Protected data in Shopify Flow

Personally identifiable information (PII) is information that alone or combined can uniquely identify an individual. If you use triggers and actions in Shopify Flow that are created by another app, then that app can access information about your store, customers, orders, or other business data based on the variables you select.

Types of PII in Shopify Flow

The following PII is made available in Shopify Flow, depending on which triggers and actions you use:

• Customer personal information, which includes contact information such as name, email address, phone number, and address. Apps that deal with orders, fulfillment, or shipping also require access to location information (such as IP address and geolocation), and user agent information (such as browser and operating system).
• Shopify store owner personal information, which includes all contact information for the store owner, including name, email address, phone number, and addresses of all locations.
• Staff personal information, which includes all contact information for staff, including name, email address, and phone number.

Identifying PII in Shopify Flow

When building a condition or an action, variables that contain PII are indicated with an icon of a shield with a padlock next to the variable name. Click the icon to learn more about protected data in Shopify Flow.

How to handle PII in Shopify Flow

Here are some recommendations to consider when building workflows that use PII:

• Always follow best practices for handling sensitive data and be sure to comply with any applicable regulations or policies.
• Only include the strictly necessary variables when using actions from other apps and services.
• When sending emails and notifications (both internally and to customers), ensure the data you are sending is applicable to the recipient.