is there any update on this topic yet? I agree that this is a huge risk to allow staff to access my account in this way. They can download all and every info regarding customers in both customers and sales orders. It’s unreasonable to only provide data security for Shopify plus accounts who are willing to pay +2000 per month.
Topic summary
Issue: Merchants want to prevent staff from exporting customer data while retaining access needed for draft orders and customer service.
Current capability: Restricting the “Export customers” permission is available only on Shopify Plus. Non‑Plus stores cannot disable export without removing the entire Customers permission, which blocks necessary workflows.
Attempts and findings: Some users could not see the export toggle; after investigation, Shopify confirmed it’s Plus‑only. On non‑Plus plans, unchecking export options reverts after saving.
Risks and concerns: Strong GDPR (EU data protection) and security worries, including reports of actual data loss by a former employee. Multiple requests to make this a basic feature across all plans; Plus cost (~$2000/month cited by users) viewed as unreasonable for fundamental data protection.
Detection/monitoring: Store owner receives an email if 51+ customers are exported. Users note limited audit visibility of who exported data.
Apps/alternatives: No app can disable native export; suggestion to submit support tickets. Workaround to revoke Customers access is not viable for customer‑facing roles.
Status: Shopify staff have forwarded feedback to developers; no timeline or resolution. Any changes will be announced via the changelog or announcements page. Screenshots were central to clarifying availability of the permission.
5 Likes