Hi all,
If this topic has already been discussed somewhere, I apologize, but I couldn’t find it.
As a beginner in Shopify, I have an observation and concern, possibly resulting from ignorance: does installing various add-ons and applications in the store expose the store to unwanted activities? I have noticed that virtually all applications require access to confidential data, such as orders and customers.
If it is a proven application from a well-known provider, then we can trust that it is not simply a way to extract data, but most solutions are of unknown origin.
I would be grateful for clarification.
Paweł Jońca
Unfortunately, you’re about right.
I’ve seen a lot of apps which turned rogue and all of a sudden decided to redirect visitors to a different site, but at least, this behaviour is visible and can be tracked down.
You never can tell what an app does with the data you gave it access to, like product inventories or cost of goods. Or your actual sales data.
This information can easily be sold to 3rd parties.
I’ve personally built a custom form app, and by nature, this type of app is designed to collect information from customers.
Shopify requires certain customer data to be synced back to the merchant’s store—for example, customer profile information—so that all customer data can be centrally stored and managed within Shopify. Because of this, the app doesn’t just request the read_customers permission, but also write_customers.
The app also needs read_orders access. For use cases like product support tickets or warranty claims, we want customers to be able to select an order from an auto-filled list instead of manually typing an order number, which reduces errors and improves the user experience. By default, apps can only access a customer’s orders from the past 60 days. In our case, we submitted a request to Shopify for extended order access to support longer warranty and support timelines.
Hopefully this helps explain why some apps legitimately need access to customer and order data.
With that said, you should always review an app provider’s Terms of Service to understand what store data is being accessed, why it’s needed, and how the app handles and protects your data.