Processing customer data requests

When you sell products through Shopify, you need to comply with the privacy and data protection laws and regulations that apply to your business. Privacy and data protection are critical foundations for ecommerce, and are important to your customers. The protected customer data requirements focus on data minimization, transparency, control, and security.

If you’re a store owner or a staff member with the required customer permissions, then you can complete a customer’s request to access or delete their personal data from your Shopify admin.

Obtain and export a customer’s data

If you receive an access or data portability request from a customer, then you can request a customer’s data after you’ve verified the individual’s identity.

Steps:

  1. From your Shopify admin, click Customers.
  2. From the customer list, click the customer profile that you want to request a log for.
  3. Click More actions > Request customer data.
  4. Refresh the customer’s profile page to access the customer’s data. If you’re the store owner, then this data is also sent to your email.
  5. Provide the customer with the data that they requested.

Erasing a customer’s personal data

You can request to erase a customer’s personal data and redact your customer’s personal data from Shopify’s records, and from any apps and channels that you’ve installed from your Shopify admin. Shopify only redacts personal information, such as your customer’s name and address. Non-personal data, such as order information about what was sold, the date and time of the sale, and the order value is maintained. It’s your responsibility to contact any other companies that you’ve shared the customer’s personal data with.

Steps:

  1. From your Shopify admin, click Customers.
  2. From the customer list, click the customer profile that you want to request an erasure for.
  3. Click More actions > Erase personal data.

Delays in processing erasure requests

By default, Shopify won't erase personal data when the customer has made an order in the last six months (180 days), in case a chargeback occurs. If a request for erasure is submitted during that time, then it will remain in a pending state until the required time has passed. When that required time has elapsed, Shopify completes the erasure request. You don’t need to submit another request.

To override this processing delay, contact Shopify Support.

Cancel a pending erasure request

After you submit a request to erase your customer’s personal information from your store, you have 10 days to cancel the request.

Steps:

  1. From your Shopify admin, click Customers.
  2. From the customer list, click the customer profile that you requested an erasure for.
  3. In the Erasure request submitted section, click Cancel request.

Editing or deleting a customer profile

If a customer profile already exists in Shopify, then you can edit the profile from the Customers page. Learn more about editing customer profiles.

You can also delete individual customer profiles, an action that can’t be undone. Some customer profiles can't be deleted, such as when the customer is associated with one or more orders, or they have a pending redaction because of a GDPR erasure request. Deleting a customer profile is different from erasing a customer’s personal data. Learn more about deleting customer profiles.

Can’t find the answers you’re looking for? We’re here to help.