Re: Preventing Staff from Exporting Customer Data

Preventing Staff from Exporting Customer Data

FirstMatsUK
Excursionist
24 2 13

Hi all,

Our sales and customer service staff need to have access to customers in Shopify to be able to create draft orders and contact them. The problem is that they can export all of our customer contact details and other information at the click of a button.

Is there a way, or an app, to turn off the "Export" function for staff members?

We feel that this is a huge gaping hole in Shopify's security policy, especially with GDPR regulations taken into account.

Replies 28 (28)

Tira
Shopify Staff (Retired)
1260 92 223

Hey, @FirstMatsUK

Tira here to help.

I can understand why removing the ability to export the customers list from your Shopify admin would be beneficial for your business.

If you would like to do this, please follow these steps:

  • From your Shopify admin, go to Settings > Users and permissions.
  • Click on the staff you want to edit.
  • You can check the permissions you want to give staff, or uncheck the permissions you want to remove. If you don’t want your staff to export customers, then uncheck the box next to “Export customers”
    If you want to give your staff all available permissions, then check select all.
  • Click Save to confirm your changes.

Here is a screenshot from my test store of what this looks like: 

09-59-72456-42677

You can learn more about editing staff permissions in our help docs here: Managing staff.

I would love to know if this helps you accomplish what you need to do.

To learn more visit the Shopify Help Center or the Community Blog.

FirstMatsUK
Excursionist
24 2 13

Hi Tira,

Thank you for the reply, but we don't have that feature available in the Shopify Admin. I've attached a screenshot.

permissions.JPG

 

Is there a way to activate this feature?

Tira
Shopify Staff (Retired)
1260 92 223

Thanks for getting back to me @FirstMatsUK and I appreciate the screenshot you've provided. It looks like you're not able to see the "Export customers" option on your Shopify admin, is that right?

If so, which browser and device are you using to view your staff permissions? When I took my screenshot, I was using Google Chrome on a Google Pixelbook. Here is a list of supported browsers from our help docs. 

I would love to know if this helps you see the "Export customers" option.

To learn more visit the Shopify Help Center or the Community Blog.

FirstMatsUK
Excursionist
24 2 13

Hi Tira,

That is correct, I do not see the Export option as per the screenshot.

Is this option something that only the store owner has? Does it require a certain subscription level?

I am using the Chrome browser on a laptop device.

Tira
Shopify Staff (Retired)
1260 92 223

Thanks for getting back to me, @FirstMatsUK.

The level of subscription plan that you have with Shopify should not affect your permissions, but if you are using a staff account with limited permissions, that would have an effect on which permissions you can see. 

It sounds like you have been provided a staff account and are trying to edit your permissions from your staff account. Is that right?

If that is, I would recommend reaching out to the account owner of the store and asking if they can edit the permissions for the staff member that you wish to edit permissions for. Staff accounts can edit permissions for other staff accounts, but they can only edit permissions that they already have on their own staff account.  

Here is a screenshot from our help docs: About staff permissions, that mentions this: 

12-52-98335-56919

Are you able to Export the customers CSV yourself? You can check this by going to the "Customers" section in the Shopify admin. If there is an "Export" button on the page, then you have the permissions to export the customer list.

I would love to know if this helps!

To learn more visit the Shopify Help Center or the Community Blog.

FirstMatsUK
Excursionist
24 2 13

Hi Tira.

Still no success, unfortunately.

The shop owner checked their settings, but we just don't have the same options as your screenshot. There are no options to control the export permissions at all.

Regarding your other question, yes I am able to export customer info as well as products.

Any additional ideas? It's really important to solve this as it's a huge security risk for Shopify store owners.

Richard

MJ10
Tourist
6 0 7

HI there

 

we were looking for the same and dont have an option to remove export customer option. how do we get it?

drakedev
Shopify Partner
696 150 237

Unfortunately, at the moment, the possibility to remove the customer export permission for a staff account, is available only on Shopify Plus plans.

I agree that having this possibility for all plans would be helpful. Anyway please consider that if a staff is interested in retrieving the customer data, can just do screenshots of customer list, or use a web scraper to retrieve the data.

Also if a staff account export 51 or more customers, the store owner will receive an email too.

