I am using Web Pixels to collect some analytics related to my app. For this according to web pixels documentation, I had to update my app to use “write_pixels” and “read_customer”events” access_scope. However after doing so, permission details of the app show that our app has access to customer phone number, email and other PII, but I do not need any of this. Is there a more granular access scope specifically for collecting analytics without customer private information? What is the way around this?
I dug into Shopify’s docs to see what options there are — the short of it is: no, there isn’t a super-fine-grained scope just for analytics via Web Pixels that excludes all personal data / PII. But there are ways to limit what data you collect, how you declare it, and how Shopify handles consent & privacy. Here’s a summary + what you can do.
-
The Web Pixels API requires scopes like write_pixels and read_customer_events to create & send pixel events.
-
The read_customers and write_customers scopes are separate; those give broader access to customer data (their profiles, emails, addresses, etc.).
-
“Protected Customer Data” is a thing: even if your app doesn’t need full customer PII, some API endpoints or data fields are considered “protected” and by default not available unless approved and declared.
-
Shopify has a Customer Privacy API and Pixel Privacy settings which are meant to help control what data gets collected, based on user consent.
Yeah but if the write_pixels and read_customer_events is to only create and send pixel events, then why does Shopify show that we can access customer PII?
Hey @Abhiroop-StarApps, can you double check your current access scopes? The reason I ask is I tested this with only the following scopes
scopes = "read_customer_events, write_pixels"
With these scopes, my admin doesn’t show the more broad scopes that you are seeing. There may be additional scopes you have added causing the view personal data fields.
query CurrentAppInstallation{
currentAppInstallation {
accessScopes {
handle
}
}
}
Hey I double checked, you’re looking at the permission details section, if you scroll up and check the Privacy Details section, you will see the personal info scopes. Also the same is visible on installation or reauth screen.
I also checked my access scopes using your given query -
{:currentAppInstallation=>
{:accessScopes=>
[{:handle=>“write_products”},
{:handle=>“read_themes”},
{:handle=>“write_script_tags”},
{:handle=>“read_locales”},
{:handle=>“read_translations”},
{:handle=>“read_markets”},
{:handle=>“unauthenticated_read_product_listings”},
{:handle=>“unauthenticated_read_product_inventory”},
{:handle=>“write_inventory”},
{:handle=>“read_locations”},
{:handle=>“write_publications”},
{:handle=>“read_metaobjects”},
{:handle=>“read_metaobject_definitions”},
{:handle=>“read_customer_events”},
{:handle=>“write_pixels”},
{:handle=>“read_products”},
{:handle=>“read_script_tags”},
{:handle=>“read_inventory”},
{:handle=>“read_publications”},
{:handle=>“read_pixels”}]}}
Thanks for that clarification. I removed the read_customer_events scope and that then did not include the customer information
Can you clarify if your app is currently published in the app store or are you seeing this in a development environment? The reason I ask is I would expect the details shown here to be limited to what you have requested for protected customer data access, however development stores and custom apps haven’t yet gone through the review process so may show all fields that are specific to the scopes.