Shopify API License and Terms of Use
What we value
By using our API, you’re part of the Shopify platform. These are the values that we feel keep our platform strong.
These values aren’t legally binding. To get the complete picture of our legal requirements, read the Shopify API License and Terms of Use
Respect our merchants
When you’re granted a Shopify API license, you get access to millions of merchants who might be looking for an app just like yours. You’ll still own your app, but Shopify owns the platform. As owners of the platform, we put reasonable limits on the use of the merchant data it allows you to access.
Only request the merchant data you need to provide your service, nothing more. Get merchants’ permission to do so, and follow our rules for deleting personal customer data. If your public app captures customer data via a Shopify online store or POS, sync it back to the merchant’s Shopify store, or let them do it manually.
You’ll also need your own privacy policy that describes how you handle merchant data.
Build responsibly
Make sure your developer system meets internet security standards. Don’t do anything criminal, irresponsible or sketchy, or disrupt or overburden our systems. Use only your Shopify API credentials to access the API. Stay within the limits we set for API calls, and keep your app up to date with API changes. Use the API to develop and operate your app, not for anything else.
Play by the rules
Don’t monitor the API for benchmarking purposes. Use Shopify Checkout for payments and don’t divert to any other web checkout or payment processing (unless you have our permission). Don’t build apps intended to move merchants off of Shopify, remove Shopify branding, or attempt to substantially reproduce our products or services.
Don’t use the API for any purpose other than providing an application to merchants. And if you’re not sure where you stand, reach out to us.
Keep reading to accept the full Shopify API License & Terms of Use.
Last updated on: August 9, 2024
Thank you for being a part of the Shopify Developer community.
By accessing or using the Shopify API, you agree to this Shopify API License and Terms of Use (“Terms”) with Shopify Inc. and its affiliates (“we”, “our”, “us” or “Shopify”). Please read these Terms carefully, as they are a legally binding agreement. Shopify reserves the right to update and change the Terms by posting updates and changes here: shopify.com/legal/api-terms. If a significant change is made, we will provide reasonable notice by email, posting a notice on the Shopify Partner Blog, in the Partner Dashboard or the Merchant Store Admin. We may update these Terms from time to time, so please check back for any changes that may impact you. In the event of any conflict or inconsistency between the Terms, the Partner Program Agreement or the Shopify Terms of Service, the Terms will govern to the extent necessary to resolve any such conflict or inconsistency.
1. Definitions
“Application” or “App” means the software application, website, interface or any other means you use to access the Shopify API using the API Credentials, including a Custom Application or a Public Application.
“API Client” means the unique Application configuration (including API Credentials) generated through the Partner Account.
“API Credentials” means the credentials that allow you to make authenticated requests to the Shopify API.
“Custom Application” means an Application that accesses the Shopify API via an API Client and is made available to a single Merchant.
“Customer” means any individual that visits or transacts via the Merchant Store.
“Customer Data” means information (including Personal Information) relating to a Customer, including order information, payment information, or account information.
“Developer” means an individual or entity that develops, owns or operates one or more Application(s) that accesses or uses the Shopify API.
“Merchant” means an individual or business that uses the Service to sell products or services.
“Merchant Agreement” means the agreement entered into between a Developer and the Merchant governing the Merchant’s use of the Developer’s services, including, if applicable, the installation and use of an Application.
“Merchant Data” means information (including Personal Information) relating to a Merchant or Merchant Store, including business, financial and product information and any Customer Data.
“Merchant Store” means the Merchant’s commerce presence hosted by Shopify, including their online store and Point of Sale (POS). For clarity, a Merchant may have more than one Merchant Store.
“Merchant Store Admin” means the password protected internal administration page of the Merchant Store.
“Partner” means an individual or entity that has agreed to the terms of the Shopify Partner Program Agreement (available at: shopify.com/partners/terms, or other written agreement with Shopify relating to access to the Shopify API or participation in the Partner Program.
“Partner Account” means a Shopify Partner Program account.
“Partner Program” means the resources made available by Shopify to Partners. For the avoidance of doubt, the Partner Program includes the Channel Program, Experts Marketplace Program and Plus Partner Program, to the extent that Partner is invited to participate in those programs.
“Personal Information” means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a phone number, an email address, an identification number, location data, an online identifier, or any other information specific to that natural person.
“Public Application” means an Application that accesses the Shopify API via an API Client and that is made available to Merchants either via a URL or through the Shopify App Store, and that is not a Custom Application.
“Private API Credentials” means the API Credentials generated through the Merchant Store Admin that provide access via the Shopify API to the specific Merchant Store to which such credentials relate.
“Sensitive Personal Information“ means Personal Information that can reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, sexual orientation or sex life. Sensitive Personal Information also includes biometric data that can uniquely identify a natural person, payment information (including payment card or bank account numbers), and government identifiers that uniquely identify a natural person such as a social insurance number or passport number.
