Action Required

Enforcing policies for web pixel data protection

Learn about Shopify's protected customer data enforcement for web pixels, its impact on app functionality, and steps to ensure compliance.
November 10, 2025
copy link

Executive summary:

  • Web pixel data policy enforcement begins December 10th, 2025.
  • Access to customer PII requires app approval for protected scopes.
  • Developers must update apps to handle null fields in pixel events.

What changed

Shopify is implementing a stricter policy for web pixel data handling. Starting December 10th, 2025, web pixel payloads containing customer personally identifiable information (PII) will be subject to access restrictions. Only apps with approved scopes will receive this data, with others receiving null values in those fields. This change affects all Shopify web pixel surfaces, including storefront, checkout, and customer accounts. Notably, custom pixels are excluded from this policy.

Why it matters

This policy ensures enhanced privacy and data protection for customer information, aligning with stringent regulatory standards. Shopify Plus merchants benefit from bolstered customer trust and security compliance, reducing the risks associated with data breaches involving sensitive customer information.

Role-specific impact

  • Marketers: Must ensure marketing analytics strategies incorporate non-PII data creatively as customer PII access becomes more restricted.
  • Developers: Developers are tasked with updating app logic to gracefully handle null data in pixel payloads, ensuring analytics pipelines remain functional.
  • Store admins: Store administration needs to verify all apps have the necessary scope approvals or ensure continuity by switching to compliant alternatives.

Use-case example

Real-world scenario & metric

A large retailer implements this policy, seeing a significant reduction of PII transfer errors in their API logs. By pre-emptively updating apps and securing necessary scopes, they maintain 98% data accuracy in marketing analyses, positively impacting return on ad spend.

Implementation checklist

  1. Audit existing apps for scope requirements.
  2. Request necessary scope approvals via the Partner Dashboard.
  3. Refactor app code to manage null fields in data payloads.
  4. Test app performance across Shopify surfaces.
  5. Submit apps for data protection review as early as feasible.

FAQ

Q: What happens if my app doesn't have scope approval?
A: Fields will be set to null, making event data potentially incomplete for analysis.

Q: Are custom pixels subjected to this policy?
A: No, custom pixels fall outside the scope of these policy changes.

Resources

Learn more in the Shopify Protected Customer Data Policy.

Need guidance? Talk to Makro.

Get Shopify Updates in your Inbox

Subscribe and get Shopify update in your inbox weekly!
*
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.