PPA Update (Feb 27, 2026) — Clarification needed on AI/ML restriction scope

Hello,

Sorry, I’m not sure if this is the right category for this post.

I’m reaching out regarding the upcoming Partner Program Agreement update effective February 27, 2026, specifically the new restriction under “Protection of Merchant and Customer Data”:

Partners must not use Merchant or Customer Data (including in aggregated or derived form) for the training or development of AI or machine learning.

I’d like to request a formal clarification on the following :

1. Does “development” include inference-only usage of third-party AI APIs?
Some Partners use third-party AI APIs (e.g. OpenAI, Anthropic, etc…) strictly for inference — meaning data is sent to generate a response, with no model training or fine-tuning involved. The current wording does not distinguish between training and inference. Is inference-only usage covered by this restriction ?

2. Is Merchant-level consent sufficient?
If a Partner obtains explicit opt-in consent from each Merchant (e.g. through an in-app consent screen) to use their aggregated/anonymized data with a third-party AI API for inference purposes, does this satisfy the requirement — or is Shopify-level authorization also needed ?

I believe this affects a significant number of Partners building AI-powered features for Merchants. Given the approaching deadline, a clarification would be greatly appreciated..

Thank you.

Did this go anywhere? Am really interested in a reply

@Jonath did you get any more info/clarification around this?

I’d really like to know the answer to question #2

Hi folks,

Use cases that only perform inference — and do not train or fine‑tune models — are not restricted by the policy. In this instance, it’s unclear whether the third‑party AI API nonetheless uses data for downstream model training or fine‑tuning. Partners should review all third‑party tools and their policies to ensure continued compliance with the policy.