Cookie Policy
This document explains the types of cookies and other tracking technologies that Shopify may place on your device when you visit our websites or access the store of a merchant who uses our platform.
What are cookies?
Cookies are small files that are downloaded to your computer or device when you visit certain websites. We use different types of cookies on the Shopify website, including: strictly necessary cookies, performance cookies, advertising cookies, and social media and content cookies. Cookies improve your browsing experience by allowing the website to remember your actions and preferences (such as login and country). This means you don't have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information about how users use the website, such as whether a visitor is new or returning. You can learn more about cookies (and other similar tracking technologies) and how we use the data collected through them in our Privacy Policy .
What cookies do we use and why?
Some cookies are necessary to allow you to navigate our website, use its features, and access restricted areas. The use of these cookies is essential for the website to function properly. For example, we use session-long user-input cookies to track user input when filling out forms that span multiple pages.
We also use functional cookies to remember choices you've made or information you've provided, such as your username, language, or the country you're in. This allows us to personalize your website experience based on your preferences. For example, authentication cookies are functional cookies that are used for the duration of a session (or persistent, if you accept the "remember me" function) to allow users to authenticate themselves on subsequent visits or access protected content on the site. The functional cookies we use include:
- User-centric security cookies, designed to detect authentication abuse for a limited and continuous period, such as repeated failed login attempts. These cookies are specifically designed to increase the security level of the service.
- Media player session cookies (Flash cookies) are used for the duration of a session to store the technical data necessary for playing video or audio content (e.g., image quality, network connection speed, and buffering parameters).
- Load balancing session cookies are used for the duration of the session to identify the same server in the pool so that the load balancer can appropriately redirect requests.
- Persistent user interface customization cookies are used to store user preferences for a service across web pages.
Shopify is committed to optimizing the user experience, and we use various tools to improve our website and our commerce platform. To this end, we use reporting and analytics cookies to collect information about how and when you use our website and our merchants' storefronts. The performance cookies we use include:
- Direct analytics cookies: We use these cookies to calculate the number of unique visitors, to improve our websites and our merchants' websites, and to detect the most popular search terms on search engines that lead to a web page. These cookies are not used for online marketing purposes. We use these cookies to understand the performance of our and our merchants' websites and to improve your browsing experience.
- Third-party analytics cookies: We also use Google Analytics and the other third-party analytics tools listed below to track how users interact with our website content. These cookies "remember" users' actions on previous pages and how they interacted with the website. For more details on Google Analytics, visit Google's information page . For instructions on how to opt out of Google Analytics, see below.
Advertising cookies are used on our website to tailor marketing activities to you and your interests and provide you with a more personalized service in the future. These cookies remember that you have visited our website, and we may share that information with third parties, such as advertisers. While these cookies can track visits from your device to our website and other sites, they generally cannot identify you personally. Without these cookies, the ads you see may be less relevant and interesting to you. You can learn more about how companies use cookies for targeted or retargeting advertising. Here . We do not set advertising cookies through our merchants' stores, but merchants can choose to do so themselves.
Finally, social media and content cookies are installed by many social media plugins (for example, the Facebook "Like" button) and other tools designed to provide or enhance website content (such as services that allow video playback or create comment sections). We integrate these modules into our platform to improve the browsing experience and interaction with our websites. Please note that some of these third-party services also set cookies used for purposes such as behavioral advertising, analytics, and/or market research.
Merchant Stores
When merchants use our platform for their online stores, we set the following cookies for visitors to their stores.
