DOCUMENT TSC-2026/B61 · BLOG POST 61 · ECOSYSTEM STRATEGY · REV. 01
FILED UNDER Partner Program·Agentic Commerce·Data & Privacy·Shopify Apps

The 2026 Partner Program
Agreement, decoded
for the people who build.

What the February 27 changes to data, AI training, billing, and agentic commerce actually mean for the apps and stores you operate.

Author
Taylor Sicard
Published
June 2026
Read
10 min · ~2,400 words
Ring
II · Ecosystem Strategy
About the author
Taylor Sicard

Early Shopify employee who helped build and scale the Partner Program. Co-founded WIN Brands Group, scaling individual brands to eight figures and the portfolio to nine-figure revenue. Founded and sold getuptime.co to Tiny. Now advises DTC brands, Shopify app founders, and Fortune 500 commerce teams.

Full background →
Key takeaways

On February 27, 2026, Shopify's Partner Program Agreement and API License changed in three meaningful ways: you can no longer use merchant or customer data to train AI systems without written consent, billing disclosures got tighter, and new agentic commerce partner roles were defined. Continuing to use Shopify APIs or dashboards after that date accepted the new terms automatically.

  • No signature and no checkbox; continued use was acceptance.
  • The headline is agentic commerce, but the data rules are the part that touches your roadmap.
  • Written from the seat of someone who helped build and scale the Partner Program in Shopify's early years.
Source: Taylor Sicard, Taylor Sicard Consulting · Updated June 2026

On February 27, 2026, Shopify's Partner Program Agreement and API License changed in three meaningful ways: you can no longer use merchant or customer data to train AI systems without written consent, billing disclosures got tighter, and new agentic commerce partner roles were defined. If you kept using Shopify APIs or dashboards after that date, you accepted the new terms automatically. No signature, no checkbox.

Most builders I talk to know something changed. Very few have read what. I am not a lawyer, and this is not legal advice. I helped build and scale the Partner Program in Shopify's early years, I have shipped on these APIs, and I read the agreement so I could tell founders what matters in plain language. The headline is agentic commerce, but the part that touches your roadmap is the data rules.

Four changes, one of
which you have to act on
this quarter.

Strip away the legalese and the update lands in four buckets. Three are housekeeping that Shopify needed in place to launch agentic commerce safely. One is a genuine constraint on how you are allowed to build.

FIG. 01, THE FEB 27 CHANGES BY IMPACT ON BUILDERSSUMMARY · 2026
ChangeWhat it coversDoes it touch your roadmap?
Data and AI use
Restrictions on using merchant and customer data, including for training AI or machine learning systems.
Yes. The one to act on now.
Agentic commerce roles
New partner types and definitions for agents, checkout, and payment surfaces.
Only if you touch checkout or build an agent.
Billing transparency
Clearer rules on how partners disclose and charge for their services.
Light. Tidy up your billing copy.
Definitions and roles
Expanded definitions throughout the agreement to support the above.
No direct action.

If you only have an hour, spend it on the first row. The rest you can read once and file. The data rules are the ones that can quietly put an existing feature offside.

You can no longer train
models on merchant data
without written permission.

This is the change with teeth. Merchant data and customer data, including data you have derived or aggregated, may not be used to develop or train AI or machine learning systems unless you have explicit written consent, either from Shopify or from the merchant. Read that twice if you have shipped anything with "AI" on the box in the last two years, because a lot of apps were quietly doing exactly this.

The pattern Shopify is closing off is the one where an app collects order data, product data, or customer behavior across its whole install base, then uses that pooled data to train a model that becomes the app's competitive moat. That was a common playbook. It is now something you need a paper trail for.

The 30-minute data audit

Open your product and ask three questions. One: does any feature use merchant or customer data to train, fine-tune, or improve a model? Two: is that model shared across merchants, or scoped to the single merchant whose data trained it? Three: do you have written consent for the first thing, covering the second thing?

If a feature trains a cross-merchant model on pooled data and you have no consent language, that is your exposure. The fix is usually one of three moves: scope the model to per-merchant data, add clear consent at install or in settings, or stop the training and keep the feature running on data you are allowed to use.

The nuance that trips people up: aggregated and anonymized data is named explicitly. The old assumption that "we stripped the identifiers, so it is fair game" does not hold here. If it started as merchant or customer data, the restriction follows it. Treat consent as a feature requirement, not a legal afterthought, and build the language into onboarding rather than burying it in a policy nobody reads.

