To comply with the General Data Protection Regulation (GDPR), public apps must set up mandatory webhooks. These webhooks help you manage the user data that an app collects.
This guide isn't intended to provide you with legal advice. It describes the changes that Shopify has made to its platform to account for GDPR, and helps you think about your data practices in the way that GDPR requires.
GDPR and Shopify
GDPR, which went into effect on May 25, 2018, imposes obligations on any party that collects, stores, or processes personal data of individuals located in Europe.
Shopify, however, mandates these regulations for all user data, both for individuals located in Europe and those located elsewhere. Each app developer is responsible for making sure that the apps they build for the Shopify platform are GDPR compliant.
The following webhooks must be added to every public app:
customers/data_request: Requests to view stored customer data
customers/redact: Requests deletion of customer data
shop/redact: Requests deletion of shop data
Receive and respond to mandatory webhooks
When you receive one of the mandatory webhooks, you must confirm your receipt of the redaction request by responding with a
200 series status code. You must also complete the action within 30 days of receipt, unless you're legally required to retain the data.
Manage endpoints for mandatory webhooks
Your endpoint must be an HTTPS webhook address with a valid SSL certificate that can correctly process event notifications. For more information, refer to Register an endpoint.
- From your Partner Dashboard, go to Apps.
- Click the app that you want to update.
- Click App setup.
- In the GDPR mandatory webhooks section, update your endpoints.
- Click Save.
When a customer requests their data from a store owner, Shopify sends a payload on the
customers/data_request topic to the apps installed on that store.
If your app has been granted access to customer or order data, then you receive a data request webhook with the resource IDs of the data that you need to provide to the store owner. It's your responsibility to provide this data to the store owner directly. In some cases, a customer record contains only the customer's email address.
When a store owner requests deletion of data on behalf of a customer, Shopify sends a payload on the
customers/redact topic to the apps installed on that store.
If the customer hasn't placed an order in the past six months, then Shopify sends the payload 10 days after their request. Otherwise, the request is withheld until six months have passed. If your app has been granted access to the store's customers or orders, then you receive a redaction request webhook with the resource IDs that you need to redact or delete. In some cases, a customer record contains only the customer's email address.
48 hours after a store owner uninstalls your app, Shopify sends you a
shop/redact webhook. This webhook provides the store's
shop_domain so that you can erase the customer information for that store from your database.
- Learn how to configure a webhook for your app and manage webhooks for different API versions.
- Consult the GraphQL Admin API or REST Admin API reference for the complete list of supported webhook topics.
- Learn more about how GDPR affects developers and Shopify.
- Familiarize yourself with app privacy policies, data rights, and marketing as they relate to GDPR.
- View a report of your app’s webhook deliveries, track failed deliveries, and fix issues before they affect merchants.