“Service” means the Shopify hosted commerce platform available via www.shopify.com and any associated websites, products or services offered by Shopify.
“Shopify API(s)” means all software, including routines, data structures, object classes, protocols, programs, templates, libraries and interfaces, application programming interfaces (APIs), software development kits (SDKs), developer tools, technical documentation, Updates and other related materials, whether tangible or intangible, in whatever form or medium that are made available by Shopify at https://developers.shopify.com or as otherwise provided to you.
“Shopify App Store” is where Merchants can view and install Apps on their Merchant Store, and is available through apps.shopify.com.
“Shopify Checkout“ means Shopify’s checkout experience that allows Customers to enter their shipping information and payment details after adding item(s) to their cart and before placing an order. For clarity, Shopify Checkout includes checkouts that occur through the Shopify Checkout API.
“Shopify Related Entity/ies” means any entity that directly or indirectly controls, is controlled by, or is under common control with, Shopify; where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management policies of another, whether through the ownership of voting securities, by contract, as trustee or executor, or otherwise.
“Shopify Trademarks” means the trademarks, logos, service marks and trade names of Shopify Inc. and any Shopify Related Entities, whether registered or unregistered, including the word mark SHOPIFY and the “S” and shopping bag design.
“Updates” means bug fixes, updates, upgrades, enhancements, modifications and new releases or versions of the Shopify API.
2. Using the Shopify API
Access to the Shopify API.
You may not use the Shopify API and may not accept the Terms if (a) you are not of legal age to form a binding contract with Shopify, or (b) you are a person barred from using or receiving the Shopify API under the applicable laws of the United States or the country in which you are resident or from which you use the Shopify API.
If you are accessing or using the Shopify API on behalf of an entity, you represent and warrant that you have the authority to bind that entity to the Terms and by accepting the Terms, you are doing so on behalf of that entity (and all references to “you” in the Terms refer to that entity).
Except in the case of Private API Credentials, in order to access and use the Shopify API, Developer must obtain an API Client by registering for a Partner Account and agreeing to and complying with the terms and conditions of the Partner Program Agreement shopify.com/partners/terms or other written agreement with Shopify relating to Developer’s access to and use of the Shopify API and participation in the Partner Program.
If you are accessing and using the Shopify API by Private API Credentials, you may only do so with the express authorization of the account owner for the applicable Merchant Store, and only for the purposes of providing your Application’s service to the Merchant to whom the Private API Credentials relate.
Except as permitted herein, (A) you must keep the API Credentials and all login information for your Shopify Account and Partner Account secure, (B) you may not share the API Credentials with any third party, and (C) you will not access the Shopify API by any means other than the API Credentials you receive in accordance with Section 2.1.3 or 2.1.4 above. API Credentials are the exclusive property of Shopify, and your access to and use of API Credentials is in Shopify’s sole discretion.
You are not permitted to use a service provider in connection with providing your Application’s service unless they sign an agreement with you to (A) protect any Merchant Data received from Shopify (that is at least as protective as Shopify’s terms and policies), (B) limit their use of Merchant Data solely for the purpose of providing their services to your Application (and not for their own purpose or any other purpose), and (C) keep the Merchant Data secure and confidential. You must ensure that any service provider complies with these Terms and any other applicable Shopify terms and policies, and you acknowledge and agree that any act or omission by a service provider amounting to a breach of these Terms will be deemed to be a breach by you. If requested, you will provide a list of your service providers to Shopify or the Merchant.
Access to certain APIs or SDKs may require a separate written agreement between Developer and Shopify.
API License. Subject to the Terms, Shopify grants you a worldwide, non-exclusive, royalty-free, non-transferable, non-sublicensable, revocable and limited license to use and make calls to the Shopify API solely in connection with developing, implementing and distributing your Application that interoperates or integrates with the Service, and solely in the manner described in the Terms and in the technical documentation contained in the Shopify API.