There is also a competitive dimension worth thinking through. Apps that have been quietly aggregating cross-merchant data to train shared models were accruing a moat that smaller competitors could not replicate without a similar install base. The new rules level that playing field by requiring consent, which is harder to collect at scale than it sounds. Apps with fewer installs but clean consent practices are now in a structurally better position relative to larger players who built that moat without ever asking permission.

For founders building new apps, treat this as a forcing function to design the data model correctly from the start. Per-merchant model isolation is cleaner architecturally anyway; it prevents one merchant's unusual behavior from poisoning predictions for others. The apps that will earn trust fastest are the ones that can answer "what do you do with my data" in one sentence, not one paragraph.

"The agreement did not ban AI features. It banned building them on data you never asked to use. Those are very different problems, with very different fixes."

Taylor Sicard · Consulting

Figuring out whether a feature is offside, or how to re-architect one that is, is the kind of call I help app founders make. The form takes two minutes.

Start a conversation

Charge clearly, or don't
be surprised when Shopify
asks you to.

The billing changes are less dramatic but worth a pass. Shopify tightened the language around how partners disclose and charge for services, which is a continuation of a multi-year push to make sure merchants always understand what they are paying for and to whom. If your pricing page, your in-app upgrade prompts, and your actual Billing API charges all say the same thing, you are fine. If you have ever leaned on a confusing trial-to-paid transition or an opaque usage charge, clean it up before a merchant complaint forces the issue.

This connects to something I have written about before: pricing that confuses merchants does not just risk a policy flag, it manufactures churn. If you are restructuring billing anyway, do it in a way that reduces cancellations rather than just satisfying the terms. The mechanics are in the Shopify app pricing strategy guide.

The reason all of this
happened at once.

Every one of these changes exists to make agentic commerce work without the platform losing control of merchant data or checkout. Shopify needed defined roles for the new players: the agents that recommend and transact on a shopper's behalf, the surfaces where checkout now happens, and the payment flows that run underneath. The agreement adds partner types and definitions to cover them.

If you do not touch checkout and you are not building an agent, this section is context, not homework. If you do, the takeaway is that Shopify is drawing the boundaries of who is allowed to operate on these surfaces and under what obligations, especially around data and payments. That is a deliberate signal about where the platform will and will not let third parties sit as AI shopping matures.

FIG. 02, AGENTIC COMMERCE PARTNER TYPES · WHICH APPLIES TO YOUSUMMARY · 2026
RoleWhat it coversApplies if you build...
Commerce agent
An AI system that browses, recommends, or transacts on a shopper's behalf using Shopify data or APIs.
An AI shopping assistant, buyer-side agent, or recommendation engine that can initiate checkout.
Checkout partner
Any app or integration that operates on or near the Shopify checkout surface, including headless checkout implementations.
A checkout extension, headless storefront, buy-now feature, or accelerated checkout button.
Payments partner
Apps handling payment processing, routing, or settlement in connection with Shopify stores.
A payment gateway, multi-currency processor, or split-payment product.
Standard app partner
All other apps in the ecosystem. Subject to the data and AI rules, but not the agentic-specific obligations.
Most apps: anything that does not touch checkout or build a transacting agent.

The agentic commerce category is where Shopify is placing a very large bet. The entire Winter '26 Edition pointed there: agentic storefronts, the role of Sidekick in merchant operations, and the new checkout surfaces that agents need to transact. The agreement is the legal infrastructure for all of it. Builders who understand which partner type they fall under now will have an easier time when Shopify rolls out the access controls and certification requirements that will almost certainly follow.

Where this is heading

Read the agreement next to the Winter '26 Edition and the picture is clear. Shopify is positioning the platform as the trusted layer between merchants and the AI agents that will increasingly do the shopping. The data rules protect the merchant's asset. The new roles define who gets to stand on the checkout surface. Both are prerequisites for letting agents transact without handing your catalog and customer list to whoever built the agent.

For builders, the strategic read is that proximity to checkout and to first-party merchant data is getting more valuable and more regulated at the same time. Plan accordingly. Where the durable demand is heading is the whole subject of the 2026 ecosystem value map.

Five things to confirm
before you ship your
next release.

The terms are already in effect, so this is not about beating a deadline. It is about closing gaps before they become a problem. Run this list against your current product:

None of this is meant to scare you off building. The ecosystem is still one of the best places to build a software business, and Shopify tightening data governance ahead of an agent-driven internet is the right call for merchants, which is good for the apps that serve them. The founders who treat consent and clean billing as product requirements rather than compliance chores will move faster, not slower, because they will not be re-architecting under pressure later.

