Request protected customer data scopes for web pixel PII access before December 10th, 2025

Announcements
1

We’re updating how customer personally identifiable information (PII) appears in web pixel events. Starting on December 10th, 2025, apps will only receive PII in pixel payloads if they are approved for Shopify’s Protected Customer Data access scopes. Apps without approval will continue to receive events, but PII fields will be null. Event structure remains the same.

What’s changing

  • Runtime filtering applies across storefront, checkout, and customer accounts

  • Gated fields include name, email, phone, and address

  • Custom pixels are out of scope for this change

Protected scopes enforced

  • read_customer_name

  • read_customer_email

  • read_customer_phone

  • read_customer_address

  • read_customer_personal_data

What you need to do

  • Review scopes: Confirm you have approval for any protected scopes your app needs.

  • Handle nulls: Update code paths and analytics pipelines to gracefully handle null values for gated fields.

  • Test surfaces: Verify behavior on storefront, checkout, and customer accounts.

If you require access to this data, follow the steps outlined in the Protected Customer Data documentation to request access for your app.

FAQ

Q: Will my app stop receiving events?
A: No. Events still fire. Gated fields are set to null when not approved.

Q: Which pixels are affected?
A: App web pixel extensions. Custom pixels are not in scope.

Q: Does this affect server pixels?
A: Not in this phase.

Q: What happens if we apply for scopes later?
A: Once approved, gated fields will populate automatically on subsequent events.

Q: How long does the Protected Customer Data approval process take?
A: We can’t offer a specific time frame, but we recommend submitting your request as soon as possible to ensure you have the permissions you need before changes start happening on December 10th.

Q: What if I don’t finish the approval process before December?
A: Your app will continue functioning normally, but PII fields will be null until approval is granted. Once approved, data will flow automatically with no code changes needed.

Q: What happens to analytics data I’ve already collected?
A: Historical data is unaffected. This only applies to new events after this change takes effect starting on December 10th, 2025. Cross-device attribution may be impacted if it relies on email or phone number to match customers.

Q: Is there a way to know if my app is already approved?
A: Check your app’s settings in the Partner Dashboard.

Thank you for helping keep customer data safe and compliant.

1 Like
2

Hey @Desirae-Shopify

Is this why I face this issue?

3

Hi Naveen!

Since we can’t tell which specific app you’re referring to, I can’t check specifics, but here is some additional information from the team!

Only apps that have been reviewed and approved by Shopify for protected customer data access can:

  • Request the relevant scopes (for example, read_orders / read_all_orders depending on context), and

  • Subscribe to or update webhooks on protected topics like orders/updated.

Specific to your question, orders/updated is a protected topic because it can include sensitive customer data.

Because your app doesn’t have that approval, the Admin API returns:

“You do not have permission to create or update webhooks with orders/updated topic. This topic contains protected customer data.”

To move forward, you have three options:

  1. Apply for protected customer data access (if appropriate):

    • In your Partner Dashboard, go to your app → Settings → Data and privacy.

    • Fill out the protected customer data access request (explain why you need the data, how you store it, security, etc.).

    • After approval, you can create/update orders/updated webhooks.

  2. Use a non‑protected topic instead (if your use case allows):

    • For example, orders/create is often sufficient if you only need data at creation time. If you removed orders/updated, you might be able to resolve the error and rely on orders/create alone.

    • Other topics like orders/paid, orders/fulfilled, etc., might cover the events you need without accessing orders/updated.

  3. Use less sensitive APIs or fields:

    • If you only need non-identifying order info, consider whether another topic or API endpoint can provide it without requiring protected access.