API Restrictions. When using the Shopify API, you will (and will ensure that your employees, agents and service providers will):
only use the Shopify API (including SDKs) to develop and distribute Applications or content for your use or a Merchant’s use with the Services;
restrict disclosure of the API Credentials, or any part thereof, to your agents, employees, or services providers, who must require access to use, maintain, implement, correct or update your Application in accordance with the Terms, and who are subject to confidentiality obligations the same as or greater than those contained herein;
not distribute, sell, lease, rent, lend, transfer, assign or sublicense any rights granted by the Terms to any third party;
not use or access the Shopify API or the Service in order to monitor the availability, performance, or functionality of the Shopify API, the Service or any portion thereof or for any similar benchmarking purposes;
not remove or destroy any copyright notices, proprietary markings or confidentiality notices placed upon, contained within or associated with the Shopify API;
not engage in any activity that interferes with, disrupts, harms, damages, or accesses in an unauthorized manner the servers, security, networks, data, applications or other properties or services of Shopify or any third party. For the avoidance of doubt, interference with any Service feature used in connection with Shopify Checkout without Shopify's express written authorization is prohibited;
not circumvent technological measures intended to prevent direct database access, or manufacture tools or products to that effect;
not modify, translate, reverse engineer, disassemble, reconstruct, decompile, copy, or create derivative works of the Shopify API, Merchant Data, any Merchant Store, the Services, or any aspect or portion thereof, except to the extent that this restriction is expressly prohibited by applicable law;
not bypass Shopify API restrictions for any reason, including automating administrative functions of the Merchant Store Admin;
not, except as authorized by Shopify in writing, substantially replicate products or services offered by Shopify or any Shopify Related Entity, including the Shopify API. Subject to the preceding sentence and the parties’ other rights and obligations under the Terms (including confidentiality obligations and any restrictions on use of Merchant Data), each party agrees that the other party may develop and publish Applications that are similar to or otherwise compete with such party’s Applications;
not develop Applications that excessively burden the Shopify system, distribute spyware, adware or other commonly objectionable programs;
not develop an Application whose primary purpose is to migrate Merchants off of Shopify;
not access or use the Shopify API to develop or distribute the Application in any way in furtherance of criminal, fraudulent, or other unlawful activity, or otherwise violate the Shopify Acceptable Use Policy;
not request more than the minimum amount of data from a Shopify API needed by your Application to provide the Merchant the intended Application functionality, or any data outside any permissions granted by the Merchant;
not falsify or alter any unique identifier in, or assigned to your Application, or otherwise obscure or alter the source of queries coming from an Application;
not include code in any Application which performs any operations not related to the services provided by the Application, whether or not Developer has obtained Merchant consent to do so, and whether or not the Application obtains consent from the end user to do so. For the avoidance of doubt, this prohibited activity includes embedding or incorporating code into any Application which utilizes the resources (including CPU resources) of another computer, including for the purposes of cryptocurrency mining.
automatically sync to the Merchant Store Admin the Customer Data set out below that is collected by the Application on the Merchant Store, and any updates to such data made by the Application on behalf of the Merchant (“Applicable Customer Data”). The Applicable Customer Data must be synced via the Shopify APIs Customer resource ( REST or GraphQL). If a Partner is unable to sync Applicable Customer Data to the Merchant Store Admin using the Shopify APIs Customer resource, the Partner will meet this requirement by providing functionality that enables the Merchant to manually sync their Customer Data with the Merchant Store Admin;
In all cases, the types of Customer Data listed below only apply to data collected or updated by the App on behalf of Merchants with respect to individuals who visit or process a transaction on the merchant’s online store and POS. Sensitive Personal Information is excluded from the scope of data listed below.
Via the REST Admin API Customer resource: Via the GraphQL Admin API Customer object: Via the GraphQL Storefront API Customer object : email_marketing_consent
firstName
acceptsMarketing
state
lastName
firstName
opt_in_level
phone
lastName
consent_updated_at
email
phone
sms_marketing_consent
taxExempt
email
state
addresses
customerAddress
opt_in_level
consent_updated_at
accepts_marketing
accepts_marketing_updated_at
first_name
last_name
addresses
default_address
phone
currency
email
tax_exempt
This requirement (a) only applies to Public Applications, (b) applies to all Applicable Customer Data collected by the Public Application from the date that it is installed by the Merchant, and (c) does not apply to Sensitive Personal Information relating to Customers.
not use an alternative to Shopify Checkout for web checkout or payment processing, or register any transactions through the Shopify API in connection with such activity, without Shopify’s express written authorization;
not, except with Shopify’s prior written consent, develop or distribute any Application that has as its primary purpose the transfer, sharing, selling, disclosing or otherwise providing of Merchant Data to any third party. In addition, any such third party must be bound by these Terms or another written agreement acceptable to Shopify addressing the use of Merchant Data. For the purposes of this section, the "primary purpose" of the Application shall be determined by Shopify in its sole discretion;
not make Custom Applications available to or for use by more than one Merchant. For the avoidance of doubt, this means that Custom Applications may not be installed by more than one Merchant. For clarity, a Merchant may have more than one Merchant Store. In the event of any breach of this provision, and in addition to all other rights and remedies available to Shopify under these Terms and under applicable law, Shopify will have the right to: (a) take any action it deems necessary including but not limited to immediately terminating some or all Developer's rights under these Terms, and (b) determine, in its sole discretion, that the Application is deemed to be a Public Application and subject to both these Terms and the Partner Program Agreement available at https://www.shopify.com/partners/terms
not request a Merchant to create webhook subscriptions from the Merchant's Store Admin. Any webhook subscriptions required by a Partner must be created using a Public Application or Custom Application.
integrate with Shopify's Consent Tracking API (also referred to as the “Customer Privacy API”).
automatically sync to the Merchant Store Admin the available Order Data set out below, and any updates to such data made by the Application on behalf of the Merchant (“Applicable Order Data”). The Applicable Order Data must be synced via the Shopify APIs Order resource (REST). If a Partner is unable to automatically sync Applicable Order Data to the Merchant Admin using the Shopify APIs resource, the Partner will meet this requirement by providing functionality that enables the Merchant to manually sync their Order Data with the Merchant Admin.
