Is there a prescription subscription app without customer data access?

Shopify Apps

Topic summary

A user seeks a subscription app that doesn’t access customer information, likely for privacy or compliance reasons.

Key Responses:

  • Shopify representative notes that most subscription apps require customer data to function properly. Suggests either:

    • Outlining specific requirements to find suitable apps
    • Using Shopify Experts marketplace for custom solutions

  • Community member provides a direct answer: No standard app exists without data access.

  • Developer perspective offers a viable solution:

    • Standard third-party apps won’t work for sensitive data like prescriptions
    • Custom/private apps can be built to handle HIPAA-compliant scenarios
    • These apps operate outside Shopify’s customer/order systems
    • Must use proper encryption standards, key management, and audit logging
    • Third-party apps typically won’t sign required Business Associate Agreements (BAA)

Conclusion: While no off-the-shelf subscription app avoids customer data access, custom development can address compliance needs for sensitive information like prescription data.

Summarized with AI on October 30. AI used: claude-sonnet-4-5-20250929.
1

is there a subscription app which DOES NOT have access to customer information?

2

Hi, @itear100 !

Thanks for reaching out in our Community forums and for sharing your concern, I’d be happy to help.

I appreciate you taking an extra step to protect customer information when it comes to using third party apps. Although each app has measures in place to ensure the data is secure, I do believe that certain apps require specific information to operate. Are you able to outline your specific requirements and I can look to see the most appropriate solution.

If you are looking for a more custom solution without the use of a third party app, then I recommend speaking with Shopify Experts. This is a marketplace that connects you to professionals in a variety of fields related to your e-commerce business. Doing so will allow you to outline your exact requirements and specifications. If you would like to know more about finding the right Expert, please click here.

Feel free to reply back to this thread with any questions or updates and we can continue our conversation further!

3

The short answer is no.

4

We do this all the time for our HIPAA compliant / Medical customers that deal in PHI information like prescriptions. You have to do it with a custom/private app that acts outside of the Shopify customer and order information and stores the data in a HIPAA-compliant manner. E.g. uses NIST approved encryption standards, TDE, key server & key rotation and so on.

A 3rd-party app would never work for this because you’d be sending PHI to an entity that probably is not going to sign the required BAA agreement you’d need in order to be compliant. They also probably not logging in a way that complies with the HIPAA audit rule.

These apps are not difficult to create, it’s just that 90% of the ones we see are not doing in a HIPAA compliant manner.

Happy to talk with anyone interested in learning more if they have that need.