If Shopify is sold, merged, or goes through bankruptcy, your personal data may be transferred to the new owner as part of the transaction.
This analysis describes what Shopify's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy reserves the right to transfer all collected personal data to an acquirer in the event of a merger, acquisition, or insolvency proceeding, without requiring individual user consent or providing an opt-out mechanism for this specific transfer.
In the event of a corporate acquisition, merger, or bankruptcy, personal data including purchase history, contact information, and behavioral data held by Shopify may be transferred to a successor entity whose privacy practices may differ from Shopify's current policy.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Monitoring
Shopify has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the acquiring company.— Excerpt from Shopify's Shopify Privacy Policy
1. REGULATORY LANDSCAPE: Business transfer data disclosures implicate GDPR Article 6 regarding legal basis for processing changes following a controller change, and CCPA requirements regarding notification of data transfers in the context of mergers and acquisitions. The FTC has previously taken action against companies that transferred consumer data in ways inconsistent with prior privacy representations in the context of business sales. 2. GOVERNANCE EXPOSURE: Low to Medium. The provision is standard in commercial privacy policies but creates GDPR exposure if the acquiring entity processes data for new purposes incompatible with the original collection purpose without obtaining fresh consent or establishing a compatible legal basis. 3. JURISDICTION FLAGS: EU and EEA users may have rights to object to processing changes resulting from a controller change under GDPR Article 21. California users may have rights to notice of material changes to data processing practices. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise merchants with long-term contractual relationships with Shopify should assess whether their agreements contain data processing protections that would survive a change of corporate control and whether the DPA remains enforceable against a successor entity. 5. COMPLIANCE CONSIDERATIONS: Legal teams should monitor any announced changes in Shopify's corporate structure and assess whether any such transaction triggers data subject notification obligations or requires updates to merchant-side privacy notices or data processing agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy reserves the right to transfer all collected personal data to an acquirer in the event of a merger, acquisition, or insolvency proceeding, without requiring individual user consent or providing an opt-out mechanism for this specific transfer.
In the event of a corporate acquisition, merger, or bankruptcy, personal data including purchase history, contact information, and behavioral data held by Shopify may be transferred to a successor entity whose privacy practices may differ from Shopify's current policy.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Shopify.