Shopify compliance
Shopify gives you the storefront and checkout, but legal compliance is on you, the merchant — Shopify's own terms make that explicit. The platform ships some tools (a cookie-banner and customer-privacy API, a hosted PCI-compliant checkout), but switching them on and configuring them correctly is your job, not Shopify's. Here's each rule that applies — what it asks of you, and a free 60-second checker for each. No signup, nothing stored.
Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling.
Sell to US consumers? California + new state laws require a privacy notice, opt-out, and a 'Do Not Sell' link.
Run subscriptions? Check your signup & cancel flow against federal ROSCA + 30+ state auto-renewal laws.
Make AI images, video, or text? From Aug 2026 the EU AI Act requires it labelled.
Sell online to EU customers? Since June 2025 your site must be accessible (WCAG 2.1 AA).
US website? Check the basics that drive ADA accessibility lawsuits — and avoid overlay-only fixes.
Ship physical goods to the EU? Check for an EU Responsible Person, labelling, and listing disclosures.
Send marketing emails? Check for a clear unsubscribe, your postal address, and honest headers.
Text your customers? Check for written consent, STOP opt-out, and sender ID before you send.
Accept card payments? Check that card data never touches your server and your checkout is locked down.
Use reviews, testimonials, influencers or affiliates? Penalties run to ~$53k per violation.
Sell online to EU consumers? You owe a 14-day right of withdrawal, pre-contract info, the model withdrawal form, and order confirmation on a durable medium.
Ship to the EU? You likely must register for packaging EPR, pay eco-fees, label for sorting, and meet the new PPWR.
Collect data from anyone under 13? COPPA wants verifiable parental consent — and the FTC's 2025 rules just got stricter.