Is Shein safe? The platform vs the trade-offs
Shein is safe—as a platform.
It’s a legitimate global retailer. Your order will arrive, your card will be charged the amount on the screen, and the site uses standard encryption like every other major e-commerce shop.
The real risks sit around Shein, not under it.
A 2018 data breach. Aggressive in-app tracking. Independent chemical tests that keep flagging the same product categories. A customer-service record bad enough to earn an F from the BBB.
Here’s how to use Shein without picking up the side effects.
Quick verdict
| Status | Notes | |
| Order delivery | ✅ Yes | Legitimate global retailer; items ship and arrive |
| Payment processing | ✅ Mostly | Use PayPal, Apple Pay, or a virtual card; never save details |
| Personal data | ⛔ No | Aggressive app tracking and a confirmed 2018 breach |
| Product chemicals | ⚠️ Caution | Independent tests have found lead, phthalates, formaldehyde |
| Customer service & returns | ⛔ Poor | F rating with the BBB; refunds often arrive as wallet credit |
Is Shein legit?
Shein is one of the largest fast-fashion retailers in the world. Founded in Nanjing in 2008, headquartered in Singapore since 2022, with operations in 150+ countries.
It’s a real company. It’s not going to vanish overnight with your money.
That said, Shein operates under Chinese ownership and a privacy regime considerably looser than what US or EU shoppers are used to. The EU designated it a Very Large Online Platform under the Digital Services Act in 2024 and opened formal proceedings in February 2026 over addictive design and the sale of illegal products.
India banned Shein in 2020 and only lifted the ban in 2025 under conditions requiring local data storage and Indian manufacturing.
Translation: the platform itself is legitimate. The regulatory pressure tells you where the friction is.
Is Shein safe to use?
The platform encryption is fine. What you ship to Shein in payment details and login info is protected in transit.
Everything after that is the question.
Shein has had a confirmed breach, runs one of the most aggressive in-app trackers in fast fashion, and ships products that have failed independent chemical tests at rates higher than mainstream retailers.
None of those are deal-breakers on their own. Stack them and you have a shop you can use—carefully.
The real risks of shopping on Shein
In short: Shein shoppers face four ongoing concerns: a 2018 breach exposing 39 million accounts, an app that collects far more data than the website, independent chemical tests repeatedly flagging clothing (especially children’s items and shoes), and customer service rated F by the Better Business Bureau.
The 2018 data breach is still circulating
In 2018, Shein’s then-parent company Zoetop suffered a breach that exposed roughly 39 million customer accounts—email addresses, hashed passwords, and some payment-card data.
Zoetop initially reported only 6.42 million. In 2022, the New York Attorney General fined the company $1.9 million for misrepresenting the scale and failing to notify affected customers.
If you had a Shein account before mid-2018, your email—and the password you used at the time—has likely been part of credential-stuffing attacks ever since.
That data didn’t stay in one dump. It spread.
It now circulates routinely on people-search sites and in data-broker databases, where it gets re-bundled with everything else scammers have on you. A service like Incogni tackles that residue directly—sending opt-out requests to 220+ brokers and re-sending them when your data resurfaces.
The app collects far more than the website
The Shein app is the most data-hungry surface the company runs.
App permissions reach into clipboard contents, precise location, and device-level identifiers in ways the browser version can’t. Incogni’s research on foreign-owned apps found Shein shares 12 of the 17 data types it collects with third parties—the highest shared-to-collected ratio in the study.
That includes names, phone numbers, and photographs going to undisclosed external entities.
If minimizing tracking matters to you, shop through the website—ideally in a privacy-focused browser. Not the app.
Independent chemical tests keep flagging the same categories
A November 2025 Greenpeace Germany investigation tested 56 Shein products and found 18 contained hazardous chemicals at levels exceeding EU REACH limits—including lead, phthalates, formaldehyde, and PFAS.
Children’s clothing, shoes, and faux-leather accessories were the highest-risk categories.
In May 2024, Seoul city officials detected phthalates in Shein children’s shoes at 428 times the permitted limit.
Wash everything before wearing—multiple washes for anything that touches skin directly. Skip the children’s items, shoes, and faux leather. Stick to natural fibers where you can.
The F rating reflects customer service, not legitimacy
Shein holds an F rating with the Better Business Bureau based on thousands of complaints about long delivery times, refund disputes, and unreachable support.
