How to make sure to adhere to Shopify's "Protected customer data access" policies
In the "Data protection details" when applying to get access to "Protected customer data access" Shopify asks about data retention policies and especially about storage and if data is encrypted at rest.
To calculate a stores revenue, we will need to access the orders of the last 1-2 months / 30 days, which fall under protected customer data, as far as we know.
Is there a way in Gadget to adhere to Shopify's standard and guarantee, that the order data is stored encrypted? Or is this done by default anyway?
Shopify is not that good at defining what counts as "encrypted" in their eyes 🙂
2 Replies
Hello,
Everything that's in those forms is already handled by the Gadget platform. You can simply say yes to all them
Amazing! Thank you.
Then I won't take more time to go through every piece of https://shopify.dev/docs/apps/launch/protected-customer-data#request-access-to-protected-customer-data:~:text=Encrypt%20data%20at%20rest%20and%20in%20transit.
Shopify
Work with protected customer data
Learn about privacy and security requirements for protected customer data and personally identifiable information (PII).