We recently received a “Do Not Sell My Personal Information” request on our own store, and it made us stop and think: if we had to double-check the steps, chances are other merchants might be running into the same challenges too.

With U.S. privacy laws like the California Consumer Privacy Act (CCPA/CPRA) and similar state laws now in effect, shoppers have the right to say: “Do not sell my personal information.”

Thankfully, to make handling these requests simple, the Consentmo app logs every “Do Not Sell” request in one place and, whenever possible, processes them automatically for you. This reduces manual work, cuts compliance stress, and gives you peace of mind that your store is following the rules.

In this article, we’ll explain how “Do Not Sell” requests work, where to find them, what’s automated, and when you’ll need to step in.

Quick Summary

• U.S. customers can request to opt out of data sharing/selling under CCPA/CPRA and other state laws.
  Consentmo automates most of the process by updating Shopify’s privacy settings and rejecting cookies.
• Requests come through the ‘Do Not Sell’ page on your storefront and are logged in the Customer Data Requests tab.
• Deadlines: Confirm within 10 business days, respond within 45 days (extendable to 90). Consentmo usually processes requests instantly.
• These requests are normal compliance steps, not a sign of churn — they build trust and transparency with your customers.
  

What Is a “Do Not Sell” Request?

A “Do Not Sell My Personal Information” request allows U.S. customers to opt out of having their data shared with third parties. This is a core right under the CCPA/CPRA and other state privacy laws.

For merchants, this usually means:

• Stopping data from being shared with ad networks or analytics tools.
• Making sure Shopify’s privacy API is updated to reflect the customer’s choice.
• Excluding customers from certain marketing audiences if you’re on Shopify Plus.
  

It’s worth remembering: these requests are simply part of modern compliance. 

They don’t signal that your customers dislike your brand - instead, they show that people today are more privacy-aware and want to make their own choices about how their data is used.

How “Do Not Sell” Requests Are Received

Customers can send “Do Not Sell” requests by email or chat - but it's best if you have a dedicated “Do Not Sell Or Share My Personal Information” page on your storefront.

When you install the Consentmo app, this page can be generated automatically with a single click. All you need to do is:

1. Install the Consentmo app.
2. Navigate to Settings → Policies → Do Not Sell page.
3. Click on the Generate button.
4. Navigate to your Footer menu and link the new page there.
5. Save the menu.

Once published, customers can easily find this page (usually in your site’s footer) and submit a request. From their perspective, it’s a simple form: they enter their email, confirm via a secure link, and they’re done.

On your side, every request is automatically logged in Consentmo → Cookie Manager → Customer Data Requests.

The best part: no coding, no setup headaches — just a quick page add, and your shop is fully compliant with CCPA/CPRA “Do Not Sell” requirements.

What’s Automatic and What Needs Your Attention

Most of the work for “Do Not Sell My Personal Information” requests happens automatically with Consentmo. Once a customer confirms their request, the app updates your store settings and logs it for you - no action needed.

The only times you may need to step in are:

• If you use Shopify Audiences (Shopify Plus), you’ll need to manually remove the customer.
• If you use third-party trackers like Facebook Pixel or Google Analytics, make sure those tools also respect the opt-out.

In short: Consentmo handles the main task, and you’ll only need to act in a couple of cases.

How Quickly Do I Need to Respond?

A common worry is: “Do I need to act on a request the moment it comes in?” The good news is no - you have time.

Here’s what the law says for “Do Not Sell” requests under CCPA/CPRA:

• You need to confirm you received the request within 10 business days.
• You have up to 45 days to complete it. If it’s more complex, you can extend by another 45 days, as long as you inform the customer.

In practice, you won’t get anywhere near those limits. With Consentmo + Shopify, most requests are processed automatically within minutes, so your store will almost always be compliant well before the deadline.

Where to Find and Track Customer Do Not Sell Requests

Once a request has been submitted and confirmed by the customer, it’s automatically logged in your Consentmo app. 

You can find all requests by going to:

Cookie Manager tab → Customer Data Requests section

Here you’ll see a full list of every DSAR submitted to your store. To make things easier, you can:

• Filter by request type (Deletion, Do Not Sell, etc.)
• Sort requests to quickly find the ones you want to review
• Check status to see whether they’ve already been processed or still need action

In addition to the app dashboard, you’ll also receive email notifications whenever a new request is made. These emails include a direct link to the customer profile in Shopify, so you can quickly check details without exploring around.

From the dedicated Consentmo app menu, you’ll always know what requests have come in and what’s happening with them.

5 Best Practices for Handling Customer Do Not Sell Requests

While most customer data requests are automated, it’s still a good idea to build a simple routine for managing them. This helps you stay organized, avoid surprises, and maintain customer trust.

Here are some best practices when it comes to customer requests:

1. Check the Customer Data Requests tab regularly. Even though most requests are automated, reviewing them ensures nothing slips through the cracks.
2. Use filters for quick navigation. Sorting by request type makes it easy to see if there are any pending “Do Not Sell” requests that may need action.
3. Stay aware of manual steps. If you’re on Shopify Plus with the Audiences app, remember to manually exclude customers from your audiences when they opt out. The same goes for third-party tracking tools like Facebook Pixel or Google Analytics.
4. Keep communication friendly. If customers reach out about their requests, reassure them that their data is safe and being handled according to privacy laws. This reinforces trust and shows you take their concerns seriously.
5. Reply on time. We already mentioned you have plenty of time to process a request but make sure you do on time.

Takeaways

“Do Not Sell My Personal Information” requests are now a normal part of selling online in the U.S. They don’t mean customers are unhappy with your brand — they simply show that shoppers today are more privacy-aware and want control over their data.

With Consentmo and Shopify working together, most of the process is handled automatically. In the rare cases where you need to step in (like Shopify Audiences or third-party trackers), the steps are simple and clear.

By respecting these requests, you’re not just staying compliant - you’re building trust, transparency, and long-term loyalty with your customers.

Looking for more information on DSAR? Check out our full breakdown: DSAR Pages Explained: A Simple Guide for Shopify Merchants.