Starting December 10th, 2025, Shopify is enforcing its protected customer data policy for all web pixel extensions. Customer personally identifiable information (PII)—including names, emails, phone numbers, and addresses—will only appear in web pixel payloads when your app has been approved for the corresponding protected scopes. Web pixel payloads will now be filtered at runtime based on your app's approved access permissions.
This change significantly impacts how developers access and handle sensitive customer data through web pixels. If your app isn't approved for specific protected scopes, those PII fields will be automatically removed from payloads, potentially breaking features that rely on customer information. Developers need to proactively request the appropriate scopes and ensure their apps comply with Shopify's data protection standards to maintain functionality.
GetShopifyToken streamlines OAuth scope management for Shopify developers, making it easier to request, track, and implement protected scopes. Our platform helps you handle authentication flows correctly so your apps can access the customer data they need while maintaining compliance with Shopify's security standards.