We’re sharing an update on a new set of features rolling out to merchants. This is part of a broader investment to build a more transparent app ecosystem that helps merchants build greater trust with the apps they use while giving developers better ways to demonstrate value.
What’s live now
We’re giving merchants more visibility into how apps interact with their stores. Merchants can now go to Settings > Apps and select any installed app to see:
Admin API activity: Request volume by permission area over the last 30 days, so merchants can understand how actively an app is using its access.
Data privacy details: A clear breakdown of which scopes touch sensitive customer data versus other personal data.
Permission change history: A timeline showing when app permissions were granted or updated.
This information is based on your app’s declared scopes and actual Admin API usage. No action is required from you, this is surfaced automatically for all installed apps.
We’ve also introduced new privacy categories on the app install grant screen and in App Store listings for apps using Shopify Managed Install. Sensitive customer data is now clearly separated from other personal data, giving merchants a better understanding of what they’re granting access to. This uses your existing declared scopes.
Best practices reminder
As you know, best practice is to only request access to scopes that you need. With merchants now having more visibility into app permissions and activity, it’s a great time to review your app’s permission and privacy best practices:
Ensure your app only requests scopes it needs to function. If your app has permissions it only needs for certain features, consider using optional scopes and only asking merchants to grant access when needed.
Keep your privacy policy up to date and clearly explain how you handle merchant and customer data
Review your App Store listing to make sure it accurately reflects what your app does
What’s next
We’re currently working on bringing API activity data into your dashboard, so you’ll be able to see the information merchants see with additional detail, directly in your Dev Dashboard. Stay tuned for more on that.
This is the first step in a larger effort to build a healthier, more transparent app ecosystem, one that benefits both merchants and developers. Let us know if you have any questions.
Our app is authorized on level 1, checking order payloads confirms that we do not receive email addresses or other personal data, but the Privacy section still says that we have access to Name, Email:
Thanks for flagging this! We’ve fixed the issue, and the Privacy section should now reflect the Protected Customer Data level your app is approved for and the data it actually has access to.
Feel free to take another look when you have a chance.
Thanks!
Update: Your app’s Extensions and Functions are now visible to merchants in Settings > Apps
Following up on our March 10 post about app transparency features, merchants can now see where your app’s Extensions, Functions, and Pixels are active across their store.
What’s live:
When merchants go to Settings > Apps and select your app, they now see:
Which Extensions and Functions are active
Which Extensions and Functions your app offers but the merchant hasn’t activated yet
Any Function errors your app is producing
Pixel details such as connection status and data access mode
This information pulls from your app’s existing configuration. No new integration work is required.
When merchants clearly understand how your app shows up in their workflows and customer experience, they’re more likely to turn on your Extensions and Functions, onboard smoothly, and reach value faster. Clear, simplified data access builds confidence from day one and drives higher adoption, easier activation, and stronger trust in your app over time.
Best practices reminders:
Merchants are looking at your extension names, your function reliability, and your app’s footprint. The apps that look best are the ones that:
1. Use clear, descriptive extension names. “Post-purchase upsell offer” communicates value. “ext_upsell_v3” does not. Review your extension names and update anything that won’t make sense to a non-technical merchant.
2.. Only register extensions they need. If your app has dormant or experimental extensions registered, merchants see those too. Clean up anything that isn’t ready for production.
3. Keep Functions healthy. Function errors are even more visible to merchants. Monitor your Functions and resolve errors quickly.
