Developer

Privacy, export, deletion, and auditability

Supports compliance workflows for exporting or deleting visitor/user data and auditing sensitive operational actions.

Simple terms

Privacy endpoints help export or delete user/visitor data and keep records of sensitive changes.

Supports compliance workflows for exporting or deleting visitor/user data and auditing sensitive operational actions.

Routes

  • /api/v1/data-export
  • /api/v1/data-deletion

For the merchant-facing privacy workflow, start with GDPR export and deletion, Consent and regional compliance, and Developer access and data.

Implementation behavior

  • Public privacy endpoints accept authenticated server-to-server requests scoped by shop API key.
  • Export looks up relevant visitor/user data across persisted records and analytics where supported.
  • Deletion requests remove or anonymize records according to the implemented data path.
  • Audit logs and operational records preserve changes to experiments and admin-sensitive workflows.

How to use it

  • Use data export for access requests and data deletion for erasure workflows.
  • Pass stable visitor/user identifiers so the request can find the right records.
  • Keep privacy automation server-side with secret API keys.
  • Check audit logs when reconstructing who changed experiment or integration state.

When not to use it

  • Do not run privacy requests from browser code or public clients.
  • Do not assume one identifier finds every record if visitors were anonymous or cookies changed.
  • Do not skip audit review for sensitive admin or experiment changes.

Implementation source

  • Public handlers live under /api/v1/data-export and /api/v1/data-deletion.
  • Privacy-related handlers use shop-scoped API key authentication.
  • The implementation spans relational shop data and analytics/event identifiers, with retention limits depending on storage path.

Data and API

  • Public APIs: /api/v1/data-export and /api/v1/data-deletion.
  • Internal privacy/admin APIs and audit-log models.
  • Event data, visitor/session identifiers, experiment assignment data, and shop-scoped relational records.

Failure modes

  • Request cannot find data: identifier mismatch or events not linked to a user ID.
  • Partial deletion risk: analytics and relational stores have different retention paths.
  • Do not run privacy workflows with client-exposed keys.