Last updated: February 6, 2025
Cookie Policy
This document is meant to explain the types of cookies and othertracking technologies that Shopify may place on your device, eitherwhen you are visiting our web properties, or if you are visiting thestorefront of a merchant who uses our platform to power their site.
What are cookies?
A cookie is a small amount of information that’s downloaded to yourcomputer or device when you visit certain websites. We use a number ofdifferent cookies on the Shopify website, including strictly necessary,performance, advertising, and social media or content cookies. Cookiesmake your browsing experience better by allowing the website to rememberyour actions and preferences (such as login and region selection). Thismeans you don’t have to re-enter this information each time you returnto the site or browse from one page to another. Cookies also provideinformation on how people use the website, for instance whether it’stheir first time visiting or if they are a frequent visitor. Read moreabout cookies (and other similar tracking technologies) and how we usethe data collected through these technologies, in ourPrivacy Policy.
What cookies do we use and why?
Some cookies are necessary to allow you to browse our website, use itsfeatures, and access secure areas. The use of these cookies is essentialfor the website to work. For example, we use user-input cookies for theduration of a session to keep track of their input when filling informs that span several pages.
We also use functional cookies to remember choices you’ve made orinformation you’ve provided, such as your username, language, or theregion you are in. This allows us to tailor your website experiencespecifically to your preferences. For example, authentication cookiesare functional cookies that are used for the duration of a session (orpersistent, if you agree to the “remember me” function) to allow usersto authenticate themselves on subsequent visits or to gain access toauthorized content across pages. The functional cookies we use include:
- User-centric security cookies to detect authentication abuses for a limitedpersistent duration, like repeated failed login attempts. These cookies areset for the specific task of increasing the security of the service.
- Multimedia content player session cookies (flash cookies) are usedfor the duration of a session to store technical data needed to playback video or audio content (e.g. image quality, network link speed,and buffering parameters).
- Load balancing session cookies are used for the duration of thesession to identify the same server in the pool in order for theload balancer to redirect requests appropriately.
- User interface customization persistent cookies are used to store auser’s preference regarding a service across web pages.
Shopify is dedicated to optimizing user experience and we use many tools to help usimprove our website and our commerce platform. To this end, we usereporting and analytics cookies to collect information about how you useour website or our merchants’ storefronts, and how often. Theperformance cookies we use include:
- First party analytics cookies - we use these cookies to estimate thenumber of unique visitors, to improve our websites and ourmerchants’ websites, and to detect the most searched for words insearch engines that lead to a webpage. These cookies are not used totarget you with online marketing. We use these cookies to learn howour websites and our merchants’ websites are performing and makerelevant improvements to improve your browsing experience.
- Third party analytics cookies - we also use Google Analytics andother third-party analytics providers listed below to help measurehow users interact with our website content. These cookies“remember” what our users have done on previous pages and howthey’ve interacted with the website. For more information on GoogleAnalytics, visitGoogle’s informationpage.For instructions on how to opt out of Google Analytics, see below.
Advertising cookies are used on our website to tailor marketing to youand your interests and provide you with a more personalized service inthe future. These cookies remember that you visited our website and wemay share this information with third-parties, such as advertisers.Although these cookies can track your device’s visits to our website andother sites, they typically cannot personally identify you. Withoutthese cookies, the advertisements that you see may be less relevant andinteresting to you. Read more about how companies use cookies to conducttargeted or retargeted advertisinghere. We donot set advertising cookies through our merchants’ storefrontsourselves, though merchants may choose to do so independently.
Finally, social media and content cookies are placed by many social mediaplugins (for example the Facebook ’like’ button), and other tools meantto provide or improve the content on a website (for example servicesthat allow the playing of video files, or that create commentssections). We integrate these modules into our platform to improve theexperience of browsing and interacting with our websites. Please notethat some of these third party services place cookies that are also usedfor things like behavioural advertising, analytics, and/or marketresearch.
Merchant storefronts
When merchants use our platform to power their online stores, we placethe following cookies for visitors of their stores.
