Mandatory GDPR webhooks for all apps

Ryan
Shopify Staff
492 42 113

Hi Shopify Devs,

 

In response to the General Data Protection Regulation (GDPR), we've introduced some important changes to our platform to help you properly handle the privacy and security of customers’ personal information.

 

New mandatory webhooks

Two new mandatory webhooks are available to every public app:

  1. customers/redact: When a buyer requests deletion of their personal information from a store owner, Shopify will send a HTTP POST request for the customers/redact topic to all apps installed on that shop that have been granted access to customers or orders data. Upon receipt of the webhook, the app should delete the customer’s personal information associated to that shop specifically.

  2. shop/redact: 48 hours after a shop uninstalls your app, Shopify will send an HTTP POST request for the shop/redact topic. Upon receipt of the webhook, the app must delete all customers’ personal information associated with that shop.

These webhook subscriptions can be managed from your partner dashboard, in the App Info tab of your apps settings. Going forward, all public apps must subscribe to the new mandatory webhooks and confirm the receipt of each redaction request by responding with a 200 series status code.

 

GDPR Resources

We’ve added a number of resources on Data and user privacy under GDPR.  This includes a sample Privacy Policy Template as well other guidance to help you better understand your privacy choices as a Shopify app developer.

Other resources we’ve released include a a new Partner’s Blog post What App Developers Need To Know About GDPR (4 minute read), and the Shopify GDPR Whitepaper.

 

If you have any questions or concerns, please don’t hesitate to comment in the thread below.

Shopify Apps Team

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Replies 76 (76)
Ryan
Shopify Staff
492 42 113

We were collecting all redaction requests, even though we weren't sending out the webhooks.  We are now processing this queue and sending those webhooks through.  Duplicates can occur on stores that uninstall and reinstall apps frequently for whatever reason.  If it doesn't look like these are valid, please let us know.

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Amit_Klausner
New Member
5 0 0

Hey Ryan,

We're experiencing duplicates for stores that have uninstalled us only once. 

A shop/redact webhook was sent to the same customer every day of the dates I've previously mentioned. 

Could you please let me know to what email we should send additional data on this if necessary?

Ryan
Shopify Staff
492 42 113

Hi Amit,

I'll email you at the address on your forum account.  You can provide me more information there.

Ryan

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

richard5
New Member
2 0 0

Hello Ryan,

We are also receiving multiple redaction requests for shop data, even though the user has only removed the store once. This appears to come in 2 days apart ... so far we have seen two or three webhooks for the same uninstall event. Total of ~20 redundant redaction requests. Please advise. Thanks.

richard5
New Member
2 0 0

Hello @Ryan O,
 
Please advise on the above.

Thanks,

Richard
Head of Product
Parcel Perform

Ryan
Shopify Staff
492 42 113

Hey Richard,

A fix went already went out for this issue, if its still occuring please let me know.

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

rodneyT94
Shopify Partner
2 0 4

Hello Ryan, 

Can Shopify build test feature that allows developers to test the mandatory webhooks? Something that triggers these webhooks immediately would be great. As a developer, I need to make sure my app receives and responds to the webhook post request correctly.

Thank you,

Rodney