AgentReadyAI visibility appCaffeine & CommerceShopify agency
Caffeine and Commerce
By Dylan HuntJune 11th, 2026ShopifyAIGuides

Is Shopify Sidekick Safe? What It Can Touch and Where Your Data Goes

Is Shopify Sidekick Safe? What It Can Touch and Where Your Data Goes

Every merchant who opens Sidekick eventually asks some version of the same question: this thing can see my whole business, so what exactly can it do with that access, and where does my data end up?

It is the right question to ask of any AI you give the keys to. Here is the grounded answer: what Sidekick can read, what it can change, what happens to your data, and the specific places where healthy caution is still warranted.

The boundary that matters most: read and propose, never commit

Sidekick's defining safety property is that it does not make changes on its own. It operates on a read-and-propose model. Ask it to create a 15 percent weekend discount and it will build the discount, then show it to you for approval. Ask it to bulk-edit prices and it stages the edit. Nothing is written to your store until you confirm.

This is not a courtesy setting you can accidentally disable. It is the design principle behind the whole assistant, and it extends to Sidekick app extensions, where third-party tools answer questions inside Sidekick but the merchant approves any action. The practical consequence: the blast radius of a bad Sidekick suggestion is a bad suggestion, not a broken store.

What Sidekick can see

Sidekick reads your store the way your admin does: products, orders, customers, analytics, content, settings. That grounding is the entire value, and it is why Sidekick answers "which products had the highest return rate last quarter" with your actual numbers instead of a generic essay. We mapped the full visibility surface in what data Shopify Sidekick can see, including the places where its view is fresher or staler than you might expect, a wrinkle we tested in does Sidekick use real-time store data.

Two scoping facts worth knowing:

  • Conversations are store-scoped. Sidekick runs inside your authenticated admin session. Your questions and its answers are not visible to other merchants, and nothing about your store leaks into another store's Sidekick.
  • Staff permissions carry over. Sidekick does not become a side door around your roles. What a staff account can learn from Sidekick tracks what that account could already access in the admin.

Where your data goes, and the training question

The sharper version of the safety question is about training: does asking Sidekick things mean your business data ends up baked into someone's model?

Here is what is verifiable. Shopify's AI features process your store data to serve you, and Shopify publishes privacy controls at privacy.shopify.com where you can review and manage how your data is used, including in connection with AI features. If your tolerance here is low, that settings page is worth ten minutes, and the current policy text is the source of truth as it evolves.

For third parties, the line got explicitly sharper this year. As of February 27, 2026, Shopify's partner program rules prohibit apps from using merchant or customer data to train AI or ML models without explicit consent. Before that update the boundary was blurrier, and plenty of merchants never thought to ask what their installed apps did with order data. Now the default is no.

Sidekick extensions get a further layer: Shopify validates extension descriptions, instructions, and input schemas at deploy time, and checks the data tools return at runtime before it enters the conversation. That is aimed at a real class of attack, prompt injection through tool responses, and it is more diligence than most AI plugin ecosystems apply.

The honest risk list

Safety is not the same as infallibility. The risks that remain are about quality, not access:

Wrong answers, confidently delivered. Sidekick has documented weak spots on tax and regulatory questions, where it can produce plausible, incorrect guidance. Anything with legal or financial consequences deserves a professional, not a chatbot, no matter whose chatbot it is.

Imprecision on complex asks. Multi-step analytical questions sometimes come back subtly off: the wrong date window, a filter interpreted loosely. The approve-before-save model catches bad writes, but nothing stops you from making a decision on a slightly wrong read. Spot-check numbers that will change what you do.

Over-delegation. The failure mode is not Sidekick going rogue, it is a merchant approving staged changes without reading them. The approval step only protects you if it is an actual review. Ten bulk edits approved on autopilot are ten unreviewed changes with your name on them.

A five-minute safety checklist

  1. Visit privacy.shopify.com and review your data and AI settings against your own comfort level.
  2. Audit your installed apps' access scopes in Settings, then Apps and sales channels. Uninstall what you no longer use, since dormant apps retain their grants.
  3. Check your staff roles. Sidekick respects them, which only helps if they are set thoughtfully.
  4. Adopt a personal rule: read every staged change before approving, every time.
  5. Route tax, legal, and compliance questions to humans. Use Sidekick to prepare for those conversations, not to replace them.

The bottom line

Sidekick is about as safe as an admin-embedded AI assistant can currently be: it cannot commit changes without you, it inherits your permission model, and the platform now draws a hard line on third parties training models with your data. The remaining risk is the ordinary kind that comes with any powerful tool, which is using its output without judgment.

If you are comfortable with the boundary and want more from the assistant, start with our practical Sidekick guide for merchants. And if your next question is what AI systems outside your admin can see about your store, that is a different surface with different rules, and our free AI readiness checker will show you exactly what the agents on the open web can and cannot read in about a minute.

See where your store stands

Get found and recommended by AI shopping assistants.

Run the free AI-Readiness Checker to see, in about ten seconds, how ChatGPT, Perplexity, and Google read your store today and exactly what is holding it back. Then AgentReady fixes the gaps for you, adding Schema.org structured data, an llms.txt directory, and an ongoing audit. Plans start at $29/mo with a 5-day trial.

Comments

Every comment here comes from a verified email. Write yours, confirm from your inbox, and it's live.

Loading comments…

Leave a comment

ShareXLinkedInFacebook

Written by Dylan Hunt, Founder, Caffeine and Commerce. We build Shopify stores that rank and that AI agents can read. Have a project? Get in touch.