The General Data Protection Regulation (GDPR), which went into effect on May 25, 2018, imposes obligations on any party that collects, stores, or processes personal data of individuals located in Europe. Shopify, however, mandates these regulations for all user data, both for individuals located in Europe and those located elsewhere. Each app developer is responsible for making sure that the apps they build for the Shopify platform are GDPR compliant.
This document describes some of the endpoints that Shopify has created to help you maintain good data practices as an app developer. To learn more about app privacy policies, data rights, and marketing as they relate to GDPR, see Data and user privacy under GDPR.
This document is not intended to provide you with legal advice. It describes the changes that Shopify has made to its platform to prepare for GDPR, and helps you think about your data practices in the way that GDPR requires.
Three mandatory webhooks need to be added to every public app:
customers/redact- Requests deletion of customer data.
shop/redact- Requests deletion of shop data.
customers/data_request- Requests to view stored customer data.
These webhooks help you manage the user data that an app collects. You can manage their subscriptions from your Partner Dashboard on the App setup page for your app:
When you receive one of these webhooks, you must confirm your receipt of the redaction request by responding with a 200 series status code, and complete the action within 30 days of receipt (unless you're legally required the retain the data).
When a store owner requests deletion of data on behalf of a customer, Shopify sends a payload on the
customers/redact topic to the apps installed on that store. If the customer hasn't placed an order in the past six months, then Shopify sends the payload 10 days after their request. Otherwise, the the request will be withheld until 6 months have passed. If your app has been granted access to the store's customers or orders, then you receive a redaction request webhook with the resource IDs that you need to redact or delete. In some cases, a customer record contains only the customer's email address.
48 hours after a store owner uninstalls your app, Shopify sends you a
shop/redact webhook. This webhook provides the store's
shop_domain so that you can erase the customer information for that store from your database.
When a customer requests their data from a store owner, Shopify sends a payload on the
customers/data_request topic to the apps installed on that store. If your app has been granted access to customers or orders, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly. In some cases, a customer record contains only the customer's email address.