If anyone is using the Remix Shopify CLI template and wants to add the GDPR compliance webhooks (customers/data_request, customers/redact, shop/redact), here’s a minimal working setup.
shopify.app.toml
Use the compliance_topics field inside a webhook subscription:
[webhooks]
api_version = "2026-01"
[[webhooks.subscriptions]]
compliance_topics = ["customers/data_request", "customers/redact", "shop/redact"]
uri = "/webhooks"
No normal topics field is required for these — only compliance_topics.
Remix webhook handler
import { authenticate } from "../shopify.server";
export const action = async ({ request }) => {
try {
const { topic, shop } = await authenticate.webhook(request);
console.log(`Received ${topic} webhook for ${shop}`);
switch (topic) {
case "CUSTOMERS_DATA_REQUEST":
console.log("CUSTOMERS_DATA_REQUEST");
break;
case "CUSTOMERS_REDACT":
console.log("CUSTOMERS_REDACT");
break;
case "SHOP_REDACT":
console.log("SHOP_REDACT");
break;
default:
return new Response("Unhandled webhook topic", { status: 404 });
}
return new Response("Webhook received", { status: 200 });
} catch (error) {
if (error instanceof Response) throw error;
return new Response("Internal Server Error", { status: 500 });
}
};
Notes for developers
- Compliance webhooks do not appear in the Partner Dashboard webhook list.
- Shopify automatically registers them internally once the app is installed.
- They trigger normally and hit your
/webhooksroute just like other webhooks.