Shopify prohibits merchants from sending unsolicited commercial emails or other communications in violation of applicable law, including the CAN-SPAM Act in the US and equivalent international laws.
This analysis describes what Shopify's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Merchants using Shopify's email marketing or customer communication tools must comply with anti-spam laws in all applicable jurisdictions, and violations can result in both regulatory enforcement and AUP-based account action.
This provision prohibits Shopify merchants from sending unsolicited commercial communications to consumers in violation of applicable law, providing a stated baseline protection against spam from merchants operating on the platform.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
Monitoring
Shopify has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You may not use the Shopify Services to engage in the following activities: Spam: Sending unsolicited commercial email or other communications in violation of applicable law.— Excerpt from Shopify's Shopify Acceptable Use Policy
(1) REGULATORY LANDSCAPE: This provision engages the CAN-SPAM Act (15 U.S.C. 7701 et seq.) in the US, Canada's Anti-Spam Legislation (CASL), the EU's ePrivacy Directive (which governs unsolicited electronic communications), and the UK's Privacy and Electronic Communications Regulations (PECR). The FTC enforces CAN-SPAM; the CRTC enforces CASL. GDPR consent requirements apply to email marketing directed at EU residents. (2) GOVERNANCE EXPOSURE: Medium. Spam-related violations are among the more commonly enforced areas of digital marketing law. Merchants using third-party email marketing integrations within Shopify's app ecosystem should ensure those tools comply with applicable anti-spam laws. (3) JURISDICTION FLAGS: CASL imposes express consent requirements more stringent than CAN-SPAM, creating heightened exposure for merchants marketing to Canadian recipients. GDPR consent requirements apply to EU recipients and require a lawful basis for email marketing, typically explicit opt-in consent. Merchants with international customer bases face a patchwork of consent requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: Merchants using Shopify's built-in email marketing tools or third-party integrations should review those tools' consent management mechanisms against applicable anti-spam laws in all jurisdictions where they market. Vendor agreements with email service providers should include compliance representations. (5) COMPLIANCE CONSIDERATIONS: Legal teams should audit email marketing practices, including opt-in consent mechanisms, unsubscribe processes, and sender identification, against CAN-SPAM, CASL, and GDPR requirements. Merchants should maintain records of consent for email marketing recipients, particularly for EU and Canadian audiences.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Merchants using Shopify's email marketing or customer communication tools must comply with anti-spam laws in all applicable jurisdictions, and violations can result in both regulatory enforcement and AUP-based account action.
This provision prohibits Shopify merchants from sending unsolicited commercial communications to consumers in violation of applicable law, providing a stated baseline protection against spam from merchants operating on the platform.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Shopify.