Cookies necessary for the operation of the shop :
| Name | Description | Duration |
|---|---|---|
| _ab | It is used to control the display of the control bar in the virtual showcase. | 1 year |
| _abv | Maintains the collapsed state of the control bar. | 1 year |
| _checkout_queue_token | Used when there is a queue during the checkout process. | 1 year |
| _cmp_a | Used to manage customer privacy settings. | 1 day |
| _identity_session | Contains the user's identity session identifier. | 2 years |
| _master_udr | Permanent device identifier. | session |
| _pay_session | The Rails session cookie for Shopify Pay | session |
| _secure_account_session_id | It is used to track new customer accounts in a customer's session. | 30 days |
| _session_id | It is used to provide reports and analysis. | 2 years |
| _shopify_country | Used for Plus stores where the price currency or country is set by GeoIP, thus avoiding GeoIP lookups after the first request. | 30 minutes |
| _shopify_essential | It contains essential information for the proper functioning of a store, such as session and checkout information and anti-tamper data. | 1 year |
| _storefront_u | Used to facilitate updating of customer account data. | 1 minute |
| _tracking_consent | Used to store user preferences when a merchant has set privacy rules for the visitor's geographic area. | 1 year |
| auth_state_< |
Remembers the authentication state before redirecting customers to third parties for authentication. | 25 min |
| card_update_verification_id | It is used to support verification when a buyer is redirected to Shopify after completing 3D Secure during checkout. | 20 min |
| cart | Contains information about the user's shopping cart. | 2 weeks |
| cart_currency | Used at the end of a checkout to initialize a new empty cart with the same currency as the one just used. | 2 weeks |
| cart_sig | A hash of the contents of a shopping cart. Used to verify the integrity of the cart and ensure the performance of certain cart operations. | 2 weeks |
| cart_ts | Used in connection with checkout. | 2 weeks |
| checkout | Used in connection with checkout. | 21 days |
| checkout_prefill | Encrypts and stores URL parameters containing personally identifiable information used in cart permalink URLs. | 5 min |
| checkout_session_lookup | Used in connection with checkout. | 3 weeks |
| checkout_session_token_< |
Used when a checkout session is established on the server. | 3 weeks |
| checkout_token | Captures the visitor's landing page when they come from other sites. | session |
| customer_account_locale | It is used to monitor the customer account locale when a redirect from the checkout or storefront to the customer account occurs. | 1 year |
| customer_payment_method | Stores the payment method that is updated for subscriptions. | 1 hour |
| customer_shop_pay_agreement | It is used to verify a new Shop Pay payment instrument. | 20 min |
| device_fp_id | Device fingerprint identifier to help prevent fraud. | session |
| device_id | Session device identifier to help prevent fraud. | session |
| discount_code | Stores a discount code (received from a visit to the online store with a URL parameter) for application at the next checkout. | session |
| dynamic_checkout_shown_on_cart | Adjust the checkout experience for shoppers who proceed with regular checkout or dynamic checkout. | 30 minutes |
| hide_shopify_pay_for_checkout | Set when a shopper closes the Shop Pay login modal window during checkout, informing the shopper that it has been viewed. | session |
| identity-state | Stores state before redirecting customers to identity authentication. | 1 day |
| identity-state-< |
Stores state before redirecting customers to identity authentication. | 1 day |
| identity_customer_account_number | Stores an identifier used to facilitate access to customer account and storefront domains. | 12 weeks |
| keep_alive | Used when international domain redirection is enabled to determine if a request is the first in a session. | session |
| locale_bar_accepted | Remembers whether the location application modal window has been accepted. | session |
| local_bar_dismissed | Remembers whether the location application modal window has been closed. | 1 day |
| localization | It helps locate your cart in the correct country. | 2 weeks |
| logged_in | Indication of access with identification performed. | 12 weeks |
| login_with_shop_finalize | It helps you log in to Shop. | 5 min |
| master_device_id | Permanent device identifier. | 1 year |
| order | It is used to allow access to the data on the buyer's order details page. | 3 weeks |
| pay_update_intent_id | Stores the ID of a Shop Pay billing agreement update intent, which is required for the callback after verifying a Shop Pay payment instrument. | 20 min |
| preview_theme | Used to indicate whether the theme is displayed in preview. | session |
| previous_checkout_token | It is used to pre-populate the checkout with the data from the previous checkout. | 1 year |