The rating doesn’t mean your order won’t arrive. It means if something goes wrong, getting help is slow at best.
Returns are technically free within 35 days—but refunds frequently come back as Shein wallet credit, not your original payment method.
How to shop on Shein safely
Six things, all under five minutes. They remove most of the avoidable risk.
- Pay with PayPal, Apple Pay, or a virtual card—never save the details. Privacy.com or your bank’s virtual-card feature generates one-use numbers you can shut off if Shein is breached again. Never tick the “save for next time” box.
- Enable two-factor authentication. Account settings, then security. Two minutes against a real ongoing risk.
- Use a throwaway or alias email. A dedicated Shein email keeps breach exposure and marketing mail out of your main inbox. SimpleLogin and Apple’s Hide My Email both work for this.
- Shop through the website, not the app. The app collects substantially more data than the browser version.
- Wash everything before wearing. Multiple washes for underwear, swimwear, and anything in direct skin contact. Skip children’s items, shoes, and faux leather entirely.
- Read review photos, not just star ratings. Customer-uploaded photos reveal sizing, fabric quality, and color accuracy in ways product photos don’t.
Shein vs Temu, AliExpress, and H&M
| Shein | Temu | AliExpress | H&M | |
| Confirmed breach | 2018, 39M | None major | Multiple, smaller | 2022, employee data |
| Chemical safety | Multiple failed tests | Similar concerns | Varies by seller | Generally meets limits |
| BBB rating | F | C+ | Not rated | A+ |
| App data collection | Aggressive | Aggressive | Moderate | Standard |
| Returns | Difficult, slow | Difficult, slow | Varies by seller | Standard, in-store option |
Among the three Chinese fast-fashion players, none has a meaningfully cleaner record than the others. H&M is a different proposition at a higher price point, particularly if chemical safety and return reliability matter to you.
Shein and your personal data
In short: Shein collects more user data than most retailers and shares it broadly under a comparatively loose privacy regime. Deleting an unused account and using the website instead of the app help on the Shein side—but the bigger win is reducing the personal data already circulating across people-search sites and data brokers, since that’s what scammers use to personalize phishing and impersonation attempts.
Shein collects a lot.
Contact and identity info when you create an account. Full shipping and payment details when you order. Behavioral data tied to browsing. And—through the app—device-level identifiers, clipboard contents, and location data. The privacy policy is broad. The regulatory environment is loose.
On Shein’s side:
Delete your account fully through Shein’s data request portal when you stop using the service—deactivation isn’t enough. Turn off marketing email and app notifications. Reduce app permissions, or skip the app entirely.
But—
The bigger lever is what’s already out there. Your phone number, address, and the email tied to your old Shein account likely already sit in dozens of people-search sites and data-broker databases.
Shrinking your overall digital footprint cuts the raw material scammers use to personalize phishing and impersonation attempts.
FAQ
Is Shein Chinese?
Founded in Nanjing in 2008, Shein relocated its headquarters to Singapore in 2022 ahead of a planned IPO. Manufacturing, leadership, and supply chain remain primarily Chinese. The company is fully legal to do business with in most countries, though it operates under different data and consumer-protection rules than US or EU companies.
Does Shein’s F rating with the BBB mean it’s unsafe to order?
No. It means customer service is unreliable—not that your order won’t arrive or your payment is at risk. Budget extra time for delivery, and use payment methods with independent recourse (PayPal disputes, credit-card chargebacks) in case anything goes wrong.
What are better alternatives to Shein for chemical safety?
H&M, Zara, and Uniqlo are the closest mid-priced alternatives with cleaner chemical safety records and easier returns. Everlane and Pact prioritize supply-chain transparency at higher price points.
Does Shein sell my data?
Shein’s privacy policy permits sharing data with affiliates, advertising partners, and analytics providers. Whether that counts as “selling” depends on jurisdiction—California’s CCPA defines “sale” broadly enough to cover most data-for-value exchanges. The practical answer is that the data you give Shein routinely ends up with third parties.
Has Shein been banned anywhere?
India banned Shein in 2020 alongside dozens of other Chinese apps over data-security concerns, then lifted the ban in 2025 under conditions requiring local data storage and Indian manufacturing. The EU opened formal proceedings against Shein in February 2026 under the Digital Services Act. The US has held congressional hearings but hasn’t banned the platform.