In all cases, the types of Order Data listed below apply to data collected or updated by the App on behalf of Merchants (including where data is transferred through the App to Partner or a third party to facilitate an order in accordance with these Terms), with respect to Order Data that originates from the Merchant’s online store and POS or a Merchant’s product listing on a third party platform. Sensitive Personal Information is excluded from the scope of data listed below.
Via the REST Admin API Order resource: line_items
variant_id
price
quantity
tax_lines
price
title
rate
shipping_lines
title
price
tax_lines
price
title
rate
taxes_included
financial_status
fulfillment_status
total_tax
email
phone
shipping_address
first_name
last_name
address1
phone
city
province
country
zip
billing_address
name
address1
phone
city
province
country
zip
source_identifier
source_URL
transactions
kind
status
gateway
amount
fulfillments
refunds
This requirement (a) only applies to Public Applications, (b) applies to all Applicable Order Data collected by the Public Application from the date that it is installed by the Merchant, and (c) does not apply to Sensitive Personal Information relating to Customers.
API Limits. Shopify may set and enforce limits on your use of the Shopify API (limiting the number of requests that you may make or the number of Merchants you may serve), in our sole discretion. You agree to, and will not attempt to circumvent such limitations, including those documented at https://shopify.dev/api/usage/rate-limits. If you would like to use any Shopify API beyond these limits, you must obtain Shopify’s express written consent (and Shopify may decline such request or condition acceptance on your agreement to additional terms and/or charges for that use). To seek such approval, contact us via the Partner Dashboard.
Open Source Software. Some of the software packages, libraries, or components required by or included in the Shopify API are or may become licensed under an open source software license (“Open Source Components”). To the limited extent that the Open Source Component license expressly supersedes the Terms, your use, reproduction and distribution of any such Open Source Components is governed by the terms of the applicable open source software license and not this Section 2.5.
Feedback. If you provide any feedback (including identifying potential errors and improvements) to Shopify concerning the Shopify API or any aspects of the Service (“Feedback”), you hereby assign to Shopify all right, title, and interest in and to the Feedback, and Shopify is free to use, reproduce, disclose, and otherwise exploit the Feedback without attribution, payment or restriction, including to improve the Shopify API or the Service and to create other products and services. Shopify will treat any Feedback as non-confidential and non-proprietary. You will not submit any Feedback that you consider confidential or proprietary.
3. Changes to the Shopify API
Updates. Shopify reserves the right to require Developer to install or update any and all software to continue using the Shopify API and the Service. You acknowledge that Shopify may make Updates to the Shopify API from time to time, and at its sole discretion. You must implement and use the most current version of the Shopify API and make any changes to your Application that are required as a result of such Update, at your sole cost and expense. Updates may adversely affect the manner in which your Application accesses or communicates with the Shopify API. Your continued access or use of the Shopify API following an update or modification will constitute binding acceptance of the Update.
Access and Use. We may change or discontinue the availability of some or all of the Shopify API at any time for any reason with or without notice. Such changes may include removal of features, or the requirements of fees for previously free features. We may also impose limits on certain features and services or restrict your access to some or all of the Shopify API. Your continued use of the Shopify API following a subsequent release will be deemed your acceptance of modifications.
Beta Services. From time to time, Shopify may, in its sole discretion, invite you to use, on a trial basis, pre-release or beta features that are in development and not yet available to the public (“Beta Services”). Beta Services may be subject to additional terms and conditions, which Shopify will provide to you prior to your use of the Beta Services. Such Beta Services and all associated conversations and materials relating thereto will be considered Confidential Information of Shopify and subject to the confidentiality provisions in these Terms. Shopify makes no representations or warranties that the Beta Services will function. Shopify may discontinue the Beta Services at any time in its sole discretion. Shopify will have no liability for any harm or damage arising out of or in connection with a Beta Service. The Beta Services may not work in the same way as a final version. Shopify may change or not release a final or commercial version of a Beta Service in our sole discretion.
4. Proprietary Rights
The Service, the Shopify API, and all software, documentation, information, hardware, equipment, devices, templates, tools, documents, processes, methodologies, know-how, websites and any additional intellectual or other property used by or on behalf of Shopify or Shopify Related Entities or otherwise related to the Service, together with all copyrights, trademarks, patents, trade secrets and any other proprietary rights inherent therein and related thereto (collectively, “Shopify Property”) will be and remain the sole and exclusive property of Shopify. To the extent, if any, that ownership of any Shopify Property does not automatically vest in Shopify by virtue of the Terms, or otherwise, and vests in Developer, Developer hereby transfers and assigns to Shopify, upon the creation thereof, all rights, title and interest Developer may have in and to such Shopify Property (and waives any and all moral rights, as applicable), including the right to sue and recover for past, present and future violations thereof.
