App permissions and personal information
Personally identifiable information (PII) is information that alone or combined can uniquely identify an individual. Apps that you install from the Shopify App Store can access different types of PII when they use information about your store, customers, orders, or other business data.
Every app that you install has access to PII about your Shopify account, including your contact information and location.
Depending on the function it performs, an app can require additional types of information. For example, an app that manages or fulfills orders requires access to order information that includes customer PII, such as customer addresses and other contact information.
You can revoke access to data by uninstalling the app. This sends the developer a request (after 48 hours) to erase all of your customers’ personal information the app collected while it was installed. If you request to erase an individual customer’s personal data from your store, then the same request is sent to every app you have installed that might have that customer’s information.
During the installation of an app, you can review the permissions that app has and the type of PII that it needs to access before you confirm the installation. After installation, you can see these permission details on the App details page.
There are four types of PII that an app can access:
- Customer personal information, which includes contact information such as name, email address, phone number, and address. Apps that deal with orders, fulfillment, or shipping also require access to location information (such as IP address and geolocation), and user agent information (such as browser and operating system).
- Shopify store owner personal information, which includes all contact information for the store owner, including name, email address, phone number, and addresses of all locations.
- Staff personal information, which includes all contact information for staff, including name, email address, and phone number.
- Content provider personal information, which includes information about blog authors or commenters (including email address and IP address), and user agent information (such as browser and operating system).