Hi, Im trying to create a GDPR compliant app and I have some questions regarding the Customer data request endpoint that I cant find in the docs:
1.- what is the expected format for the response?
something like that? does it matter, or shall we only send the link via E-mail to the customer? or send a file via E-mail?
2.- The download link should respond with a json, a zip, a .csv, or what is the expected response for that link?
3.- Is the generated link one use only?
4.- Is any kind of security needed? all persons with the link can have access to the info download?
5.- Does the info goes to the shop owner or to the customer email in the params?
@alrod I think that response in How to process GDPR webhook customers/data_request answers your question.
By merchant it means the Store admin?
Also it does not clarify the data format.
So, when I receive the webhook, if I send a CSV file to the shopy store admin via Email with all the information of the customer's orders I should be good to go?
@r8r thanks for the quick response
@alrod as far as I understand it, the way of submitting the data as outlined by you should be ok – and then you need to supply all the requestes orders' data and I would also add the customers' personal data. Shopify doesn't seem to provide any specific format or means of transmission for this data (which I think is a little odd too, but I guess that also shows the priority they put behind this feature