| previous_step | Used in connection with checkout. | 1 year |
| profile_preview_token | Used to preview checkout customizations. | 5 min |
| receive-cookie-deprecation | A cookie set by Google to identify Chrome browsers affected by the deprecation of third-party cookies. More information on this cookie is available. here . | session |
| remember_me | It is used to pre-populate the checkout with the data from the previous checkout. | 1 year |
| secure_customer_sig | Used to identify you as a customer after you log in to a store, so you don't have to log in again. | 1 year |
| shop_pay_accelerated | Indicates whether the buyer is eligible for Shop Pay express checkout. | 1 year |
| shopify-editor-unconfirmed-settings | It stores the changes the merchant makes in the editor to update the preview. | 16 hours |
| shopify_pay | It is used to log a shopper into Shop Pay when they return to checkout at the same store. | 1 year |
| shopify_pay_redirect | It helps speed up the checkout process when the buyer has a Shop Pay account. | 1 year |
| storefront_digest | Stores a store's password digest to allow merchants to preview the store when it is password-protected. | 1 year |
| tracked_start_checkout | Used in connection with checkout. | 1 year |
| user | Used in connection with Shop access. | 1 year |
| user_cross_site | Used in connection with Shop access. | 1 year |
| wpm-domain-test | This is used to test the Shopify web pixel manager with your domain to make sure everything is working properly. | session |
Reporting and analysis
| Name | Description | Duration |
|---|---|---|
| _landing_page | Captures the visitor's landing page when they come from other sites. | 2 weeks |
| _orig_referrer | It allows the merchant to understand where visitors come from. | 2 weeks |
| _shopify_ga | Contains Google Analytics parameters that enable cross-domain analytics measurement. | session |
| _shopify_s | Used to identify a specific browser session or combination of stores. It expires 30 minutes after the last use. | 30 minutes |
| _shopify_sa_p | Captures the visitor's landing page when they come from other sites to support market analysis. | 30 minutes |
| _shopify_sa_t | Captures the visitor's landing page when they come from other sites to support market analysis. | 30 minutes |
| _shopify_y | Shopify Analytics. | 1 year |
| checkout_one_experiment | Used when a checkout is eligible for Checkout One and has been assigned to an experiment (control group or test group). | session |
| shop_analytics | Contains buyer information needed for Shop analysis. | 1 year |
| unique_interaction_id | Used for checkout metrics. | 10 min |
Shopify websites
When visitors access Shopify websites, we typically set the following Shopify cookies.
Cookies necessary for the functioning of the sites
| Name | Description | Duration |
|---|---|---|
| _identity_session | Contains the user's identity session identifier. | 2 years |
| checkout | Used in connection with checkout. | 21 days |
| user | Used in connection with Shop access. | 1 year |
Reporting and analysis
| Name | Description | Duration |
|---|---|---|
| _assignment | Shopify Analytics. | 1 year |
| _landing_page | Captures the visitor's landing page when they come from other sites. | 2 weeks |
| _orig_referrer | It allows the merchant to understand where visitors come from. | 2 weeks |
| _shopify_s | Used to identify a specific browser session or combination of stores. It expires 30 minutes after the last use. | 30 minutes |
| _shopify_sa_t | Captures the visitor's landing page when they come from other sites to support market analysis. | 30 minutes |
| _shopify_y | Shopify Analytics. | 1 year |
We also use pixels and tags from the following third parties, which in turn may install cookies.
Cookies necessary for the functioning of the sites
| Third parties | Description | Privacy Policy |
|---|---|---|
| Cloudflare | Shopify uses Cloudflare Naas (network-as-a-service) for edge routing. | https://www.cloudflare.com/privacypolicy/ |
| Drift | We use Drift for conversational marketing to customers who visit our websites. | https://www.drift.com/privacy-policy/ |
Reporting and analysis
| Third parties | Description | Privacy Policy |
|---|---|---|
| Fullstory | We use Fullstory to measure user interactions with our websites. | https://www.fullstory.com/legal/privacy/ |
| Google Analytics | We use Google Analytics to measure user interactions with our websites. | https://policies.google.com/privacy |
| Google Tag Manager | We use Google Tag Manager to manage analytics services. | https://policies.google.com/privacy |
| Vidyard | We use Vidyard to deliver video content and measure user interactions with our content. | https://www.vidyard.com/privacy/ |
Advertising
| Third parties | Description | Privacy Policy |
|---|---|---|
| Bizible | We use Bizible to measure attribution for advertising and marketing campaigns. | https://documents.marketo.com/legal/privacy/ |
