Is Shopify a Scam? 

If you’re thinking of using Shopify or buying from a Shopify-powered store, you need to know: Is Shopify a scam? 

Below, we explain whether Shopify is a scam and discuss some steps you can take to improve your safety when using this platform. 

What Is Shopify?

Shopify is an e-commerce platform that makes setting up an online business easy. 

With Shopify, individuals and businesses can create an online storefront and sell their products and/or services through it. 

Shopify’s features include the following:

• Website builder to create a website for your shop. 
• Product management for organizing your inventory. 
• Payment system for accepting cards, PayPal, etc.
• Built-in tools to calculate things like shipping rates.
• Mobile app so you can manage your storefront from your mobile device.
• Apps for marketing, SEO, reporting, etc. 
• Multi-channel selling so you can sell your products or services through social media, marketplaces, and even in person. 

Is Shopify a Scam?

No, Shopify is not a scam. It’s a legitimate e-commerce platform that helps individuals and businesses sell both online and in person. 

Shopify gets solid ratings from third-party review sites.

For example, PCMag gives Shopify a rating of 4.5 (“Excellent”) out of 5.0, with the only con listed that the platform may be overwhelming for casual users.

CNET gives Shopify a rating of 8.4 out of 10. 

Among the cons listed were a counterintuitive purchase process, a limited range of templates, and the fact that it’s only suitable for e-commerce sites. 

Overall, CNET said that Shopify is “better than other website builders, but less than perfect.” 

Techradar gives Shopify a rating of 4.0 out of 5.0. The cons noted were monthly subscription costs, transaction fees, and limited free themes. 

Reviews from users are a bit more mixed:

• 1.3 out of 5.0 stars (from 3,314 reviews) on Trustpilot.
• 2.8 out of 5.0 stars (from 48 reviews) on REVIEWS.io.
• 4.5 out of 5.0 stars (from 6,578 reviews) on Capterra UK. 
• 4.4 out of 5.0 stars (from 4,657 reviews) on G2. 

User reviews on online forums like Reddit are overall favorable, with most people saying that Shopify is particularly good for beginners. 

Shopify scam

As with any platform, it’s possible to encounter scams on Shopify.

Shopify scams target both customers and merchants. 

Because anyone can create a Shopify storefront, customers may encounter scam shops. When you buy from these scam shops, you either don’t get your item, or the item you receive is wrong/really bad quality.

Similarly, legitimate Shopify merchants sometimes see their shops duplicated by scammers. 

Merchants sometimes also receive emails and texts from “Shopify experts” and/or “Shopify employees.” 

Security

All Shopify stores are automatically PCI compliant. 

In its privacy policy, Shopify says it has independent auditors who assess the security of the platform’s data storage and systems that process financial information. 

Shopify has SOC 2 Type II and SOC 3 reports, which assess a company’s information systems. It also provides a link to its compliance reports. 

You can also read Shopify’s Transparency Report, which provides information about legal requests for information about the platform’s customers, merchants, and partners. 

Security incidents

In 2024, a leak affecting nearly 180,000 users was reported, exposing sensitive customer data (including names, email addresses, phone numbers, and purchase history). 

Shopify denied any breach of its own systems, attributing the incident to a compromised third-party app integrated with its platform. 

Previously, in 2020, Shopify reported that two rogue employees accessed transactional records from fewer than 200 merchants. The exposed data included basic contact information and order details. 

Privacy

Shopify has different privacy policies for merchants using Shopify and customers who shop from Shopify-powered businesses.

Overall, Shopify’s privacy policies get a poor rating from third-party review sites. 

Terms of Service; Didn’t Read (ToS;DR), a project that rates internet services’ privacy policies, gives Shopify a “Grade E.” This means “The terms of service raise very serious concerns.”

Some of the issues flagged include the following:

• Shopify can delete specific content without reason and may do so without prior notice.
• It can track you even if you opt out of tracking.
• It collects many different types of personal data.
• It can change terms at any time at its own discretion, without notice to the user. 
• It may sell your data unless you opt out.
• It tracks you on other websites.

On the plus side, ToS;DR says that Shopify will not allow third parties to access your personal information without a legal basis, it provides a complete list of all cookies set by its website, and it promises to inform and/or notify you regarding government inquiries that may involve personal data. 

The Common Sense Privacy Program, which also reviews internet services’ privacy policies, gives Shopify’s policy a “Warning” rating. 

This means Shopify “Does not meet our recommendations for privacy and security practices.

Privacy policy for Shopify merchants

Shopify explains the kind of data it collects about merchants, why, and with whom it shares it in its merchant privacy policy. 

If you’re a Shopify merchant, Shopify collects the following information from you:

• Personal and business information, e.g., name, business name, address, email, phone number, etc.
• Payment information, e.g., bank or card details. 
• Device and usage information, e.g., IP address, browser, network connection, device details.
• Government ID (collected for verification or legal compliance).
• Voluntary demographics, e.g., racial/ethnic origin or sexual orientation (for promotional collections).
• Third-party data (from vendors to verify fraud risk or support events).

