Compliance Reports

Review and access Shopify compliance reports

Log in to view all reports

Some reports are accessible only with an active Shopify account. Log in to view all reports accessible by your account.

June 28, 2024 - June 28, 2025

PCI Attestation of Compliance (AoC)

This is Shopify's service provider PCI DSS AOC which is the best evidence of the PCI DSS compliance of Shopify's services. It is valid for one year and annually and completed by a Qualified Security Assessor.

October 21, 2024

PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)

Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.

August 21, 2024

PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)

Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.

June 21, 2024

PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)

Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.

April 12, 2024

PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)

Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.

January 19, 2024

PCI External ASV Vulnerability Scan Attestation of Scan Compliance (AoSC)

Shopify's ASV scan attestation for PCI DSS compliance. Shopify completes ASV scans quarterly.

April 1, 2023 - March 31, 2024

SOC 3 Report

This report provides assurance over the organization's system and company-level controls governing processes and is based upon the Trust Services Criteria. This report covers the reporting period specified on the cover letter and is publicly accessible.

October 1, 2022 - September 30, 2023

SOC 3 Report

This report provides assurance over the organization's system and company-level controls governing processes and is based upon the Trust Services Criteria. This report covers the reporting period specified on the cover letter and is publicly accessible.