The General Data Protection Regulation (GDPR) goes into effect as of May 25, 2018. GDPR clarifies and imposes new obligations on any party that collects, stores, or processes personal data of individuals located in Europe. Shopify will, however, mandate these regulations for all user data.
This document outlines some of the endpoints that Shopify has built to help you maintain good data practices as an app developer. To learn more about app privacy policies, data rights, and marketing as it relates to GDPR, you can view our Data and user privacy documentation.
This document is not intended to provide you with legal advice. It is intended to provide you with information about changes that Shopify is making to the platform to help prepare for GDPR, and to help you start to think about your data practices in the way that GDPR requires.
Two mandatory webhooks are being added to every public app,
customers/redact. These webhook subscriptions will be manageable from your partner dashboard, in the App Info tab of your app settings.
When you receive one of these webhooks, you must confirm your receipt of the redaction request by responding with a 200 series status code.
When a buyer requests deletion of their data from a store owner, Shopify will send a payload on the
customers/redact topic to installed apps. If your app has been granted access to customers or orders, then you will receive a redaction request webhook with the resource IDs that you need to redact or delete.
48 hours after a shop uninstalls your app, we will attempt to send you a
shop/redact webhook. This webhook will provide the
shop_domain so that you can erase their customer's personal information from your database.
shop/redact webhook payload can be found below :