As of February 27, 2026, the Shopify Partner Program Agreement bars partners from using Merchant Data or Customer Data, including aggregated or derived forms, to train, fine-tune, or improve any AI or machine learning model without written consent. Inference is fine. Training is the line.
- Consent comes from one of two places: Shopify's written consent, or the merchant's written consent for that merchant's own data.
- Aggregated and anonymized data is named in the clause, so de-identifying your dataset does not exempt it.
- Shopify confirmed in its developer forum that inference-only use of third-party AI APIs is not restricted, as long as the provider does not train on your data.
- Before the deadline: separate training from inference, audit every AI provider's terms, and document consent for anything that touches a model.
On January 29, 2026, Shopify announced a batch of updates to its Partner Program Agreement, effective February 27. Most of the coverage went to agentic commerce. The clause that matters more to anyone shipping AI features is quieter and sits under data protection: partners cannot use Merchant Data or Customer Data, in any form, to train machine learning or AI models without written consent. If your app learns from the stores it serves, that sentence may have just rewritten your roadmap.
I want to be precise here, because precision is the whole game with a clause like this. This post is about one specific rule, the AI and ML training restriction, not the entire agreement. If you want the wider walkthrough of every change in the February 2026 update, including the new partner roles and the checkout redefinition, I cover that in the full 2026 Partner Program Agreement breakdown. Here I am going deep on the data-training line alone, because it is the one I get the most founder questions about.
My read comes from a specific seat. I helped build the Shopify Partner Program, which means I was around the table when the ecosystem decided what apps could and could not do with the data they touch. The platform has always treated merchant data as the merchant's, held in trust by the app. What changed on February 27 is that the AI era made that principle expensive to honor, and Shopify wrote the expensive version down. The teams who treated training data as a free input now have a compliance problem, and it has a hard date.
What the clause
actually says, and
what it does not.
Start with the words, because most of the confusion comes from paraphrasing them loosely. The restriction is that partners may not use, or let a third party use, Merchant Data or Customer Data to create, develop, train, fine-tune, or improve any machine learning or AI system, including large language models. There is one exit: written consent. Shopify can grant it, or, for a specific merchant's own data, that merchant can grant it.
Two phrases do the heavy lifting. The first is the verb list, which reaches past "train" to "develop" and "improve," so iterating on an existing model with merchant data counts. The second is the data scope, which includes derived and aggregated forms. That is the part founders skim past and the part that bites. The restriction does not care whether your dataset still looks like merchant data. It cares where the data came from.
"The restriction does not ask whether your training set still looks like merchant data. It asks where the data came from. That is a much harder test to pass."
What the clause does not say is also worth stating plainly, because the panic in the developer forums ran ahead of the text. It does not ban AI features. It does not ban calling a model. It does not ban personalization or recommendations or anything that runs at inference time. It draws a line around one activity, building or improving a model from platform-originated data, and puts a consent gate in front of that one activity. Everything else continues. The line is narrow and sharp, which is exactly why getting it right is doable.
Anonymizing the data
does not move it
outside the rule.
Here is the assumption I see app teams make, and it is the one that creates real exposure: "We strip the identifiers and roll it up to a cohort, so it is not merchant data anymore." The clause was written to close exactly that door. It names aggregated and derived data on its face. Anonymization is a privacy practice, not an ownership reset. The data still originated from the stores you serve, and origin is the test.
Think about why Shopify drew it this way. If de-identification were a loophole, the rule would protect nothing, because almost any training set can be anonymized. A model trained on the purchase patterns of ten thousand Shopify stores carries the commercial value of those stores whether or not a single email address survives in the pipeline. The platform is protecting the value, not just the personal data. That is a more demanding standard than GDPR-style anonymization, and it surprises teams who assumed the two were the same.
The practical consequence: a "Shopify benchmarks" feature built by pooling many merchants' numbers into a trained model is squarely inside the restriction, even fully anonymized, unless you have consent. The same logic governs how acquirers think about an app's data assets, which is part of what buyers actually want when they buy a Shopify app, and it is why building an AI moat on borrowed data was always a fragile plan.
What this breaks for
app teams already
shipping AI.
Different app architectures get hit differently, and knowing which bucket you are in tells you how much work the deadline creates. Most teams are less exposed than the forum panic suggested. A few are very exposed and should have started weeks ago. The table sorts the common patterns.
| App pattern | Exposure | What to do |
|---|---|---|
Calls an LLM at runtime Inference only, no training | Low | Confirm the provider does not train on your data |
Fine-tunes on one merchant Per-store custom model | Medium | Add that merchant's written consent |
Trains on pooled merchants Cross-store model or benchmark | High | Get Shopify's written consent, or stop |
Ships a proprietary model Built on platform data | High | Audit the training set's origin now |
The high-exposure rows are where the value and the risk both concentrate. If your differentiation is a model you trained on the aggregate behavior of many Shopify stores, that model is your asset and your liability at the same time. You either secure consent, which at cross-merchant scale realistically means Shopify's, or you rebuild the feature on data you actually own or license cleanly. Neither is quick. That is why the date matters.
The lower-exposure rows are the relief. If your AI feature is a wrapper that sends a prompt to a model and returns a response, you are mostly clear, and your work is verification rather than rearchitecture. That is the most common pattern by far among the founders I advise, which is good news, but "mostly clear" still requires you to actually check the provider's terms rather than assume. The work is small. Skipping it is not safe. If you are early and still deciding how to architect AI into the product, building an AI-native Shopify app the right way means designing around this constraint from the start, not retrofitting it.
Training is restricted.
Inference is not. The
gap is where you live.
