As far as I understand we need to create these three endpoints that will make an app GDPR compliant
customers/data_request - we don't store any customer data on our systems, so what should we return here?
customers/redact - same, no customer data stored on our systems...
shop/redact - does shopify consider user's shop url and oauth token as user data, in that case should we purge that from our systems? (this is the only data we save in our database)