our content. | https://www.vidyard.com/privacy/ |
Advertising
Third Party | Description | Privacy Policy |
---|---|---|
Bizible | We use Bizible to help measure marketing and advertising campaign attribution. | https://documents.marketo.com/legal/privacy/ |
Facebook Pixel | We use Facebook Pixel to help measure how users interact with our websites. | https://www.facebook.com/privacy/explanation |
Facebook Custom Audiences | We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites. | https://www.facebook.com/policy.php |
We use Google Ads to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy | |
We use Instagram to deliver targeted advertisements to individuals who visit our websites. | https://privacycenter.instagram.com/policy | |
iSpot | We use iSpot to help measure how users interact with our websites. | https://www.ispot.tv/terms-of-service |
LinkedIn Insight Tag | We use LinkedIn Insight Tag to help measure how users interact with our websites. | https://www.linkedin.com/legal/privacy-policy |
We use Reddit Ads to deliver targeted advertisements to individuals who visit our websites. | https://www.reddit.com/help/privacypolicy | |
TikTok | We use TikTok to help measure how users interact with our websites. | https://www.tiktok.com/legal/privacy-policy?lang=en |
We use Twitter to help measure how users interact with our websites. | https://twitter.com/en/privacy | |
YouTube | We use YouTube to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy?hl=en |
Social Media & Content
Third Party | Description | Privacy Policy |
---|---|---|
Facebook Connect | We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform. | https://www.facebook.com/policy.php |
Gravatar | We use Gravatar to allow visitors to our websites to create avatars. | https://en.gravatar.com/site/privacy |
Instagram CDN | Shopify uses Instagram CDN to provide content to user. | https://privacycenter.instagram.com/policy |
Sanity CDN | Shopify uses Sanity CDN to provide content to user. | https://www.sanity.io/legal/privacy |
Simplecast | Shopify uses Simplecast to distribute podcasts. | https://simplecast.com/privacy |
Twitter CDN | We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform. | https://twitter.com/en/privacy |
TypeKit (Adobe fonts) | We use typekit to load web fonts from Adobe CDN | https://www.adobe.com/privacy/policies/typekit.html |
Wistia | We use Wistia to display video content. | https://wistia.com/privacy |
YouTube CDN | Shopify uses YouTube CDN to provide content to user. | https://policies.google.com/privacy?hl=en |
Oberlo websites
When visitors load Oberlo’s websites, we generally place the following Oberlo cookies:
Cookies Necessary for the Functioning of the Sites
Name | Function |
---|---|
gdpr_accepted | Used in connection with GDPR acceptance. |
Reporting and Analytics
Name | Function |
---|---|
_shopify_s | Shopify analytics. |
_shopify_t | Shopify analytics. |
Additionally, we use pixels and tags from the following third parties, which may in turn place cookies:
Reporting & Analytics:
Third Party | Description | Privacy Policy |
---|---|---|
Google Analytics | We use Google Analytics to help measure how users interact with our websites. | https://policies.google.com/privacy |
Advertising:
Third Party | Description | Privacy Policy |
---|---|---|
Microsoft Advertising | We use Microsoft Advertising to deliver targeted advertisements to individuals who visit our websites. | https://privacy.microsoft.com/en-ca/privacystatement |
We use Google Ads to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy |
How long will cookies remain on my computer or mobile device?
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device. See the section below on how to control cookies for more information on removing them before they expire.
How to control cookies?
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Many of the third party advertising and other tracking services listed above offer you the opportunity to opt out of their tracking systems. You can read more about the information they collect and how to opt out through the privacy policy links listed above.