Processing customer data requests
When you sell products through Shopify, you need to comply with the privacy and data protection laws and regulations that apply to your business. Privacy and data protection are critical foundations for ecommerce, and are important to your customers. The protected customer data requirements focus on data minimization, transparency, control, and security.
If you’re a store owner or a staff member with the required customer permissions, then you can complete a customer’s request to access or delete their personal data from your Shopify admin.
On this page
Obtain and export a customer’s data
If you receive an access or data portability request from a customer, then you can request a customer’s data after you’ve verified the individual’s identity.
Steps:
- From your Shopify admin, click Customers.
- From the customer list, click the customer profile that you want to request a log for.
- Click More actions > Request customer data.
- Refresh the customer’s profile page to access the customer’s data. If you’re the store owner, then this data is also sent to your email.
- Provide the customer with the data that they requested.
Erasing a customer’s personal data
You can request to erase a customer’s personal data and redact your customer’s personal data from Shopify’s records, and from any apps and channels that you’ve installed from your Shopify admin. Shopify only redacts personal information, such as your customer’s name and address. Non-personal data, such as order information about what was sold, the date and time of the sale, and the order value is maintained. It’s your responsibility to contact any other companies that you’ve shared the customer’s personal data with.
Steps:
- From your Shopify admin, click Customers.
- From the customer list, click the customer profile that you want to request an erasure for.
- Click More actions > Erase personal data.
Delays in processing erasure requests
By default, Shopify won't erase personal data when the customer has made an order in the last six months (180 days), in case a chargeback occurs. If a request for erasure is submitted during that time, then it will remain in a pending state until the required time has passed. When that required time has elapsed, Shopify completes the erasure request. You don’t need to submit another request.
To override this processing delay, contact Shopify Support.
Cancel a pending erasure request
After you submit a request to erase your customer’s personal information from your store, you have 10 days to cancel the request.
Steps:
- From your Shopify admin, click Customers.
- From the customer list, click the customer profile that you requested an erasure for.
- In the Erasure request submitted section, click Cancel request.
Editing or deleting a customer profile
If a customer profile already exists in Shopify, then you can edit the profile from the Customers page. Learn more about editing customer profiles.
You can also delete individual customer profiles, an action that can’t be undone. Some customer profiles can't be deleted, such as when the customer is associated with one or more orders, or they have a pending redaction because of a GDPR erasure request. Deleting a customer profile is different from erasing a customer’s personal data. Learn more about deleting customer profiles.