As between Developer and Shopify, Shopify shall own all right, title and interest in any Merchant Data that Shopify receives as a result of a Merchant’s installation or use of an Application, and all such Merchant Data shall be subject to the Shopify Terms of Service and the Shopify Privacy Policy.
Shopify does not acquire ownership in your Application, and by using the Shopify API, you do not acquire ownership of any rights in the Shopify APIs or the content that is accessed through the Shopify APIs.
5. Shopify Trademarks
Shopify hereby grants to Developer a limited, revocable, non-exclusive, non-sublicensable and non-transferable license during the term to display the Shopify Trademarks for the sole purpose of notifying Merchants that the Application is compatible with the Service. Developer acknowledges and agrees that: (i) it will use Shopify’s Trademarks only as permitted hereunder; (ii) it will use the Shopify Trademarks in a lawful manner and in strict compliance with all format(s), guidelines, standards and other requirements prescribed by Shopify in writing from time to time, including brand assets accessible from the Partner Program website and the Shopify brand guidelines; (iii) the Shopify Trademarks are and shall remain the sole property of Shopify; (iv) nothing in these Terms shall confer on Developer any right of ownership in the Shopify Trademarks and all use thereof by Developer shall inure to the benefit of Shopify; (v) Developer shall not, now or in the future, apply for or contest the validity of any Shopify Trademarks; and (vi) Developer shall not, now or in the future, apply for or use any term or mark confusingly similar to any Shopify Trademarks.
6. Merchant Agreement, Privacy and Data Security
Merchant Agreement and Privacy Policy
Prior to Developer accessing a Merchant Store or any Merchant Data, the Merchant must grant Developer access (A) through a consent screen provided by Shopify at the time the Application is installed by a Merchant, or (B) to the Merchant’s Private API Credentials. Any other access to or use of a Merchant Store or Merchant Data by Developer is strictly prohibited and is a violation of the Terms.
Developer will have in place and will present the Merchant with a Merchant Agreement that contains provisions at least as protective of Shopify as those in these Terms. Developer must inform Merchants in the Merchant Agreement that: (i) Developer is solely responsible for the Application; (ii) Shopify is not liable for any fault in the Application or any harm that may result from its installation or use; (iii) except where expressly stated by Shopify, Shopify cannot provide assistance with the installation or use of the Application; and (iv) Developer is solely responsible for any liability which may arise from a Merchant’s access to or use of the Application, including: (A) the development, use, marketing or distribution of or access to the Application, including support of the Application; or (B) Developer’s access, use, distribution or storage of Merchant Data. Effective January 1, 2025, Developer will not include any of the following in the Merchant Agreement: (i) an exclusivity commitment by the Merchant that lasts beyond the term of the Merchant Agreement; (ii) a prohibition on the development of competitive products or services by the Merchant (including related marketing, distribution and other activities), except to the extent such activities involve the unauthorized use of Developer’s Confidential Information; and (iii) a restriction on the Merchant's ability to freely conduct its business or engage in business with certain customers, clients, or employees.
Developer will have in place and will present the Merchant with a privacy policy that complies with all applicable privacy laws and provides adequate notice and obtains prior consent as required for the collection, use and storage of the Merchant Data, and any Personal Information the Application will access once installed (“Developer Privacy Policy”). Without limiting the foregoing, the Developer’s Merchant Agreement and Developer Privacy Policy will describe in sufficient detail (i) the services to be provided by the Developer’s Application, (ii) the Merchant Data that will be accessed by the Application in order to provide such services, (iii) how the Merchant Data will be used and transferred to third parties, if applicable, and (iv) the Developer’s contact information. Developer will respond reasonably promptly to any questions regarding its privacy practices.
