You are doing everything right — products are great, marketing is working, sales are growing. But you have a nagging feeling that your Shopify store is running on borrowed time because you have not properly protected the business. No terms and conditions, outdated privacy policy, unclear refund rules, and no plan for what happens when things go wrong. Sound familiar?
What’s in This Article
Most Shopify store owners treat legal compliance as something they will “get around to eventually.” The problem is that “eventually” usually arrives in the form of a customer dispute, a payment processor freeze, or a nastygram from the ACCC. By then, the cost of fixing things is 10x what it would have been to set up properly from the start.
Running an ecommerce business in Australia means complying with the Australian Consumer Law, the Privacy Act, the Spam Act, and various state and territory regulations. It sounds overwhelming, but the basics are straightforward once you know what is required. Here is what every Australian Shopify store needs to have in place.
Australian Consumer Law: What You Cannot Contract Out Of
The Australian Consumer Law (ACL) provides automatic consumer guarantees that apply to every product you sell. These guarantees cannot be excluded, restricted, or modified — no matter what your terms and conditions say. Understanding them is not optional.
Products must be of acceptable quality. This means safe, durable, free from defects, acceptable in appearance, and fit for the purpose they are commonly used for. If a customer receives a product with a genuine defect, they are entitled to a remedy — repair, replacement, or refund — regardless of your returns policy. You cannot say “no refunds” on defective products. That is illegal under Australian law.
Products must match their description. Whatever you say on your product page — materials, dimensions, features, performance — the product must deliver. Misleading descriptions or photos can result in ACL complaints and ACCC action. Be accurate and honest in every product listing, and ensure your photos represent the actual product, not an idealised version.
Change-of-mind returns are not required by law. Many Australian store owners do not realise this: you are not legally required to accept returns for change of mind. The ACL only mandates remedies for products that are faulty, not as described, or do not do what they are supposed to. However, most successful Shopify stores offer change-of-mind returns (typically 14-30 days) as a competitive advantage because it reduces purchase anxiety and increases conversion rates.
The Policies Every Shopify Store Needs
At minimum, your Shopify store needs four core policies that are easily accessible from your footer and checkout pages.
1. Privacy Policy. Required under the Australian Privacy Act if you collect any personal information (which you do — names, emails, addresses, payment details). Your privacy policy must explain what personal information you collect and why, how you use and store it, who you share it with (Shopify, payment processors, email platforms, shipping carriers), how customers can access or correct their data, and how you handle data breaches. If you sell to EU customers, you also need GDPR compliance language.
2. Terms and Conditions (Terms of Service). This governs the relationship between your business and your customers. Include who operates the store (your legal entity name and ABN), pricing and currency (AUD), payment terms and methods, intellectual property rights, limitation of liability, and dispute resolution processes. While not legally required in the same way as a privacy policy, terms and conditions protect your business in disputes.
3. Shipping Policy. Be transparent about processing times, shipping methods and carriers, delivery timeframes by region, shipping costs (or free shipping thresholds), and international shipping availability and restrictions. Australian consumers have a right to know when their product will arrive, and unclear shipping policies are one of the top drivers of customer complaints and chargebacks.
4. Refund and Returns Policy. Clearly state your change-of-mind return window (if applicable), condition requirements for returns, who pays return shipping, refund processing timeframes, and exchange options. Importantly, include a statement acknowledging Australian Consumer Law rights: “Our policy operates in addition to your rights under Australian Consumer Law. Nothing in this policy limits your statutory rights.”
Data Protection and Privacy Compliance
Data protection is becoming increasingly important as Australian privacy laws tighten. The Privacy Act reforms proposed in recent years signal a trend toward stronger consumer data rights, and getting ahead of these changes protects your business.
Minimise data collection. Only collect the personal information you actually need to fulfill orders and run your marketing. Asking for a date of birth, gender, or phone number when they are not needed creates unnecessary risk and erodes trust.
Secure customer data. Use Shopify’s built-in security features (SSL encryption, PCI DSS compliance for payments) and ensure any third-party apps you use also meet security standards. Review your app permissions regularly — some apps request access to data they do not need.
Have a data breach response plan. If customer data is compromised, the Notifiable Data Breaches scheme requires you to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if the breach is likely to result in serious harm. Having a response plan before a breach happens means you can act quickly instead of panicking.
Marketing Compliance: The Spam Act and Advertising Standards
- The Spam Act 2003 requires consent before sending marketing emails or SMS, clear identification of the sender, and a functional unsubscribe mechanism in every message. Penalties for non-compliance can reach millions of dollars. Ensure your email collection methods include explicit consent for marketing communications — pre-ticked checkboxes do not count.
- Advertising standards. Your product claims, pricing, and promotional materials must not be misleading or deceptive. “Was/Now” pricing must reflect genuine previous selling prices. “Limited time” offers must actually be limited. Health, performance, or sustainability claims must be substantiated. The ACCC actively monitors online retail advertising and has taken action against Australian ecommerce brands for misleading claims.
- Influencer and affiliate disclosures. If you work with influencers or affiliates, they must clearly disclose the commercial relationship. “#ad” or “#sponsored” is required under Australian advertising standards. Failure to disclose can result in penalties for both the influencer and your brand.
Business Structure and Insurance
Two more things that protect your business: the right business structure and appropriate insurance. If you are still operating as a sole trader, consider transitioning to a company or trust structure as your revenue grows. A company provides personal asset protection — if the business faces a legal claim, your personal assets (house, car, savings) are typically shielded. Consult an accountant for the right timing and structure for your situation.
Product liability insurance is essential for any Shopify store selling physical products. If a customer is injured by your product (or claims to be), product liability insurance covers legal costs and damages. Public liability insurance covers customer injuries related to your business operations. Professional indemnity insurance covers claims of professional negligence or incorrect advice. Most Australian insurers offer ecommerce-specific packages starting at $500-$1,500 per year.
Protection Is a Growth Strategy
Legal compliance and business protection are not just about avoiding fines — they are about building a business that can scale without hidden risks. Clear policies build customer trust. Proper data handling prevents costly breaches. The right business structure protects your personal assets. And appropriate insurance gives you the confidence to grow without fear of a single incident wiping you out.
Inside the eCommerce Circle, legal compliance and risk management fall under our Protection pillar. We help members get their policies right, understand their obligations under Australian Consumer Law, and build business structures that protect them as they scale. If your store is growing but your legal foundation has not kept up, our coaching ensures you are protected before it becomes an urgent problem.