Cookies Necessary for the Functioning of the Store
Name | Description | Duration |
---|---|---|
_ab | Used to control when the admin bar is shown on the storefront. | 1y |
_abv | Persist the collapsed state of the admin bar. | 1y |
_checkout_queue_token | Used when there is a queue during the checkout process. | 1y |
_cmp_a | Used for managing customer privacy settings. | 1d |
_identity_session | Contains the identity session identifier of the user. | 2y |
_master_udr | Permanent device identifier. | session |
_pay_session | The Rails session cookie for Shopify Pay | session |
_secure_account_session_id | Used to track a customer's session for new customer accounts. | 30d |
_session_id | Used for providing reporting and analytics. | 2y |
_shopify_country | Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request. | 30min |
_shopify_essential | Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data. | 1y |
_storefront_u | Used to facilitate updating customer account information. | 1min |
_tracking_consent | Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. | 1y |
auth_state_<<id>> | Stores authentication state before redirecting customers to third party for authentication. | 25min |
card_update_verification_id | Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout. | 20min |
cart | Contains information related to the user's cart. | 2w |
cart_currency | Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. | 2w |
cart_sig | A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. | 2w |
cart_ts | Used in connection with checkout. | 2w |
checkout | Used in connection with checkout. | 21d |
checkout_prefill | Encrypts and stores URL parameters containing PII which are used in cart permalink URLs. | 5min |
checkout_session_lookup | Used in connection with checkout. | 3w |
checkout_session_token_<<id>> | Used when a checkout session is established on the server. | 3w |
checkout_token | Captures the landing page of the visitor when they come from other sites. | session |
customer_account_locale | Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts. | 1y |
customer_payment_method | Stores what payment method is being updated for subscriptions. | 1h |
customer_shop_pay_agreement | Used to help verify a new Shop Pay payment instrument. | 20min |
device_fp_id | Device fingerprint identifier to help prevent fraud. | session |
device_id | Session device identifier to help prevent fraud. | session |
discount_code | Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout. | session |
dynamic_checkout_shown_on_cart | Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout. | 30min |
hide_shopify_pay_for_checkout | Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer. | session |
identity-state | Stores state before redirecting customers to identity authentication. | 1d |
identity-state-<<id>> | Stores state before redirecting customers to identity authentication. | 1d |
identity_customer_account_number | Stores an identifier used to facilitate login across the customer's account and storefront domains. | 12w |
keep_alive | Used when international domain redirection is enabled to determine if a request is the first one of a session. | session |
locale_bar_accepted | Preserves if the modal from the geolocation app was accepted. | session |
locale_bar_dismissed | Preserves if the modal from the geolocation app was dismissed. | 1d |
localization | Used to localize the cart to the correct country. | 2w |
logged_in | Identity logged-in hint. | 12w |
login_with_shop_finalize | Used to facilitate login with Shop. | 5min |
master_device_id | Permanent device identifier. | 1y |
order | Used to allow access to the data of the order details page of the buyer. | 3w |
pay_update_intent_id | Stores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument. | 20min |
preview_theme | Used to indicate whether the theme is being previewed. | session |
previous_checkout_token | Used to prefill checkout with the details from the previous checkout. | 1y |
previous_step | Used in connection with checkout. | 1y |
profile_preview_token | Used for previewing checkout customizations. | 5min |
receive-cookie-deprecation | A cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation. More information about this cookie can be foundhere. | session |
remember_me | Used to prefill checkout with the details from the previous checkout. | 1y |
secure_customer_sig | Used to identify a user after they sign into a shop as a customer so they do not need to log in again. | 1y |
shop_pay_accelerated | Indicates if a buyer is eligible for Shop Pay accelerated checkout. | 1y |
shopify-editor-unconfirmed-settings | Stores changes merchant does in the editor to update the preview. | 16h |
shopify_pay | Used to log in a buyer into Shop Pay when they come back to checkout on the same store. | 1y |
shopify_pay_redirect | Used to accelerate the checkout process when the buyer has a Shop Pay account. | 1y |
storefront_digest | Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. | 1y |
tracked_start_checkout | Used in connection with checkout. | 1y |
user | Used in connection with Shop login. | 1y |
user_cross_site | Used in connection with Shop login. | 1y |
wpm-domain-test | Used to test Shopify's Web Pixel Manager with the domain to make sure everything is working correctly. | session |
Reporting and Analytics
Name | Description | Duration |
---|---|---|
_landing_page | Capture the landing page of visitor when they come from other sites. | 2w |
_orig_referrer | Allows merchant to identify where people are visiting them from. | 2w |
_shopify_ga | Contains Google Analytics parameters that enable cross-domain analytics measurement to work. | session |
_shopify_s | Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. | 30min |
_shopify_sa_p | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_sa_t | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_y | Shopify analytics. | 1y |
checkout_one_experiment | Used when a checkout is eligible to Checkout One and has been assigned to an experiment (control group or test group). | session |
shop_analytics | Contains the required buyer information for analytics in Shop. | 1y |
unique_interaction_id | Used for checkout metrics. | 10min |
Shopify’s websites
When visitors load Shopify’s websites, we generally place the followingShopify cookies.
Cookies Necessary for the Functioning of the Sites
Name | Description | Duration |
---|---|---|
_identity_session | Contains the identity session identifier of the user. | 2y |
checkout | Used in connection with checkout. | 21d |
user | Used in connection with Shop login. | 1y |
Reporting and Analytics
Name | Description | Duration |
---|---|---|
_assignment | Shopify analytics. | 1y |
_landing_page | Capture the landing page of visitor when they come from other sites. | 2w |
_orig_referrer | Allows merchant to identify where people are visiting them from. | 2w |
_shopify_s | Used to identify a given browser session/shop combination. Duration is 30 minute rolling expiry of last use. | 30min |
_shopify_sa_t | Capture the landing page of visitor when they come from other sites to support marketing analytics. | 30min |
_shopify_y | Shopify analytics. | 1y |
Additionally, we use pixels and tags from the following third parties,which may in turn place cookies.
