Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From shopify-pack
Implements Shopify GDPR/CCPA webhooks for customer PII handling, data requests, redaction, and shop deletion using TypeScript examples.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin shopify-packHow this skill is triggered — by the user, by Claude, or both
Slash command
/shopify-pack:shopify-data-handlingThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Handle customer PII correctly when building Shopify apps. Covers the mandatory GDPR webhooks, data minimization, and the specific privacy requirements Shopify enforces for App Store submission.
Registers Shopify webhooks via GraphQL, configures GDPR subscriptions in shopify.app.toml, and implements handlers with HMAC verification for events and App Store compliance.
Provides expert patterns for Shopify app development including Remix/React Router setup, embedded apps with App Bridge, webhook handling, GraphQL Admin API, Polaris components, billing, and app extensions.
Secures Shopify apps via HMAC webhook verification, session token validation, OAuth scope checks, CSP headers, GDPR webhooks, and input sanitization.
Share bugs, ideas, or general feedback.
Handle customer PII correctly when building Shopify apps. Covers the mandatory GDPR webhooks, data minimization, and the specific privacy requirements Shopify enforces for App Store submission.
When a merchant grants your app access, you may receive:
| Data Type | Source | Sensitivity | Retention Obligation |
|---|---|---|---|
| Customer email, name, phone | read_customers scope | PII — encrypt at rest | Delete on customers/redact |
| Shipping addresses | read_orders scope | PII — encrypt at rest | Delete on customers/redact |
| Order details (amounts, items) | read_orders scope | Business data | Delete on shop/redact |
| Product data | read_products scope | Public | Delete on shop/redact |
| Shop owner email | read_shop scope | PII | Delete on shop/redact |
Shopify requires three GDPR webhooks for App Store apps. Your app will be rejected without them.
// 1. customers/data_request — Customer requests their data
// Shopify sends this when a customer asks the merchant for their data
async function handleCustomerDataRequest(payload: {
shop_domain: string;
customer: { id: number; email: string; phone: string };
orders_requested: number[];
data_request: { id: number };
}): Promise<void> {
// Collect all data you store about this customer
const customerData = await db.customerRecords.findMany({
where: {
shopDomain: payload.shop_domain,
shopifyCustomerId: String(payload.customer.id),
},
});
const orderData = await db.orderRecords.findMany({
where: {
shopDomain: payload.shop_domain,
shopifyOrderId: { in: payload.orders_requested.map(String) },
},
});
// You have 30 days to respond
// Email the data to the merchant (or make it available via your app)
await sendDataExport({
requestId: payload.data_request.id,
shop: payload.shop_domain,
customer: customerData,
orders: orderData,
});
}
// 2. customers/redact — Delete specific customer's data
async function handleCustomerRedact(payload: {
shop_domain: string;
customer: { id: number; email: string; phone: string };
orders_to_redact: number[];
}): Promise<void> {
// Delete ALL personal data for this customer
await db.customerRecords.deleteMany({
where: {
shopDomain: payload.shop_domain,
shopifyCustomerId: String(payload.customer.id),
},
});
// Anonymize order records (keep for accounting, remove PII)
for (const orderId of payload.orders_to_redact) {
await db.orderRecords.update({
where: { shopifyOrderId: String(orderId) },
data: {
customerEmail: null,
customerName: null,
shippingAddress: null,
// Keep: orderId, total, line items, timestamps
},
});
}
// Log the deletion (keep audit record)
await db.auditLog.create({
data: {
action: "CUSTOMER_DATA_REDACTED",
shop: payload.shop_domain,
customerId: String(payload.customer.id),
timestamp: new Date(),
},
});
}
// 3. shop/redact — Delete ALL data for a shop (48h after uninstall)
async function handleShopRedact(payload: {
shop_id: number;
shop_domain: string;
}): Promise<void> {
// Delete EVERYTHING related to this shop
await db.customerRecords.deleteMany({
where: { shopDomain: payload.shop_domain },
});
await db.orderRecords.deleteMany({
where: { shopDomain: payload.shop_domain },
});
await db.sessions.deleteMany({
where: { shop: payload.shop_domain },
});
await db.appSettings.deleteMany({
where: { shopDomain: payload.shop_domain },
});
console.log(`All data deleted for ${payload.shop_domain}`);
}
// BAD: Fetching all customer fields when you only need the name
const ALL_FIELDS = `{
customer(id: $id) {
id firstName lastName email phone
addresses { address1 city province country zip phone }
orders(first: 100) {
edges { node { id name totalPrice shippingAddress { ... } } }
}
metafields(first: 20) { edges { node { key value } } }
}
}`;
// GOOD: Only fetch what you actually use
const MINIMAL_FIELDS = `{
customer(id: $id) {
id
displayName
numberOfOrders
amountSpent { amount currencyCode }
}
}`;
// Prevent customer PII from leaking into logs
const PII_PATTERNS = [
{ name: "email", pattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g },
{ name: "phone", pattern: /\+?\d{10,15}/g },
{ name: "credit_card", pattern: /\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b/g },
];
function redactPII(text: string): string {
let result = text;
for (const { name, pattern } of PII_PATTERNS) {
result = result.replace(pattern, `[REDACTED:${name}]`);
}
return result;
}
// Use in logging middleware
function safeLog(message: string, data: any): void {
const safeData = JSON.parse(redactPII(JSON.stringify(data)));
console.log(message, safeData);
}
// Automatic cleanup — run daily via cron
async function enforceRetentionPolicy(): Promise<void> {
const now = new Date();
// Delete API request logs older than 30 days
await db.apiLogs.deleteMany({
where: { createdAt: { lt: new Date(now.getTime() - 30 * 86400000) } },
});
// Delete webhook event logs older than 90 days
await db.webhookLogs.deleteMany({
where: { createdAt: { lt: new Date(now.getTime() - 90 * 86400000) } },
});
// Keep audit logs for 7 years (regulatory requirement)
// Never auto-delete audit records
console.log("Retention policy enforced");
}
| Issue | Cause | Solution |
|---|---|---|
| App Store rejection for GDPR | Missing webhook handlers | Implement all 3 mandatory webhooks |
| Customer data not found | Data already deleted | Return empty response (not an error) |
| shop/redact not received | App reinstalled before 48h | Shopify cancels redact if reinstalled |
| PII in logs | Missing redaction | Add redaction middleware to all loggers |
# Simulate a customers/data_request webhook locally
curl -X POST http://localhost:3000/webhooks/gdpr/data-request \
-H "Content-Type: application/json" \
-H "X-Shopify-Topic: customers/data_request" \
-H "X-Shopify-Shop-Domain: test.myshopify.com" \
-d '{
"shop_domain": "test.myshopify.com",
"customer": {"id": 123, "email": "test@example.com", "phone": "+1234567890"},
"orders_requested": [1001, 1002],
"data_request": {"id": 999}
}'
For enterprise access control, see shopify-enterprise-rbac.