 

 

 

 

If my answer was helpful click Like to say thanks
If the problem is solved remember to click Accept Solution
Shopify/Shopify Plus custom development: You can hire me for simple and/or complex tasks.
FirstMatsUK
Excursionist
24 2 13

Thank you for clearing that up drakedev

I agree that, at least to an extent, if you want to copy or scrape data then there is always a way so long as the person can see it. But I also think that Shopify should be doing more to make that task more difficult for people, especially in this age of GDPR.

Is there an app that could disable this function? If not, then is an app to do this even feasible?

drakedev
Shopify Partner
696 150 237

I am sorry, but usually apps are developed to extend Shopify features, not to limit them.

I am not even sure they would be accepted by Shopify and I also think that is not feasible to create an app that remove this possibility.

I hope that Shopify Community team will report this request to Shopify Developers. You can also create a ticket in your Shopify so that they will track the request and send them to the developers.

If my answer was helpful click Like to say thanks
If the problem is solved remember to click Accept Solution
Shopify/Shopify Plus custom development: You can hire me for simple and/or complex tasks.
Tira
Shopify Staff (Retired)
1260 92 223

Thanks for chiming in and pointing this out, @drakedev. I did some more digging on this after seeing both your post and @FirstMatsUK's post mentioning they could still not see this and you are correct.

The ability to restrict staff accounts from exporting customers would be a permission available on the Shopify Plus plan. Here is a screenshot from our Plan features help doc for Shopify Plus that highlights this:

16-05-70267-28701

As a workaround, I recommend unchecking the box next to the “Customers” permission from the Staff account’s permissions to ensure that the staff account cannot Export orders. This would also restrict their access to the Customers section of the admin. I know this isn’t ideal as you do need your staff to view your Customers in your admin and want to hide the Export option on the Customers page.

I’m happy to send your request to our developers so that they are aware of how much of an impact this would make on your business and merchants’ businesses with regards to GDPR guidelines. If we do move forward with restricting Customer permissions for staff accounts, we will let you and all of our merchants know through our changelog or announcements page. If any other thoughts come up, please add them to this thread and I would be happy to take a look and pass them to our developers.

Cheers,

To learn more visit the Shopify Help Center or the Community Blog.

FirstMatsUK
Excursionist
24 2 13

Hi Tira,

Yes please pass this to the development team. You can't expect your customers to pay the huge fees for the Plus plan just to have access to a security feature that should be available on the most basic of plans. Customer's personal data should be protected as a priority, not as an upgrade.

We can't remove the top-level "customers" permission for the staff members if they work in customer services or sales as they need to create draft orders or just see their details to make contact with them and handle their queries.

Thank you for looking into this for me, but I really feel that it should be taken to the development team.

MJ10
Tourist
6 0 7

Totally agree with @FirstMatsUK 

This is a huge security gap by shopify team by keeping this feature limited to plus plans. a business can loose all data to a disgruntled employee and export all the IP. Please make it a top priority and enable for all shopify plans

Tira
Shopify Staff (Retired)
1260 92 223

Hey, @FirstMatsUK@MJ1010@MJ10.   

Thanks for your additional insights. These are all great points. I’ve submitted your feedback, @FirstMatsUK, that we spoke of previously and your current thoughts to our development team so that they are aware. As I mentioned earlier, if we move forward with this change we will post an update in our changelog or announcements page.

Please continue to post any insights as they come up, we’re always open to hearing what you have to suggest and will forward all insights to our development team. 

Thanks,

To learn more visit the Shopify Help Center or the Community Blog.

MJ1010
Tourist
3 0 3

Hi Tira,

Any idea by when we can expect this update? As this is not a 'good to have' feature but a necessity and security related features, I'd expect some urgency regarding this.

Tira
Shopify Staff (Retired)
1260 92 223

Hey, @MJ1010.

Thanks for the tag. I don't have any updates to share for this feature but I have forwarded your thoughts and concerns to our developers. I know this is an important feature for you and I want to let you know that our developers move forward on requests that receive a lot of feedback from merchants and are continuing to work on developing different features as we speak.

As I mentioned earlier, if there are any updates, we will list them in our changelog or annoucements page, so I recommend taking a look at those pages for future updates. 

Moving forward, any feedback shared here will receive a "Like" to indicate that it has been read and shared with our developer team. 

Thank you,

To learn more visit the Shopify Help Center or the Community Blog.

MJ1010
Tourist
3 0 3

I would presume it is not a matter of feature development but just unlocking this option for non Shopify Plus stores. Please do it at the earliest. If today/tomorrow an employee deletes all customer/product/order data, it would be blood on Shopify's hands. I am waiting for this action by Shopify's team on a daily basis now.

