After July 2021, the 2.3.x release line no longer received quality updates or user guide updates. PHP 7.3 reached end of support in December 2021, and Adobe Commerce 2.3.x reached end of support in September 2022. We strongly recommend upgrading to Adobe Commerce 2.4.x to help maintain PCI compliance.

Privacy Policy

This site contains archived merchant documentation for a version of Adobe Commerce and Magento Open Source that has reached end-of-support. The documentation available here is intended for historical reference only and is not maintained. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.

Your store includes a sample privacy policy that must be updated with your own information. Your privacy policy should describe the type of information that your company collects, and how it is used. It should also list the filenames of cookies that are placed on the computers of people who visit your store. Any additional cookies that are associated with third-party extensions and add-ons should be included in the list.

There are two widely accepted classifications of personal data, which are commonly abbreviated as PI and PII. The example Privacy Policy in the Luma sample data refers to Personally Identifiable Information (PII). In addition, there are numerous variations of these definitions that are associated with legal regulations of different countries, regions, and states. The following definitions can be used for the purpose of this general discussion:

Personal Information (PI) Any information that reasonably identifies or can be used to identify an individual directly or indirectly. Personal information may relate to any individual, such as a customer, employer, vendor, or contractor.

Personally Identifiable Information (PII) Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.

Example storefront - privacy policy Privacy Policy

Edit your privacy policy

The Luma sample data includes a sample privacy policy that you can modify for your use.

  1. On the Admin sidebar, go to Content > Elements > Pages.

  2. In the grid, find Privacy Policy. Then, in the Action column, click Select and choose Edit.

  3. Expand the Content section and make the necessary changes to the content.

    To learn more, see Using the Editor.

    Privacy Policy page - edit content Content

    If you change the URL key of the privacy policy page, you must also create a custom URL rewrite to redirect traffic to the new URL key. Otherwise, the link in the footer will return 404 Page Not Found.

  4. When complete, click Save Page.