Skip to content

How Long Should You Keep Shopify Customer Data?

Paige Harris 6/4/22 10:16 AM

Table of Contents

Tech journalist Christopher Null once wrote, "if you don't have a good reason to store data, you have a good reason to delete it," highlighting the importance of removing client data from your business platform. In the fast-paced world of ecommerce, small and medium business owners need to run a well-oiled machine. This includes properly managing client data, no matter the platform. 

In this article, we'll discuss when you can consider deleting your Shopify customers' data. This includes the reasons for — and legality behind — deleting customer data as well as how exactly to go about it. 


What is customer data collection?

Consumer data covers all personal, demographic, and behavioral information about your customer, such as Shopify data requests. In a nutshell, it can include everything from their name and address to billing details and shopping trends. This information is collected online, especially for ecommerce shops in order to effectively process orders, and can help inform businesses' marketing and customer relations decisions.


Why is this data stored?

eCommerce businesses gather and store different types of data for different reasons. These are some examples: 

  • Client contact details: this information is important for client communication.
  • Customer address: this is necessary for billing and delivery.
  • Shopping trends: these trends can be analyzed for marketing purposes. 
  • Customer behavior: businesses use behavioral data to better understand their clients. 


When should Shopify data be deleted?

You may be wondering when to delete your clients' Shopify data. Depending on where your business operates and where your customers are located, there may be laws to consider before deleting customer data. Despite personal preference, data erasure should always comply with the law.DSAR - LAC Here are a few of the most well-known laws associated with data storage:


The General Data Protection Regulation (GDPR)

The GDPR applies to businesses with operations and/or clients in any of the EU's 28 member states. It does not specify a specific length of time that data should be kept by a business. 

According to the GDPR data should be kept until "it is no longer needed." However, this doesn't mean that you can't keep data for a longer period. Data may be kept past the point that it's necessary for your business if: 

  • it will be archived.
  • it will be used for scientific or historical research.
  • it's in the public interest.

The UK GDPR established the client's right "to be forgotten." Customers can request the erasure of their personal data under certain circumstances. When a business receives such a request, they have one month to respond. 

The GDPR further introduced DSARs, or data subject access requests, to give consumers a way to request access to their data. If one of your customers submits a DSAR for your Shopify store, it's important to comply with their request to access their data or opt out of data collection.


The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a US law that applies to businesses that handle patient health information. Under this law, data must be kept for at least six years. 


The Sarbanes–Oxley (SOX) Act

SOX applies to all publicly traded companies in the US. It states that all customer invoices and sales records must be retained for five years.


Why should you delete your online store's customer data?

Here are six factors to consider when deciding which data to remove from your Shopify business' database.

nasa linking photo
Expensive data storage is but one of the reasons to get rid of unneeded data. Photo by NASA on Unsplash


Compliance with the law

Failure to comply with the laws that apply to your business could lead to criminal or civil charges. When deciding on your data retention policies, look up the laws that apply to your business location and the places where your potential clients might live.


Cost savings

Storing large amounts of data is not only time consuming, the costs also add up over time. From cloud services and LANs to external hard drives, small- and medium-sized businesses especially may have to put extra income aside as the amount of data they choose to store grows. Deleting customer data can help save space and money.


Risk reduction

Large amounts of data come with the risk of data breaches. Such data breaches affect all kinds of online businesses, even including universities and well-known social media platforms. By deleting the data your business no longer needs, you can limit the harm a breach will cause for both your business and your clients.



Having less customer data not only saves on storage space, it also makes your business practices more efficient. When you're able to avoid sorting through endless amounts of unimportant information, you can more easily get to the information you need when you need it. This can improve the speed of your systems, thus boosting the efficiency of your operations as well as customer service.



Clients are at the heart of any ecommerce business, which is why their privacy needs must be considered. Clients of small- and medium-sized businesses are likely to appreciate the fact that their information is not being shared with third parties or stored for marketing purposes.

CTA General Privacy Graphic


Improve Marketing Campaign Performance

By keeping a clean database, business owners also ensure that they keep their email list free from spam. This enables them to only reach recent or interested clients, resulting in an improved conversion rate.CCPA Oatman Farms (1)


How should you delete customer data?

When you've decided to delete information, the next step is to get rid of it. Depending on where it's stored, this may be a lengthy process. But there are many ways to make it easier on your team and your operations. Here are some guidelines to help you get started.


Decide which data to keep and which to get rid of

Before deleting any data, it might be best to establish a data retention policy to guide your future data management strategy. This policy should state which client information will be kept, the reasons for keeping it, and how long it will be stored. Familiarizing yourself with the laws that apply to your business can help you make these decisions. 

Other things you might want to consider when drafting this policy are:

  • where the data will be stored
  • whether any data should be kept permanently
  • the importance of each type of data to your business
  • who will be responsible for keeping track of the retention/deletion schedule
  • who will be responsible for deleting the data

A good rule of thumb is to get rid of a customer's details if they haven't made a purchase from your business in the last two years. 


Hit the format button

Once you've decided which information stays and which information goes, it's time to move on to deleting the data. This process will depend on which storage methods your business is using. 

These may include: 

  • Cloud storage: The most used forms of cloud storage, such as iCloud or Google Drive, will allow you to delete content with ease. Simply select what you want to delete, and the option to delete it will appear. To permanently delete these files, head to the "trash" section of a cloud storage platform and select "permanently delete." Keep in mind that many platforms delete files automatically after a certain period. 
  • External drives: On an external hard drive, select what you want to delete, then right-click to see the "delete" option. 
  • LANs: Deleting folders from a LAN network works the same way as you would delete any other files, only it has to be deleted by the uploader or an admin of the network. 
  • Third-party data storage: If your business makes use of a third-party data storage provider, you can discuss with them when to delete which data. 


Wrapping Up

Managing your business's data may seem daunting, but with the right methods in place, you can find a process that works for you. You should now have a better grasp on client data, the importance of deleting it when necessary, and how exactly to go about deleting it.

We hope that you found this article helpful and that storing and removing data no longer seem like impossible tasks. If you are still unsure, why not partner with a third-party specialist to help you cover all your bases?


Find a partner you trust

Choosing when to keep data and when to let go of it can be a harrowing decision for business owners. What if you get rid of something that you actually need? What if you're unaware of some of the legalities surrounding data removal? 

That's where Enzuzo comes in. We help ecommerce brands launch, manage, and scale personalized privacy experiences that customers trust. This all happens from one easy-to-use platform, with continuous customer support.

Enzuzo takes the headache out of data management and allows you to get back to doing what you do best: running your business. Make your data troubles a thing of the past, and reach out to find out more today.


enzuzo compliance

Say hello to Enzuzo, a privacy whiz dedicated to making business owners' lives easier.


Paige Harris

Paige is the growth marketing lead at Enzuzo and host of The Living Lab podcast, providing insightful articles in the privacy space.