One more thing worth saying plainly: the agreement changes did not create the compliance risk; they made the implicit risk explicit. Apps were already using merchant data in ways merchants did not understand or consent to. That was always a trust deficit. Shopify is now requiring you to close it. That is a good outcome for the ecosystem, even if the short-term work is annoying.

What founders
ask me after
reading this.

Does the data rule apply to analytics features, not just AI?

Analytics features that process merchant data to show that merchant their own performance are not the target of this rule. The restriction is on using merchant or customer data to train, improve, or fine-tune models, especially across merchants. A feature that shows one merchant their conversion funnel is fine. A feature that pools conversion data from 10,000 merchants to train a shared model is the pattern the rule is closing.

What counts as "written consent" under the new rules?

The agreement does not specify the exact form, but the standard interpretation is a clear, affirmative opt-in at the point where the data use begins. That means either an install-time consent flow that specifically names AI training as a use case, or an in-settings toggle the merchant actively enables. A buried clause in a terms-of-service document that nobody reads is not written consent in any practical sense. Build it into the UI, not the fine print.

If I was already using merchant data to train a model, what now?

Stop using new data for training until you have consent in place. Assess whether the existing trained model used data you are now restricted from using. If so, consider retraining on consented data only or switching to a per-merchant model approach. Get a lawyer involved for anything material; this post is pattern recognition, not legal guidance. The common practical path is to add a consent gate to the affected feature and be transparent with merchants about what changed and why.

Does the revenue share change affect what the agreement says about billing?

The February 27 agreement changes are about disclosure and transparency in billing, not the revenue share structure itself. Shopify's revenue share model (the $1M lifetime cap structure) is a separate policy. If you are thinking about how the share impacts your unit economics and pricing decisions, the lifetime cap post covers the mechanics in detail, and the free calculator for what you keep after Shopify's cut runs your own numbers. What you earn for referring and growing merchants is different again: the new partner earning model that starts August 10, 2026 covers that.

How does this affect advisors or agencies that work on Shopify builds?

Agencies and advisors who build apps or integrations for clients are covered if they are accessing Shopify APIs or operating as Partners. If you are advising on Shopify strategy without writing code or accessing APIs directly, the terms apply to the builder, not you. If your agency has built any AI-powered tooling that uses merchant data, run the same 30-minute audit as a product team would.

+ + + + + + + +

If you are earlier in the journey and weighing whether to build at all, the honest version of that decision is in how to build a Shopify app in 2026. If you already have traction and distribution is the constraint, the channels that actually move installs are in the 2026 distribution playbook. And if you are thinking about what the ecosystem looks like at exit, the acquisition checklist covers what buyers will be looking for on the compliance side going forward.

  Work with Taylor  ·  Ecosystem Strategy

Building in the Shopify ecosystem?

I helped build the Shopify Partner Program, and I have run the DTC brands your app is trying to win. When the platform changes the rules, that combination of vantage points is a hard thing to find in one advisor. The form takes two minutes.

Start a conversation More about Taylor →

Questions I keep
getting asked.

Does the Shopify data rule apply to analytics features, not just AI?
Analytics features that show one merchant their own performance data are not the target. The restriction is on using merchant or customer data to train models across merchants. Showing one merchant their conversion funnel is fine. Pooling data from thousands of merchants to train a shared model is the pattern the rule closes.
What counts as written consent under the new Shopify Partner Agreement?
A clear, affirmative opt-in at the point where data use begins: either an install-time consent flow that specifically names AI training as a use case, or an in-settings toggle the merchant actively enables. A buried clause in a terms-of-service document is not written consent in any practical sense.
If I was already using merchant data to train a model, what should I do now?
Stop using new data for training until consent is in place. Assess whether the existing trained model used data you are now restricted from using. The common practical path is to add a consent gate to the affected feature and be transparent with merchants about what changed and why. Involve a lawyer for anything material.
Does the Shopify revenue share change affect what the agreement says about billing?
The February 27 agreement changes cover disclosure and transparency in billing, not the revenue share structure itself. Shopify's revenue share model with its $1M lifetime cap is a separate policy, addressed in detail in the Shopify app revenue share post.
How does the Partner Agreement change affect agencies or advisors working on Shopify builds?
Agencies and advisors who build apps or integrations and access Shopify APIs are covered. If you advise on Shopify strategy without writing code or accessing APIs directly, the terms apply to the builder, not you. If your agency has built any AI-powered tooling that uses merchant data, run a data audit against the new rules.