Shopify Enforces Protected Customer Data Scopes for Web Pixel PII Access

Shopify Enforces Protected Customer Data Scopes for Web Pixel PII Access

Shopify Updates: 

Overview of the Change

Starting on December 10th, 2025, Shopify will enforce its protected customer data policy for all web pixel extensions. Personally identifiable information (PII) like customer name, email, phone, and address fields will require app approval for specific protected scopes to remain accessible in web pixel payloads.

What’s Changing?

  • Web pixel payloads will be filtered at runtime based on approved access scopes.
  • Fields for which your app lacks approval will return null.
  • The event data structure will remain stable.
  • This enforcement applies to all Shopify surfaces, including storefront, checkout, and customer accounts.
  • Custom pixels are excluded from this change.

Protected Scopes Affected

Scenarios requiring approval for specific scopes include:

  • read_customer_name for customer name.
  • read_customer_email for customer email.
  • read_customer_phone for phone numbers.
  • read_customer_address for shipping and billing addresses.
  • read_customer_personal_data for other personal data.

For example, an app without approval for read_customer_email will receive null in the email field of pixel payload data:

{ "event": "checkout_completed", "customer": { "email": null, // null if not approved for read_customer_email "first_name": null // null if not approved for read_customer_name }, "shipping_address": { "first_name": null, // null if not approved for read_customer_name "address_1": null // null if not approved for read_customer_address } }

What Does Not Change

  • Non-PII data events will continue firing normally.
  • Analytics, conversion tracking, and non-PII functionality will remain unaffected.

What You Need to Do

  1. Review and Request Access: Submit a request for protected scopes required by your app. Ensure that you only request the scopes your app uses. Refer to Shopify's Protected Customer Data Policy for further guidance.
  2. Update Your Code Paths: Adjust your code to handle null values for gated fields without breaking event handling or analytics pipelines.
  3. Test Across Surfaces: Verify your app's functionality for storefront, checkout, and customer accounts to ensure compatibility.
  4. Submit Requests Early: If you need continued access to PII fields after December 10th, 2025, submit your requests as soon as possible.

No downtime is expected, and apps previously approved for protected customer data or resilient to null values require no additional action.

Need Help?

If you have questions, visit the Developer Community forums to join the discussion.

Back to blog