| Facebook Pixel | We use the Facebook pixel to measure user interactions with our websites. | https://www.facebook.com/privacy/explanation |
| Facebook Custom Audiences | We use Facebook Custom Audiences to show targeted ads to people who visit our websites. | https://www.facebook.com/policy.php |
| We use Google Ads to show targeted ads to visitors to our websites. | https://policies.google.com/privacy | |
| We use Instagram to show targeted ads to visitors to our websites. | https://privacycenter.instagram.com/policy | |
| iSpot | We use iSpot to measure user interactions with our websites. | https://www.ispot.tv/terms-of-service |
| LinkedIn Insight Tag | We use the LinkedIn Insight Tag to measure user interactions with our websites. | https://www.linkedin.com/legal/privacy-policy |
| We use Reddit Ads to show targeted ads to visitors to our websites. | https://www.reddit.com/help/privacypolicy | |
| TikTok | We use TikTok to measure user interactions with our websites. | https://www.tiktok.com/legal/privacy-policy?lang=en |
| We use Twitter to measure user interactions with our websites. | https://twitter.com/en/privacy | |
| YouTube | We use YouTube to show targeted ads to visitors to our websites. | https://policies.google.com/privacy?hl=en |
Social media and content
| Third parties | Description | Privacy Policy |
|---|---|---|
| Facebook Connect | We use Facebook Connect to allow visitors to our websites to interact and share content via the Facebook social media platform. | https://www.facebook.com/policy.php |
| Gravatar | We use Gravatar to allow visitors to our websites to create avatars. | https://en.gravatar.com/site/privacy |
| Instagram CDN | Shopify uses Instagram CDN to deliver content to you. | https://privacycenter.instagram.com/policy |
| Sanity CDN | Shopify uses Sanity CDN to deliver content to you. | https://www.sanity.io/legal/privacy |
| Simplecast | Shopify uses Simplecast to distribute podcasts. | https://simplecast.com/privacy |
| Twitter CDN | We use Twitter to allow visitors to our websites to interact and share content via the Twitter social media platform. | https://twitter.com/en/privacy |
| TypeKit (Adobe fonts) | We use Typekit to load web fonts from Adobe CDN | https://www.adobe.com/privacy/policies/typekit.html |
| Wistia | We use Wistia to display video content. | https://wistia.com/privacy |
| YouTube CDN | Shopify uses YouTube CDN to deliver content to you. | https://policies.google.com/privacy?hl=en |
Oberlo websites
When visitors access Oberlo websites, we typically set the following Oberlo cookies:
Cookies necessary for the functioning of the sites
| Name | Function |
|---|---|
| gdpr_accepted | Used in connection with GDPR acceptance. |
Reporting and analysis
| Name | Function |
|---|---|
| _shopify_s | Shopify Analytics. |
| _shopify_t | Shopify Analytics. |
Additionally, we use pixels and tags from the following third parties, which may also install cookies:
Reporting and analysis:
| Third parties | Description | Privacy Policy |
|---|---|---|
| Google Analytics | We use Google Analytics to measure user interactions with our websites. | https://policies.google.com/privacy |
Advertising:
| Third parties | Description | Privacy Policy |
|---|---|---|
| Microsoft Advertising | We use Microsoft Advertising to show targeted ads to visitors to our websites. | https://privacy.microsoft.com/en-ca/privacystatement |
| We use Google Ads to show targeted ads to visitors to our websites. | https://policies.google.com/privacy |
How long will cookies remain on my computer or mobile device?
How long a cookie remains on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing, while permanent cookies last until they expire or are removed. Most of the cookies we use are persistent and expire between 30 minutes and 2 years from the date they were downloaded to your device. See the section below on how to control cookies for more information on how to remove cookies before they expire.
How to manage cookies?
You can control and manage cookies in various ways. Please note that removing or blocking cookies may negatively impact your user experience and some parts of our website may become inaccessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser's options, often found in the browser's "Tools" or "Preferences" menu. More information on how to change your browser settings and how to block, manage, or filter cookies is available in your browser's Help menu or on websites such as: sicurezza.net/cyber-security/cookie-prima-terza-parte .
Many of the third-party advertising and other tracking services listed above allow you to explicitly opt out of their tracking systems. You can find more information about the data they collect and how to opt out in the privacy policy links listed above.
Acetaia Malagoli Daniele srl
Via Celeste 9
41013 Castelfranco Emilia (MO)
VAT/Tax Code 04171920368
Malagoli srl Acetaia Inn
Via Celeste, 9
41013 Castelfranco Emilia (MO)
VAT/Tax Code 04186980365
R&B CIN: IT036006B4RSMG5D7O