If you access Merchant Data, you will (and will ensure that your employees, agents and service providers will):
- not use, access, store, or make copies of the Merchant Data or any other data relating to a Merchant, Merchant Store or Customers that Developer receives via the Application or the Shopify API except as necessary to provide the Application services to the Merchant to whom the Merchant Data relates and as described in the applicable Merchant Agreement or Developer Privacy Policy, and only within the limits and for the purposes as specified by the Merchant;
- not share, sell, disclose or otherwise provide such information to any third party, except as provided for in the Terms;
- except where prohibited or varied by applicable law, delete all originals, copies and reproductions of the Merchant Data within 30 days when (A) the Merchant uninstalls the Application, (B) when it is no longer required to provide the services of your Application to the Merchant to whom the Merchant Data relates, as may be described in the applicable Merchant Agreement or Developer Privacy Policy, or (C) you receive an enforceable request to delete data from a Merchant, a Customer or Shopify. If you are unable to comply with this Section 6.2.3 you will promptly notify Shopify;
- provide the Merchant (or where required by applicable law, the Customer) with access to a structured, commonly used, and machine readable copy of any Personal Information that you have that relates to such Merchant or Customer from whom you receive the request, and provide them with an opportunity to correct this information;
- not use information from Merchants or Customers for competitive benchmarking;
- not communicate with Customers directly or indirectly, provided however that Developer may contact Customers if the information is obtained from another source, such as from the Customers themselves, or if Developer has obtained consent to do so in the Merchant Agreement;
- ensure that you have obtained effective consent from the applicable individual, to the extent such consent is legally required, before you provide Shopify with information that you independently collected from them;
- not directly or indirectly transfer any data you receive from Shopify (including anonymous, aggregate or derived data) to any third party or any other Application you may own, except as necessary to provide your Application's services or if expressly authorized by the Merchant;
- not put Merchant Data or any other data you receive from Shopify in a search engine or directory, or include web search functionality on Shopify, except as necessary to provide your Application's services;
- notify Shopify of any actual or suspected breach or compromise of Merchant Data (a “Data Breach”) immediately upon, but no later than twenty-four (24) hours of, becoming aware of such occurrence, by reporting an issue to Shopify Partner Support via email at https://help.shopify.com/questions/partners. Upon learning of the Data Breach, at your own cost, you will: (A) promptly remedy the Data Breach to prevent any further loss of Merchant Data; (B) investigate the incident; (C) take reasonable actions to mitigate any future anticipated harm to Shopify, the Shopify Related Entities, Merchants or Customers; and (D) promptly answer questions from Shopify relating to the Data Breach, regularly communicate the progress of your investigation to Shopify and cooperate to provide Shopify with any additional requested information in a timely manner.
Regulatory Compliance
- You will, and will ensure that your employees, agents and service providers will, comply with all applicable local, state, provincial, national or international laws or regulations, and policies of regulatory bodies or agencies, including: (i) the European Union General Data Protection Regulation (Regulation 2016/679); (ii) the ePrivacy Directive (Directive 2002/58/EC) or any local or European law implementing or replacing the same; (iii) the Canadian Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5); (iv) the Federal Trade Commission Act of 1914 (15 U.S.C. § 43); and (v) the Children’s Online Privacy Protection Act (15 U.S.C. § 6501-6505) or any regulations implemented pursuant thereto.
- You will only use the approved pixels, tags, or other forms of tracking technologies made available by Shopify in the Partner Account on the listing page for your Application in the Shopify App Store.
7. Security
YOU AGREE THAT SHOPIFY MAY MONITOR USE OF THE SHOPIFY API TO ENSURE QUALITY, IMPROVE SHOPIFY PRODUCTS AND SERVICES, AND VERIFY YOUR COMPLIANCE WITH THE TERMS. This monitoring may include Shopify accessing and using your Application, for example to identify security issues that could affect Shopify or Merchants. You will not interfere with this monitoring. Shopify may use any technical means to overcome such interference. Shopify may suspend access to the Shopify API by you or your Application without notice if we reasonably believe that you are in violation of the Terms.
Your Application will be installed and run on your server or another server, but will not be run on Shopify’s servers. Your networks, operating system and software of your web servers, routers, databases, and computer systems (collectively, “Developer System”) must be properly configured to Internet industry standards so as to securely operate your Application and protect against unauthorized access to, disclosure or use of any information you receive from Shopify, including Merchant Data. If you do not completely control some aspect of the Developer System, you will use all influence that you have over the Developer System to do so. You must diligently correct any security deficiency, and disconnect immediately any known or suspected intrusions or intruder.
8. Audit
Shopify shall have the right to audit, or to appoint an independent auditor under appropriate non-disclosure conditions to audit Developer’s App, systems and records to confirm Developer’s compliance with the Terms, including without limitation Developer’s compliance with Shopify’s requests and requests from Merchants or Customers, as applicable, to delete Merchant Data obtained through the Shopify API or otherwise through our Services. If requested, you must provide us with proof that your Application complies with these Terms.
9. Disclaimer of Warranties
The Service and the Shopify API are provided “as-is”. Shopify makes no warranties hereunder, and Shopify expressly disclaims all warranties, express or implied, including warranties of non-infringement, merchantability and fitness for a particular purpose. Without limiting the foregoing, Shopify further disclaims all representations and warranties, express or implied, that the Service or the Shopify API satisfies all of your or a Merchant’s requirements or will be uninterrupted, error-free or free from harmful components.
10. Limitation of Liability
Shopify shall have no liability with respect to the Terms, the Shopify API, the Services or otherwise for any direct, indirect, incidental, special, consequential, or exemplary damages, including damages for losses of profits, goodwill, use, data or other intangible losses resulting in any way from the Terms, the Services or the Shopify API, even if Shopify has been advised of the possibility of such damages. In any event, Shopify’s liability to you under the Terms for any reason will be limited to $100 USD. This limitation applies to all causes of action in the aggregate, including breach of contract, breach of warranty, negligence, strict liability, misrepresentations, and other torts.
