On February 27, 2026, Shopify's Partner Program Agreement and the API License and Terms of Use changed. There was no signature to collect and no checkbox to click. If you kept using Shopify's APIs, dashboards, or partner tooling on or after that date, you accepted the new terms. Most builders I talk to know something changed. Very few have read what.
I am not a lawyer, and this is not legal advice. I built the Partner Program in Shopify's early years, I have shipped on these APIs, and I read the agreement so I could tell founders what matters in plain language. The short version: the headline is agentic commerce, but the part that touches your roadmap is the data rules.
Four changes, one of
which you have to act on
this quarter.
Strip away the legalese and the update lands in four buckets. Three are housekeeping that Shopify needed in place to launch agentic commerce safely. One is a genuine constraint on how you are allowed to build.
| Change | What it covers | Does it touch your roadmap? |
|---|---|---|
Data and AI use | Restrictions on using merchant and customer data, including for training AI or machine learning systems. | Yes. The one to act on now. |
Agentic commerce roles | New partner types and definitions for agents, checkout, and payment surfaces. | Only if you touch checkout or build an agent. |
Billing transparency | Clearer rules on how partners disclose and charge for their services. | Light. Tidy up your billing copy. |
Definitions and roles | Expanded definitions throughout the agreement to support the above. | No direct action. |
If you only have an hour, spend it on the first row. The rest you can read once and file. The data rules are the ones that can quietly put an existing feature offside.
You can no longer train
models on merchant data
without written permission.
This is the change with teeth. Merchant data and customer data, including data you have derived or aggregated, may not be used to develop or train AI or machine learning systems unless you have explicit written consent, either from Shopify or from the merchant. Read that twice if you have shipped anything with "AI" on the box in the last two years, because a lot of apps were quietly doing exactly this.
The pattern Shopify is closing off is the one where an app collects order data, product data, or customer behavior across its whole install base, then uses that pooled data to train a model that becomes the app's competitive moat. That was a common playbook. It is now something you need a paper trail for.
Open your product and ask three questions. One: does any feature use merchant or customer data to train, fine-tune, or improve a model? Two: is that model shared across merchants, or scoped to the single merchant whose data trained it? Three: do you have written consent for the first thing, covering the second thing?
If a feature trains a cross-merchant model on pooled data and you have no consent language, that is your exposure. The fix is usually one of three moves: scope the model to per-merchant data, add clear consent at install or in settings, or stop the training and keep the feature running on data you are allowed to use.
The nuance that trips people up: aggregated and anonymized data is named explicitly. The old assumption that "we stripped the identifiers, so it is fair game" does not hold here. If it started as merchant or customer data, the restriction follows it. Treat consent as a feature requirement, not a legal afterthought, and build the language into onboarding rather than burying it in a policy nobody reads.
"The agreement did not ban AI features. It banned building them on data you never asked to use. Those are very different problems, with very different fixes."
Figuring out whether a feature is offside, or how to re-architect one that is, is the kind of call I help app founders make. The form takes two minutes.
Charge clearly, or don't
be surprised when Shopify
asks you to.
The billing changes are less dramatic but worth a pass. Shopify tightened the language around how partners disclose and charge for services, which is a continuation of a multi-year push to make sure merchants always understand what they are paying for and to whom. If your pricing page, your in-app upgrade prompts, and your actual Billing API charges all say the same thing, you are fine. If you have ever leaned on a confusing trial-to-paid transition or an opaque usage charge, clean it up before a merchant complaint forces the issue.
This connects to something I have written about before: pricing that confuses merchants does not just risk a policy flag, it manufactures churn. If you are restructuring billing anyway, do it in a way that reduces cancellations rather than just satisfying the terms. The mechanics are in the Shopify app pricing strategy guide.
The reason all of this
happened at once.
Every one of these changes exists to make agentic commerce work without the platform losing control of merchant data or checkout. Shopify needed defined roles for the new players: the agents that recommend and transact on a shopper's behalf, the surfaces where checkout now happens, and the payment flows that run underneath. The agreement adds partner types and definitions to cover them.
If you do not touch checkout and you are not building an agent, this section is context, not homework. If you do, the takeaway is that Shopify is drawing the boundaries of who is allowed to operate on these surfaces and under what obligations, especially around data and payments. That is a deliberate signal about where the platform will and will not let third parties sit as AI shopping matures.
Read the agreement next to the Winter '26 Edition and the picture is clear. Shopify is positioning the platform as the trusted layer between merchants and the AI agents that will increasingly do the shopping. The data rules protect the merchant's asset. The new roles define who gets to stand on the checkout surface. Both are prerequisites for letting agents transact without handing your catalog and customer list to whoever built the agent.
For builders, the strategic read is that proximity to checkout and to first-party merchant data is getting more valuable and more regulated at the same time. Plan accordingly. Where the durable demand is heading is the whole subject of the 2026 ecosystem value map.
Five things to confirm
before you ship your
next release.
The terms are already in effect, so this is not about beating a deadline. It is about closing gaps before they become a problem. Run this list against your current product:
- Every feature that uses a model is either trained on per-merchant data only, or backed by explicit written consent. No exceptions for "anonymized" data.
- Your install flow or settings include clear, specific consent language for any data use beyond running the core feature.
- Your pricing page, upgrade prompts, and Billing API charges all describe the same thing in the same terms.
- If you touch checkout or build agent-facing functionality, you know which new partner role you fall under and what it obligates.
- Someone on your team has actually read the agreement, not just this post. I summarized; they wrote the binding version.
None of this is meant to scare you off building. The ecosystem is still one of the best places to build a software business, and Shopify tightening data governance ahead of an agent-driven internet is the right call for merchants, which is good for the apps that serve them. The founders who treat consent and clean billing as product requirements rather than compliance chores will move faster, not slower, because they will not be re-architecting under pressure later.
If you are earlier in the journey and weighing whether to build at all, the honest version of that decision is in how to build a Shopify app in 2026. If you already have traction and distribution is the constraint, the channels that actually move installs are in the 2026 distribution playbook.
Building in the Shopify ecosystem?
I helped build the Shopify Partner Program, and I have run the DTC brands your app is trying to win. When the platform changes the rules, that combination of vantage points is a hard thing to find in one advisor. The form takes two minutes.
Start the conversation More about Taylor →