Mandatory GDPR webhooks for all apps

Shopify Partner
14 0 3

Hi Ryan,

Can you please reply to my questions above. I can't move forward without this information.

Thanks,
Paul

0 Likes
New Member
2 0 0

Hey Ryan,

Thanks for the update. I am facing issue while testing those webhooks.

For my app, I added an endpoint for Customer Data Erasure under App Setup -> Mandatory Webhooks, and processed erasure request as per this but I didn't receive any webhooks on my callback endpoint neither I received any email.

I also tried configuring those webhooks using API, but even the subscription to this webhook failed. Below is the URL path, and json payload I used to subscribe customers/redact topic,

URL- https://mystore.myshopify.com/admin/webhooks.json

Payload- 

{
  "webhook": {
    "topic": "customers/redact",
    "address": "https://53cb26a3.ngrok.io/elements/api-v2/events/shopify",
    "format": "json"
  }
}

And I received below error,

Invalid topic specified. Topis allowed: app/uninstalled, carts/create, carts/update, checkouts/create, checkouts/delete, checkouts/update, collections/create, collections/delete, collections/update, customer_groups/create, customer_groups/delete, customer_groups/update, customers/create, customers/update, customers/delete, customers/disable, customers/enable, order_transactions/create, orders/cancelled, orders/create, orders/delete, orders/fullfilled, orders/paid, orders/partially_fulfilled, orders/updated, products/create, products/delete, products/update, refunds/create, shop/update

So far, I see those webhooks aren't working.
Could you please provide your inputs or if there is anything that I am missing.

Thanks,

Mayur

0 Likes
Shopify Staff
Shopify Staff
469 36 92

Hi Ryan,

Can you please reply to my questions above. I can't move forward without this information.

Thanks,
Paul

This one? 

Can we get some guidance as to what we are supposed to do with private apps and GDPR-related webhooks? As we delete and re-generate our working set of webhooks from time to time it would be ideal if we could create the GDPR-related webhooks.

Thanks,
Paul

There is no plan currently for private apps to be able to create thesewebhooks.  Private apps are considered tied to a shop, so it would be best to get the information directly from the merchant.

 

I also tried configuring those webhooks using API, but even the subscription to this webhook failed. Below is the URL path, and json payload I used to subscribe customers/redact topic,

Hey Mayur.  You cannot register them like a normal webhook unfortunately, the only way is by filling out the form on your app page.  It is likely you simply have not been requested to delete any data yet if you haven't received a webhook.

 

Developer Experience @ Shopify
0 Likes
New Member
2 0 0

Hi Ryan,

For 'customers/redact', I have submitted the Customer Data Erasure request from admin console. under customer's profile -> 'Remove Personal Data'

I still don't see any webhook sent back to my callback endpoint. Is it expected that those webhooks are triggerred right away ?

For more information, I have sent you an email with shop Id for which I have submitted data erasure request. Could you please have a look at this ?

Thanks,
Mayur

0 Likes
Shopify Staff
Shopify Staff
469 36 92

Hey Mayur,

Chatted via email as well, but customer data requests take 48 hours to send.

Cheers,

Ryan

Developer Experience @ Shopify
0 Likes
Shopify Partner
6 0 0

Hey Ryan,

Thanks for your help answering all these GDPR related questions in the last few months.  If you don't mind, I have one that I don't see covered here explicitly if you could please chime in: 

I'm wondering what the flow for the "shop/redact" call will be for the store owner. In particular, we have seasonal customers that purchase our Formilla live chat app (premium) and uninstall the app off-season to cancel their subscription; the "48 hour" redact sounds pretty extreme if you're expecting us to blow away their data, so I'm wondering if you're including some kind of "also delete all my customer data with xxxxxx app" checkbox for affirmation?  For example, if a shop had 1,000 chats and collected various customer data with their chats like emails, names, etc., we need to delete all 1,000 if we get this webhook?

Cheers,

Tony
Formilla.com

0 Likes
Shopify Staff
Shopify Staff
469 36 92

Hey Tony,

I recently posted another post with a bit more info around these webhooks: https://ecommerce.shopify.com/c/api-announcements/t/gdpr-receiving-a-customer-redaction-request-5310....

 

Yours is a tough use case. Maybe some sort of setting to allow you to retain the data for when they reinstall? Or a built in way to pause your fees as an alternative so they don't have to uninstall? An alternative could be redacted all personal information from their chats/data but leaving the rest.

Not a lawyer though, so I'm no entirely sure what your requirements would be.  If you are unsure I would definitely consult one.

Developer Experience @ Shopify
0 Likes
Shopify Partner
6 0 0

Hey Ryan,

Thanks for the quick response and tips. 

I take it Shopify has decided not to get a confirmation from the merchant to 'delete all data' when uninstalling an app -- is that correct?  That was my only remaining question at this time...

0 Likes
Shopify Staff
Shopify Staff
469 36 92

Hi Tony,

In the information provided to merchants, it includes details that uninstalling the app will send a request to the app to delete all of their customer's data.  Outside of that, I think an app would be allowed to obtain permission from the merchant to keep the data around in case of reinstall? Of course I'm not a lawyer so make sure you double check anything before you do it.

Cheers.

Developer Experience @ Shopify
0 Likes
Shopify Partner
6 0 0

Thanks man.  Appreciate your responsiveness.  Have a good weekend!

0 Likes