Cookies Necessary for the Functioning of the Sites
Third Party | Description | Privacy Policy |
---|---|---|
Cloudflare | Shopify uses Cloudflare Network as a Service for edge routing. | https://www.cloudflare.com/privacypolicy/ |
Drift | We use Drift to help with conversational marketing to customers while they visit our websites. | https://www.drift.com/privacy-policy/ |
Reporting & Analytics
Third Party | Description | Privacy Policy |
---|---|---|
Fullstory | We use Fullstory to help measure how users interact with our websites. | https://www.fullstory.com/legal/privacy/ |
Google Analytics | We use Google Analytics to help measure how users interact with our websites. | https://policies.google.com/privacy |
Google Tag Manager | We use Google Tag Manager to help manage analytics vendors. | https://policies.google.com/privacy |
Vidyard | We use Vidyard to provide video content and measure how users interact with our content. | https://www.vidyard.com/privacy/ |
Advertising
Third Party | Description | Privacy Policy |
---|---|---|
Bizible | We use Bizible to help measure marketing and advertising campaign attribution. | https://documents.marketo.com/legal/privacy/ |
Facebook Pixel | We use Facebook Pixel to help measure how users interact with our websites. | https://www.facebook.com/privacy/explanation |
Facebook Custom Audiences | We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites. | https://www.facebook.com/policy.php |
We use Google Ads to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy | |
We use Instagram to deliver targeted advertisements to individuals who visit our websites. | https://privacycenter.instagram.com/policy | |
iSpot | We use iSpot to help measure how users interact with our websites. | https://www.ispot.tv/terms-of-service |
LinkedIn Insight Tag | We use LinkedIn Insight Tag to help measure how users interact with our websites. | https://www.linkedin.com/legal/privacy-policy |
We use Reddit Ads to deliver targeted advertisements to individuals who visit our websites. | https://www.reddit.com/help/privacypolicy | |
TikTok | We use TikTok to help measure how users interact with our websites. | https://www.tiktok.com/legal/privacy-policy?lang=en |
We use Twitter to help measure how users interact with our websites. | https://twitter.com/en/privacy | |
YouTube | We use YouTube to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy?hl=en |
Social Media & Content
Third Party | Description | Privacy Policy |
---|---|---|
Facebook Connect | We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform. | https://www.facebook.com/policy.php |
Gravatar | We use Gravatar to allow visitors to our websites to create avatars. | https://en.gravatar.com/site/privacy |
Instagram CDN | Shopify uses Instagram CDN to provide content to user. | https://privacycenter.instagram.com/policy |
Sanity CDN | Shopify uses Sanity CDN to provide content to user. | https://www.sanity.io/legal/privacy |
Simplecast | Shopify uses Simplecast to distribute podcasts. | https://simplecast.com/privacy |
Twitter CDN | We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform. | https://twitter.com/en/privacy |
TypeKit (Adobe fonts) | We use typekit to load web fonts from Adobe CDN | https://www.adobe.com/privacy/policies/typekit.html |
Wistia | We use Wistia to display video content. | https://wistia.com/privacy |
YouTube CDN | Shopify uses YouTube CDN to provide content to user. | https://policies.google.com/privacy?hl=en |
Oberlo websites
When visitors load Oberlo’s websites, we generally place the followingOberlo cookies:
Cookies Necessary for the Functioning of the Sites
Name | Function |
---|---|
gdpr_accepted | Used in connection with GDPR acceptance. |
Reporting and Analytics
Name | Function |
---|---|
_shopify_s | Shopify analytics. |
_shopify_t | Shopify analytics. |
Additionally, we use pixels and tags from the following third parties,which may in turn place cookies:
Reporting & Analytics:
Third Party | Description | Privacy Policy |
---|---|---|
Google Analytics | We use Google Analytics to help measure how users interact with our websites. | https://policies.google.com/privacy |
Advertising:
Third Party | Description | Privacy Policy |
---|---|---|
Microsoft Advertising | We use Microsoft Advertising to deliver targeted advertisements to individuals who visit our websites. | https://privacy.microsoft.com/en-ca/privacystatement |
We use Google Ads to deliver targeted advertisements to individuals who visit our websites. | https://policies.google.com/privacy |
How long will cookies remain on my computer or mobile device?
The length of time that a cookie remains on your computer or mobiledevice depends on whether it is a “persistent” or “session” cookie.Session cookies last until you stop browsing and persistent cookies lastuntil they expire or are deleted. Most of the cookies we use arepersistent and will expire between 30 minutes and two years from thedate they are downloaded to your device. See the section below on how tocontrol cookies for more information on removing them before theyexpire.
How to control cookies?
You can control and manage cookies in various ways. Please keep in mindthat removing or blocking cookies can negatively impact your userexperience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whetheror not to accept cookies through your browser controls, often found inyour browser’s “Tools” or “Preferences” menu. For more information onhow to modify your browser settings or how to block, manage or filtercookies can be found in your browser’s help file or through such sitesas:www.allaboutcookies.org.
Many of the third party advertising and other tracking services listedabove offer you the opportunity to opt out of their tracking systems.You can read more about the information they collect and how to opt outthrough the privacy policy links listed above.