We have published an app with read_orders and read_products permissions. In fact, our app currently only uses API resources related to Products and not Orders resources. The read_orders permission is requested as we plan to develop the app feature related to orders in the future. We don't have any API requests that request protected customer data. Do we need to request access to protected customer data and meet the protected customer data requirements?
Is our App at risk of being unpublished if no action is taken?