Compliance Reports
Review and access Shopify compliance reports
Log in to view all reports
Some reports are accessible only with an active Shopify account. Log in to view all reports accessible by your account.
June 28, 2024 - June 28, 2025
PCI Attestation of Compliance (AoC)
This is Shopify's service provider PCI DSS AOC which is the best evidence of the PCI DSS compliance of Shopify's services. It is valid for one year and annually and completed by a Qualified Security Assessor.
October 21, 2024
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)
Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.
August 21, 2024
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)
Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.
June 21, 2024
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)
Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.
April 12, 2024
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)
Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.
January 19, 2024
PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)
Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.
April 1, 2023 - March 31, 2024
SOC 3 Report
This report provides assurance over the organization's system and company-level controls governing processes and is based upon the Trust Services Criteria. This report covers the reporting period specified on the cover letter and is publicly accessible.
October 1, 2022 - September 30, 2023
SOC 3 Report
This report provides assurance over the organization's system and company-level controls governing processes and is based upon the Trust Services Criteria. This report covers the reporting period specified on the cover letter and is publicly accessible.