If my app does not save the store order and customer details so how we set the GDPR mandatory webhok

chetna
New Member
2 0 0

Hello

I am working to create a Shopify app but I am confused if I am not storing the customer details and store order so how we set the GDPR mandatory webhook under the app setup

Please help me .

Thank you 

Screenshot (5).png

 

Reply 1 (1)
cdarne
Shopify Staff
Shopify Staff
19 1 2

Hi!

 

Cedric here, from the Shopify Webhook team. Thanks for reaching out!

The GDPR mandatory webhooks are the way a store owner can request to view or delete data of a customer on behalf of that customer. If your app has been granted access to customer or order data, then you could receive a data request webhook. That can be any kind of data related to a customer you have stored: email, phone, orders details.

Those webhooks endpoints are mandatory to every public app: that means that your app must provide endpoints responding with a 200 status code when they receive the webhook requests, whether you're actually storing customer data or not yet. If you have data related to a view/delete request, you must send/delete that data according to the GDPR compliance. For example, the shop/redact webhook will be send 48 hours a store owner uninstalls your app, so that you can erase the customer information for that store from your database.

For the full details about those mandatory webhooks, take a look at that doc: https://shopify.dev/apps/webhooks/mandatory.

And here's a more general documentation about the GDPR, if you're interested: https://shopify.dev/apps/store/privacy.

Don't hesitate if you have more questions!

All the best,

 

Cedric | Shopify Webhooks