The relationship between a Merchant and a Developer is strictly between the Merchant and the Developer, and Shopify is not obligated to intervene in any dispute arising between the Merchant and the Developer. Under no circumstances shall Shopify be liable for any direct, indirect, incidental, special, consequential, punitive, extraordinary, exemplary or other damages whatsoever, that result from or relate to the Developer’s relationship with any Merchant. These limitations shall apply even if Shopify has been advised of the possibility of such damages.
The foregoing limitations shall apply to the fullest extent permitted by applicable law.
11. Indemnification
You agree to indemnify, defend and hold harmless Shopify and any Shopify Related Entities and the directors, officers, employees, subcontractors and agents thereof (each, an “Indemnified Party”, and collectively, the “Indemnified Parties”), with respect to any claim, demand, cause of action, debt or liability, including reasonable attorneys’ fees (collectively, “claims”), to the extent that such claim is based upon or arises out of: (a) your breach of any representation, warranty, obligation or covenant under the Terms; (b) your gross negligence or wilful misconduct; (c) any warranty, condition, representation, indemnity or guarantee relating to Shopify and Shopify Related Entities granted by you to any Merchant or other third party; (d) your access to or use of the Shopify API; (e) your breach of a Merchant Agreement; (f) any third party claim that your products or services, including any Application, infringes the intellectual property or other rights of a third party; (g) the performance, non-performance or improper performance of the your products or services, including any Application; (h) your relationship with any Merchant; and (i) a Data Breach.
In claiming any indemnification hereunder, the Indemnified Party shall promptly provide Developer with written notice of any claim which the Indemnified Party believes falls within the scope of the indemnifications provided under the Terms. The Indemnified Party may, at its own expense, assist in the defense if it so chooses, provided that Developer shall control such defense and all negotiations relative to the settlement of any such claim and further provided that in settling any claim the Developer will not make any admission on behalf of the Indemnified Party or agree to any terms or conditions that do or reasonably could result in any admission by, or the imposition of any liability upon, the Indemnified Party without the prior written approval of the Indemnified Party.
In the event of any breach or threatened breach by Developer of any provision of Sections 2 (Using the Shopify API), 4 (Proprietary Rights), 6 (Privacy and Data Security), 7 (Security) or 12 (Confidentiality), in addition to all other rights and remedies available to Shopify under the Terms and under applicable law, Shopify shall have the right to (a) immediately enjoin all such activity, without the necessity of showing damages or posting bond or other security, (b) immediately terminate Developer’s rights under these Terms, (c) receive a prompt refund of any amounts paid to Developer hereunder, and (d) be indemnified for any losses, damages or liability incurred by Shopify in connection with such violation, in accordance with the provisions of this Section 11.
12. Confidentiality
The parties acknowledge that a party (the “Receiving Party”) may receive confidential or proprietary information relating to the other party (the “Disclosing Party”) which is either identified as confidential at the time of disclosure, or should reasonably be recognized by the Receiving Party as confidential under the circumstances, whether or not marked as confidential or proprietary (collectively, "Confidential Information"). For the avoidance of doubt, the Shopify API and API Credentials are deemed to be Shopify’s Confidential Information. Confidential Information shall not include any information that the Receiving Party can establish: (a) was generally available to the public (or becomes so) without the fault or negligence of the Receiving Party, (b) was known by or in the possession of the Receiving Party before receipt from the Disclosing Party; (c) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information, and without breaching any provisions of the Terms; or (d) is rightly obtained by the Receiving Party from a third party without a duty of confidentiality.
A Receiving Party will use Confidential Information solely as necessary to perform its obligations under the Terms and in accordance with any other obligations in the Terms including this Section 12. A Receiving Party agrees that it shall take all reasonable steps, at least substantially equivalent to the steps it takes to protect its own proprietary information, but in any event no less than reasonable care, to prevent the duplication, disclosure or use of any such Confidential Information, other than (a) by or to its employees, agents and service providers who, in each case, must have access to such Confidential Information to perform the Receiving Party’s obligations under the Terms and who are each subject to obligations of confidentiality that are at least as stringent as those contained in the Terms or (b) as required by any law, regulation, or order of any court of proper jurisdiction over the parties and the subject matter contained in the Terms, provided that, if legally permitted, the Receiving Party shall give the Disclosing Party prompt written notice and use commercially reasonable efforts to ensure that such disclosure is accorded confidential treatment. To the extent legally permitted, the Receiving Party will consult and cooperate with the Disclosing Party to obtain a protective order or other reliable assurance that confidential treatment will be accorded the Confidential Information and will otherwise only disclose that portion of the Confidential Information that is required to be disclosed. The Receiving Party is liable for its affiliates’, employees’, service providers’ and agents’ compliance with the terms of this Section 12. Upon request, all copies and excerpts of Confidential Information will be securely erased or destroyed, except any archived copies, which will remain subject to these confidentiality provisions.