Shopify uses this information to provide services, verify your identity, prevent fraud, for billing, provide support, comply with laws, and customize your platform experience and marketing. 

It may share your data with vendors that support core services (e.g., payments), marketing and advertising purposes, to comply with regulations and legal orders, and during corporate changes (e.g., mergers). 

You can see and correct a lot of your information through the Shopify admin page. 

Shopify will retain your information for as long as you use its services. If you close your Shopify store, stop paying subscription fees, or have your account terminated, Shopify will retain store information for two years before it starts the process of anonymizing or deleting your personal data. 

However, you can contact Shopify to request the deletion of your information, in which case, they will begin the process of anonymizing or deleting your data after 90 days, with some exceptions. 

Privacy policy for customers who shop from Shopify-powered businesses

Shopify explains the kind of data it collects about Shopify-powered shop customers, why, and with whom it shares this data in its privacy policy. 

From customers who shop from Shopify-powered businesses, Shopify collects the following information:

• Profile and contact information, e.g., name, email address, shipping address, and profile picture.
• Device information, e.g., IP address, device identifiers, cookie IDs.
• Payment information, e.g., payment card number, expiration date.
• How you use/interact with Shopify Consumer Services, e.g., products you view, order history.
• Settings and privacy preferences.
• Communications with Shopify.
• Social network accounts (if you link to Shopify through a social network).
• Email and shopping service integrations, i.e., order-related data from connected email inboxes. Shopify does not use this information for marketing or advertising purposes.

Shopify uses the information it collects to provide you with services, track preferences, improve products, market and advertise to you, communicate with you, detect fraud, and comply with laws. 

It may also anonymize your data for analytics or service improvement. 

Shopify processes customer data on behalf of merchants, who have their own privacy policies.

Merchants may use data for targeted ads (but users can opt out of this sharing).

With your consent, Shopify may share your personal data with vendors (e.g., payment processors), marketing/ad/analytics partners, business acquirers, authorities, and other parties.

Each Shopify merchant also has its own privacy policy, so you should review it before purchasing from them. 

You will typically find merchants’ privacy policies at the bottom of their Shopify storefront. 

Privacy lawsuit

In early 2025, Shopify faced a revived class action lawsuit in the US over its data collection and privacy practices. 

The lawsuit alleges Shopify collected personally identifiable information, including names, addresses, device information, and behavioral data, without proper user consent, and used tracking cookies to build user profiles for marketing purposes. 

So, Should You Use Shopify?

Depends on what you’re using it for.

If you’re looking at Shopify to set up your own business, it can be a good option. The platform has been positively reviewed by third-party publications like PCMag and gets generally positive reviews from individuals who’ve used it.

If you’re thinking of buying from a Shopify-powered store, make sure to vet the merchant beforehand, as anyone can set up a Shopify storefront, including scammers.

However, one thing to note is that Shopify may not be the best for privacy, as seen by Shopify’s privacy policy reviews by external third parties. 

How to Use Shopify Safely

As a merchant

• Secure your Shopify account. Use a strong, unique password and turn on two-factor authentication. 
• Keep an eye on login activity. Regularly review your login history and set up email alerts for new devices to spot unusual activity quickly. 
• Vet all third-party apps. Only download apps from the official Shopify App Store to avoid malware. Before downloading any app, check its reviews, developer information, and what data they request. Remove apps you no longer use to reduce data exposure. 
• Limit data collection. Don’t store customer data you don’t need, and be careful how you export it (i.e., use encryption).
• Familiarize yourself with Shopify’s merchant privacy policy. Know what data is collected, why, and with whom it’s shared. 
• Watch out for scams. Keen an eye out for dupes of your shop, as well as suspicious or unusually large orders.
• Be on the alert for phishing emails and texts. Scammers may pretend to be Shopify experts, employees, or even individuals/companies offering “partnership” opportunities. Look out for “account suspension” warnings, fake invoices, and requests to update your payment information. 
• Use a professional business address and phone number. Avoid using your home address and personal phone number. 

As a buyer

• Report scams to Shopify. If an order doesn’t arrive or is not what you expected, report the store to Shopify. 
• Verify that the store is legitimate. Check the store’s contact information (does it have a phone number, email, and physical address?), look for reviews (Reddit is a particularly good source), and check the domain age using tools like Whois Lookup (domains that are very new are a red flag). Stay away from sites with deals that seem too good to be true or have spelling/grammar errors. 
• Use a secure payment method. If possible, opt for credit cards over debit cards, as they tend to offer better protection. 
• Review the shop’s policies before buying. Check their return and privacy policies, and delivery and return information. If a site doesn’t have policies or they’re vague, that could indicate it’s a scam. 
• Don’t overshare. Only provide the necessary information. Skip the optional fields. 
• Use a masked email address. Or create a unique email address for online shopping to keep your primary email inbox free of spam.