Security

You put a lot of trust in Shopify, and we take that seriously. Our certifications and the standards we choose to meet are one way we demonstrate our commitment to maintaining your trust.

PCI

PCI Security Standards Council is a globally recognized organization dedicated to maintaining standards for the secure processing of credit card transactions. It helps vendors, like Shopify and Shopify merchants, process credit card payments securely and protect cardholder information.

Shopify is certified Level 1 PCI DSS compliant. For more information, see our PCI page.

SOC

Service Organization Control (SOC) reports are an assessment of a company’s information systems by third-party auditors that certify that the company meets an independent set of standards, including criteria related to the security and availability of its services.

Shopify has been issued SOC 2 Type II and SOC 3 reports for the service we provide to our customers.

For more information, download a copy of the SOC 3 report.

GDPR

The European Union’s General Data Protection Regulation (GDPR) imposes obligations on controllers and processors of data. Both Shopify and our merchants must consider these obligations when offering goods or services to European residents. For more details about how Shopify meets GDPR requirements, download Shopify’s GDPR whitepaper.

The GDPR also gives data subjects more control over their personal data. Because Shopify believes strongly in data protection and privacy, we are extending these same rights to all users worldwide. For more information about the tools we offer our merchants and partners to respect the rights of their customers, see our Shopify GDPR Help Center page.

Transparency Report

Shopify’s Transparency Report provides data about legal requests for information about our merchants, customers, and partners for 2018. It describes how requests are evaluated, and how often they are filled.

Read our Transparency Report.