13. Termination
Termination. Access to the Shopify API may be terminated or suspended by Shopify at any time and at Shopify’s sole discretion. Without limiting the foregoing, Shopify may terminate your right to use the Shopify API if you breach the Terms or any documents incorporated by reference in the Terms (including the Acceptable Use Policy). Termination or suspension of Developer’s access to the Shopify API may negatively affect Merchants who use Developer’s Application, and Developer is responsible to ensure that all Merchants who access or use Developer’s Application are aware of this risk.
Consequences of Termination. Upon termination of the Terms: (a) each party shall return to the other party, or destroy (and provide certification of such destruction), all property of the other party in its possession or control (including all Confidential Information); (b) Developer shall immediately cease displaying any Shopify Trademarks on any website or otherwise; and (c) all rights granted to Developer hereunder will immediately cease, including the right of Developer to access and use the Shopify API.
14. General
Independent Contractors. The parties to the Terms are independent contractors. Neither party is an agent, representative or related entity of the other party. Neither party shall have any right, power or authority to enter into any agreement for, or on behalf of, or incur any obligation or liability of, or otherwise bind, the other party. The Terms shall not be interpreted or construed to create an association, agency, joint venture or partnership between the parties or to impose any liability attributable to such a relationship upon either party.
Non-Exclusivity. Nothing in the Terms is intended to create, nor shall it be construed as creating, any exclusive arrangement between the parties to the Terms. The Terms shall not restrict either party from entering into similar arrangements with others, provided it does not breach its obligations under the Terms by doing so, including any confidentiality obligations.
Notice. Any notice, approval, request, authorization, direction or other communication under the Terms shall be given in writing and shall be deemed to have been delivered and given for all purposes (a) on the delivery date if delivered personally, or by email to Developer’s email address listed in the Partner Account or as specified in the Merchant Store Admin, and to legal@shopify.com; (b) two (2) business days after deposit with an internationally recognized commercial overnight courier service, with written verification of receipt; or (c) five (5) business days after deposit in certified or registered mail, return receipt requested, postage and charges prepaid, to the address provided in the Partner Account, and for Shopify to 151 O’Connor Street, Ground floor, Ottawa, Ontario, Canada K2P 2L8, Attention: Legal Department.
No Waiver. The failure of either party to insist upon or enforce strict performance by the other party of any provision of the Terms or to exercise any right under the Terms shall not be construed as a waiver or relinquishment to any extent of such party’s right to assert or rely upon any such provision or right in that or any other instance; rather, the same shall be and remain in full force and effect. Each waiver shall be set forth in a written instrument signed by the waiving party.
Entire Agreement. These Terms, including all guidelines and other documents linked or otherwise incorporated or referenced herein, sets forth the entire agreement and supersedes any and all prior agreements, written or oral, of the parties with respect to the subject matter hereof (including any prior version of the Terms).
Assignment. All the terms and provisions of the Terms shall be binding upon and inure to the benefit of the parties to the Terms and to their respective heirs, successors, permitted assigns and legal representatives. Shopify shall be permitted to assign these Terms without notice to or consent from Developer. Developer shall have no right to assign or otherwise transfer the Terms, or any of its rights or obligations hereunder, to any third party without Shopify’s prior written consent, to be given or withheld in Shopify’s sole discretion.
Applicable Laws. The Terms shall be governed by and interpreted in accordance with the laws of the Province of Ontario and the laws of Canada applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the Province of Ontario with respect to any dispute or claim arising out of or in connection with the Terms.
Patent Non-Assertion. Developer and its affiliates covenant not to assert patent infringement claims against Shopify, Shopify Related Entities, or Shopify products and services including the Shopify API.
Competitive or Similar Materials. Shopify is not precluded from discussing, reviewing, developing for itself, having developed, acquiring, licensing, or developing for or by third parties, as well as marketing and distributing materials, products or services which are competitive with Developer’s products or services, including any Application, regardless of their similarity to Developer’s products or services, provided that Shopify does not use Developer’s Confidential Information in so doing.
Surviving Provisions. This Section 14.10 and the following articles shall survive any termination or expiration of the Terms: Section 1 (Definitions), Section 4 (Proprietary Rights), Section 6 (Privacy and Data Security), Section 8 (Audit Rights), Section 9 (Disclaimer of Warranties), Section 10 (Limitation of Liability), Section 11 (Indemnification), Section 12 (Confidentiality) and Section 14 (General). In addition, any provisions of the Terms that by their nature are intended to survive, will survive termination.
Shopify Inc.
151 O’Connor Street, Ground floor
Ottawa, ON K2P 2L8
Canada