Protected customer data

Shopify is introducing updated requirements for apps that use customer data. As of version 2022-10 of the Admin API, published, public apps must meet the protected customer data requirements. Existing apps have until July 1, 2023 to migrate to API version 2022-10.

Privacy and data protection are critical foundations for ecommerce and are important to merchants and their customers. The protected customer data requirements focus on data minimization, transparency, and security so that you can better support a merchant's path towards compliance with privacy and data protection rules.

When your app uses API version 2022-10 or later, the review process for your public, published app might require action as described in the following table:

Data use Partner actions
No protected customer data No action required
Only protected customer data
Protected customer data with protected customer fields

Shopify will approve your app to use protected customer data if the requested data is for the minimum amount of protected customer data required by your app to provide the merchant with the app functionality. If you're approved to access all the data that you requested, then no code updates are required. If you're not approved to access the data that you requested, then you might need to update your app to handle errors or redacted data. For more information, refer to the example API requests for protected customer data.

While we encourage all apps to meet protected customer data requirements, the requirements aren't mandatory for the following apps:

  • Unpublished testing apps or apps that are installed only on development stores
  • Custom apps