This is the single most important distinction in the whole rule, and Shopify confirmed it directly. When developers asked in the partner forum whether inference-only use of third-party AI APIs was caught by the restriction, a Shopify representative answered that use cases performing only inference, with no training or fine-tuning, are not restricted by the policy. That answer is the difference between a manageable rule and a feature-killing one.
Inference is when you send data to a model that already exists and get a response back. You are using the model, not building it. Training and fine-tuning are when you change the model's weights using your data. The clause governs the second activity. Sending a customer's question to a model to generate a support reply is inference. Feeding a year of that store's tickets back into a model to make it smarter is training. The first is fine. The second needs consent.
There is a catch in the inference answer, and it is the part teams miss. Shopify's representative flagged that even in inference, you have to confirm the third-party provider is not itself using your data for downstream training. Some AI APIs train on inputs by default unless you opt out or sit on an enterprise tier. So "we only do inference" is only true if your provider agrees. The compliance work is reading those provider terms, which is exactly the kind of dependency-management discipline I argue for in the playbook on AI for Shopify app founders.
The questions devs
are asking that the
clause does not answer.
The forum threads are full of sharp questions Shopify has only partly addressed, and an honest post names them rather than pretending the rule is fully settled. These are the grey zones I would get legal input on rather than guess at.
What I would not do is wait for Shopify to resolve every edge case before acting. The clause is live. The grey zones are real, but they sit at the margins, and the core rule, no training on platform data without written consent, is clear enough to act on today. Get the obvious compliance done now and reserve legal counsel for the genuine edge cases. The economics of being on the wrong side of a platform rule, including how it factors into the app M&A market, make the cost of waiting higher than the cost of acting.
The compliance pass,
in the order I'd
actually run it.
Compliance here is not abstract. It is a sequence of concrete steps, and most teams can finish it in a focused week. The order matters because you want to find your real exposure before you spend effort on consent flows you may not need.
One, inventory. Map every place merchant or customer data touches a model, training or inference. You cannot comply with what you have not located, and the inventory itself usually shrinks the problem, because most touchpoints turn out to be inference.
Two, separate. Draw a hard line between your training pipelines and your inference calls. Once they are separated, the inference side is mostly clear and the training side is the only thing that needs consent. Teams that never separated the two carry risk on features that did not need to.
Three, audit your providers. For every external AI API, confirm in writing that it does not train on your inputs. Move to an enterprise tier or a no-training contract where the default does not give you that. This is the step that makes the inference exemption actually hold, and it is the same vendor discipline that protects you against the broader platform and partnership dependencies every app carries.
Four, get consent where you genuinely need it. If a feature truly requires training on merchant data, build a clear in-app consent flow for single-merchant cases, and approach Shopify for written consent for anything cross-merchant. Then document all of it. When a rule puts the burden of proof on you, your records are your defense.
The February 27 rule is not the platform turning hostile. It is the platform writing down a principle it always held, that merchant data belongs to the merchant, now that AI made the principle expensive to ignore. Read narrowly, the rule is workable: it gates one activity, training on platform data, behind written consent, and leaves inference and AI features alone. The teams that get hurt will be the ones who assumed anonymized data was free and never read their providers' terms. The teams that come out ahead will treat the consent gate as a design constraint and build inside it on purpose.
What app founders ask me
about the AI data
training rule.
Effective February 27, 2026, the Partner Program Agreement says partners cannot use Merchant Data or Customer Data, including aggregated or derived forms, to create, train, fine-tune, or improve any AI or machine learning system, including large language models, unless they have written consent. Either Shopify gives written consent, or the merchant gives written consent for that merchant's own data. The wider update is in the full agreement breakdown.
No, not for inference. Shopify clarified in its developer forum that use cases that only run inference, sending data to a model to get a response with no training or fine-tuning, are not restricted. The catch is that you must confirm the third-party provider does not use your data for its own model training. Check the API tier and the data-retention terms of every provider you call, as I argue in the AI playbook for app founders.
It depends on whose data it is. For a specific merchant's own Merchant Data, that merchant's written consent is sufficient under the agreement. For Customer Data, or for data pooled across many merchants into one training set, the safe reading is that you need Shopify's written consent. When in doubt, treat cross-merchant training as requiring Shopify sign-off and get independent legal advice.
No. The clause names aggregated and derived data explicitly. Stripping identifiers or rolling data up to a cohort does not move it outside the restriction. If the training set originates from Merchant Data or Customer Data in any form, the consent requirement applies. This is the single most common assumption I see app teams get wrong, and it is the one that creates real exposure.
Inventory every place merchant or customer data touches a model. Separate training pipelines from inference calls. Confirm each third-party provider's data-retention and training terms. Add a merchant consent flow if you genuinely need to train on their data, and seek Shopify's written consent for anything cross-merchant. Document the lot, because the burden of proof sits with you, not the platform. The wider context is in the 2026 Partner Program overview.
Mapping how the AI data rule hits your roadmap?
I helped build the Shopify Partner Program, the rules layer your app lives inside, then founded and sold a software company that ran on platform data. If you are sorting which of your AI features are inference, which are training, and where you actually need consent, that is the view I bring.
Start a conversation See the case studies →A note on sources: the February 27, 2026 effective date and the announcement context are from Shopify's developer changelog and the Partner Program Agreement FAQ, which states that Merchant Data and Customer Data, including derived or aggregated data, may not be used for AI or ML training without explicit written consent from Shopify or the merchant. The clarification that inference-only use is not restricted, and the caution about third-party providers training on your data, are from a Shopify representative's reply in the developer community forum. The reading of the open questions and the compliance sequence are mine, from building the Partner Program and running a software company in this ecosystem. This is not legal advice; consult independent counsel for your specific case.