Protected customer data

Starting with API version 2022-10, we’re introducing updated requirements for apps that use customer data. We're publishing our updated protected customer data requirements before the release of API version 2022-10 to help Partners prepare; existing apps have until July 1, 2023 to migrate to API version 2022-10.

Privacy and data protection are critical foundations for ecommerce and are important to merchants and their customers. The protected customer data requirements focus on data minimization, transparency, and security so that Partners can better support merchants' path towards compliance with privacy and data protection rules.

As of version 2022-10 of the Admin API, published, public apps must meet the protected customer data requirements. When your app uses API version 2022-10 or later, the review process for your public, published app might require action as described in the following table:

Data Use Partner actions
No protected customer data No action required
Only protected customer data
Protected customer data with protected customer fields

Shopify will approve your app to use protected customer data if he requested data is the minimum needed by your app to provide the merchant with the app functionality. If you're approved for all the data access that you requested, then no code updates are required. If you're not approved for the data access you requested, then you might need to update your app to handle errors or redacted data. For more information, refer to the example API requests for protected customer data.

While we encourage all apps to meet protected customer data requirements, the requirements aren't mandatory for the following apps:

  • Unpublished testing apps or apps that are installed only on development stores
  • Custom apps