We'd be happy to pay for the higher plan but only when we have enough sales to afford that spend. In that journey losing the whole store should not be a risk we have to take. It does not seem then like you are offering a feature, but like you are deliberately posing a risk/a threat to our stores Shopify.

p.s: I have no association with MJ10 who also commented in this thread.

albertogg
Tourist
3 0 5

Hey Tira,

When I un-mark the options Export customers or Export products and inventory and then click save, permissions are re-marked again and remain selected.

Tira
Shopify Staff (Retired)
1260 92 223

Hey, @albertogg.

Thanks for your reply. The ability to modify the "Export customers" staff permissions is available with a Shopify Plus subscription as mentioned in my previous reply here. What subscription plan are you on? You can check your subscription plan by logging into your Shopify admin, clicking on Settings > Plan

After checking your plan, if you are not on the Shopify Plus plan, what I can do is forward your reply from this thread to our developers so that they are aware that there is a demand for this feature. If we move forward with this, we will update our changlog or annoucements page as I mentioned earlier. Before I pass this onto our developers, I would love to know, why is it important that you disable this option for your staff members? This will help us understand how this would help your business.

Thank you and talk soon,

To learn more visit the Shopify Help Center or the Community Blog.

albertogg
Tourist
3 0 5

Hey Tira,

Thanks for your reply. We currently have the shopify plan (USD 79.00 ). It is really important because we already loosed data from customer and products by a former employee, it is a top priority for us to enable this option and restring information export from employees.

Tira
Shopify Staff (Retired)
1260 92 223

Thank you for the additional details, @albertogg. That is really hard to hear and I can see how this would make an impact on your business. I have forwarded your concerns and thoughts to our developers so that they are aware. If we do move forward with this, we will update all merchants and list it in our changelog or annoucements page. 

As a workaround, I mentioned earlier that you can uncheck the "Customers" permissions from your staff permissions list. This would remove all permissions from accessing the Customers page in the Shopify admin, and would prevent the export of Customers in the admin.

Thank you for your feedback. Everyone, please keep the feedback coming. Please include as many details as you can for your feedback and I will continue to "Like" your posts to indicate that they have been read and submitted to our developer team.

To learn more visit the Shopify Help Center or the Community Blog.

FirstMatsUK
Excursionist
24 2 13

@Tira wrote:

As a workaround, I mentioned earlier that you can uncheck the "Customers" permissions from your staff permissions list. This would remove all permissions from accessing the Customers page in the Shopify admin, and would prevent the export of Customers in the admin.


Thanks for your efforts Tira, but this workaround doesn't work when your staff deal with customers and/or orders.

Look forward to seeing an announcement from Shopify about this as the outcome determined whether we will stick with Shopify or migrate to another platform in the next few months.

albertogg
Tourist
3 0 5

Hello Tira,

Thank you but to uncheck the Customer and Products permission from our staff is not an option and creates also a major problem to us do to employees need to add new customers and, edit or add product (new products, change product cost or selling price, etc).

justdanorm
Shopify Partner
6 0 4

Revisiting this is topic/issue as it is still relevant and still a huge security hole/breach that I can not limit my staff to not be able to steal all of my customers...and also have no way to see if it has been done and by whom...

This is a HUGE problem in countries that have much stricter security and privacy laws (Germany for example) and needs to be a basic feature available to all shop plans.

PBV
Tourist
9 0 5

So basically let me translate this for anyone who is considering Shopify... All of your helpers who need to have any basic access (yes customers are basic, because you won't even be able to see which orders you need to print based on customer) will be able to steal all of your customers at any time with one click and the only way you can protect yourself against this is to upgrade to Shopify Plus which costs a minimum of $2000 per month...?...

Axentherent
Visitor
1 0 5

is there any update on this topic yet? I agree that this is a huge risk to allow staff to access my account in this way. They can download all and every info regarding customers in both customers and sales orders. It's unreasonable to only provide data security for Shopify plus accounts who are willing to pay +2000 per month.

HennyLoc
Tourist
3 0 4

yea I cant believe  what a security risky this is posing! . An employee could also delete and download all your products. I have barely started with Shopify and this makes me want to leave! This is a BIG worry!!! 

discourselabs
Shopify Partner
3 0 2

I need this functionality too. Same problem as everyone else here on this thread.