Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces the CAN-SPAM Act and has authority to investigate spam and phishing activities conducted through e-commerce platforms.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Prohibition on Spam, Unsolicited Messages, and Malicious Code clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Prohibition on Spam, Unsolicited Messages, and Malicious Code — Shopify

Share 𝕏 Share in Share 🔒 PDF

What it is

You cannot send spam, spread malware, or run phishing scams through Shopify's platform.

Consumer impact (what this means for users)

This provision protects end consumers — shoppers — from being targeted by spam, phishing, and malware distributed through Shopify-hosted stores, giving Shopify contractual authority to remove bad actors quickly.

Cross-platform context

See how other platforms handle Prohibition on Spam, Unsolicited Messages, and Malicious Code and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This provision protects Shopify's infrastructure and end consumers from fraud and malicious activity, and violations can result in immediate account termination.

View original clause language

The following activities are prohibited: Sending unsolicited bulk messages, spam, or other forms of unsolicited communications; uploading, transmitting, or distributing any malware, viruses, or other harmful code; using Shopify Services to engage in phishing, spoofing, or other fraudulent activities.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages the CAN-SPAM Act (15 U.S.C. § 7701) for unsolicited commercial email, the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030) for malware and unauthorized computer access, the EU's ePrivacy Directive (2002/58/EC) and GDPR Article 6 for unsolicited electronic marketing in Europe, and Canada's Anti-Spam Legislation (CASL) for Canadian merchants. The FTC enforces CAN-SPAM; the DOJ enforces CFAA; EU data protection authorities enforce ePrivacy and GDPR.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces the CAN-SPAM Act and has authority to investigate spam and phishing activities conducted through e-commerce platforms.
File a complaint →

Provision details

Document information

Document

Shopify Acceptable Use Policy

Entity

Shopify

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003401

Document ID

CA-D-00124

Evidence Provenance

Source URL

https://www.shopify.com/legal/aup

Wayback Machine

View archived versions →

SHA-256

6747aef27d272e564823f36257d53e0e81e491f02516c0ffd2b85660b34fcdae

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Shopify | Document: Shopify Acceptable Use Policy | Record: CA-P-003401
Captured: 2026-04-27 12:48:34 UTC | SHA-256: 6747aef27d272e56…
URL: https://conductatlas.com/platform/shopify/shopify-acceptable-use-policy/prohibition-on-spam-unsolicited-messages-and-malicious-code/
Accessed: May 2, 2026

Classification

Severity

Medium

Prohibition on Spam, Unsolicited Messages, and Malicious Code