Information requests by country
Information requests by country
In 2020, we received legal requests for information from twenty countries.
As outlined in our Guidelines on Legal Requests for Information, we will only respond to enforceable subpoenas or court orders issued by: (a) bodies that have jurisdiction over the specific Shopify entity from which information is being requested; and (b) the authority to compel the production of information.
If the requesting body does not have jurisdiction over the relevant Shopify entity, we require that they follow the Mutual Legal Assistance Treaty or Hague Evidence Convention (“Letters Rogatory”) processes.
Information Requests by Country | Requests Received |
---|---|
Australia | 5 |
Austria | 1 |
Belgium | 1 |
Brazil | 2 |
Canada | 17 |
Denmark | 2 |
England | 3 |
France | 228 |
Germany | 45 |
Hong Kong SAR | 3 |
India | 3 |
Ireland | 1 |
Italy | 9 |
Mexico | 1 |
Singapore | 6 |
South Korea | 1 |
Spain | 46 |
Switzerland | 4 |
UK | 8 |
USA | 158 |
Types of information requests
Types of information requests
In 2020, we received different types of legal requests for information, including Grand Jury Subpoenas, Summons, Preservation Orders, Information Subpoenas, and Certifications of Trustee in Bankruptcy. We did not receive any national security letters, FISA orders, or other classified requests in 2020.
Type of Data Request | Number received |
---|---|
Civil Investigative Demand | 5 |
Consent Order | 1 |
Demand to Furnish Information | 1 |
Grand Jury Subpoena | 53 |
Informal Request | 2 |
Information Subpoena | 4 |
Judicial Request | 5 |
Law Enforcement | 303 |
Preservation Order | 32 |
Request For Information | 1 |
Search Warrant | 6 |
Summons | 6 |
Temporary Restraining Order (TRO) | 2 |
Other | 1 |
Individual Rights
Individual Rights
Shopify strongly believes that individuals should have control over their personal information. In this spirit, and in accordance with our Privacy Policy, we respond directly to requests from our merchants, partners, and app users to access or delete their personal information. That said, when it comes to personal information about our merchants’ customers, we do not control that information - we only process that information as a “data processor” or a “service provider” for our merchants.
As a result, we are not permitted to respond to requests from a merchant’s customer directly. Instead, we relay these requests to the relevant merchant, and have built tools for our merchants to enable them to act on them in our platform.
In 2020, we fulfilled these data subject requests:
Individual access
Merchant access | 24 |
Partners access | 0 |
Shop access | 4 |
Employee access | 3 |
Customer access | 68,398 |
Deletion
Merchant deletion | 830 |
Partner deletion | 78 |
Shop opt-out | 1,02,866 |
Employee deletion | 0 |
Customer redaction | 1,04,69,711 |