Work with protected customer data

Privacy and data protection are critical foundations for ecommerce and are important to merchants and their customers. The protected customer data requirements focus on data minimization, transparency, and security so that you can better support a merchant's path towards compliance with privacy and data protection rules.

When your app uses the Admin API, the review process for your public, published app might require action as described in the following table:

Level Data use Partner actions
0 No customer data No action required
1 Customer data excluding name, address, phone, and email fields
2 Customer data including name, address, phone, or email fields

Shopify will approve your app to use protected customer data if the requested data is the minimum amount required by your app to provide the merchant with the app functionality. If you're approved to access the data that you requested, then code updates aren't required. If you aren't approved to access the data that you requested, then you might need to update your app to handle errors or redacted data. For more information, refer to the example API requests for protected customer data.

While we encourage all apps to meet protected customer data requirements, access to the different levels can vary based on app types. See below:

Level Public app Custom app Admin created custom app
1 Requires review Always available Always available
2 Requires review Always available Varies by plan

To access customer data in development, select the data and fields you're using in the Partner Dashboard. You don't need to submit a request for review for apps that are installed only on development stores.