Compliance Webhooks

Technical Q&A

Topic summary

A developer created a Shopify Remix app that collects store and owner information but no customer data, and is unsure whether mandatory GDPR compliance webhooks are still required.

Resolution Provided:

Shopify mandates all public apps subscribe to three GDPR compliance webhooks regardless of data collection practices:

  • customers/data_request - handles requests to view customer data
  • customers/redact - handles customer data deletion requests
  • shop/redact - handles shop data deletion requests

Implementation Guidance:

  • Even without storing customer data, endpoints must be created to receive these webhooks
  • Endpoints should return a 200 OK status to acknowledge receipt, even if no action is taken
  • JavaScript/Express code examples were provided showing basic webhook handlers
  • Webhooks must be registered through the Shopify Partner Dashboard or app configuration file

This ensures compliance with privacy laws and Shopify’s app requirements for public apps.

Summarized with AI on November 5. AI used: claude-sonnet-4-5-20250929.
1

I ve created shopify remix app which collects store information, owner details not the customer data so I didnt add any scopes for customer and order . but three mandatory webhooks needs to be subscribed for Customer data request, Customer data erasure, Shop data erasure but I didnt collect any consumer data what to do in this case ?

2

This is Amelia from PageFly - Landing Page Builder App

Shopify requires all public apps to subscribe to the mandatory GDPR compliance webhooks. This ensures that your app can handle any potential data requests in compliance with privacy laws. Here’s what you can do:

  1. Implement the Mandatory Webhooks:

    • You need to set up endpoints for the following webhooks:
      • customers/data_request: Handles requests to view stored customer data.
      • customers/redact: Handles requests to delete customer data.
      • shop/redact: Handles requests to delete shop data.

  2. Handle the Webhook Requests:

    • Even if your app doesn’t store customer data, you should still respond to these webhooks. You can set up your endpoints to return a 200 OK status, indicating that the request was received and processed, even if there’s no data to act on.

    • Here’s a basic example of how you might handle these webhooks in your app:
      JavaScript

      app.post('/webhooks/customers/data_request', (req, res) => {
  // Process the data request
  res.status(200).send('Data request received');
});

app.post('/webhooks/customers/redact', (req, res) => {
  // Process the data erasure request
  res.status(200).send('Data erasure request received');
});

app.post('/webhooks/shop/redact', (req, res) => {
  // Process the shop data erasure request
  res.status(200).send('Shop data erasure request received');
});

      AI-generated code. Review and use carefully.

  3. Register the Webhooks:

    • Make sure to register these webhooks in your Shopify Partner Dashboard or through your app’s configuration file.

Hope that my solution works for you.

Best regards,

Amelia | PageFly