---
title: Protected customer data scopes required for web pixel PII access starting on December 10th - Shopify developer changelog
description: Shopify’s developer changelog documents all changes to Shopify’s platform. Find the latest news and learn about new platform opportunities.
source_url:
  html: https://shopify.dev/changelog/protected-customer-data-scopes-required
  md: https://shopify.dev/changelog/protected-customer-data-scopes-required.md
---

[Back to Developer changelog](https://shopify.dev/changelog)

November 10, 2025

Tags:

* Action Required
* Platform

# Protected customer data scopes required for web pixel PII access starting on December 10th

We will be enforcing Shopify's protected customer data policy for all web pixel extensions starting on December 10th, 2025. Customer personally identifiable information (PII)—including name, email, phone, and address fields—will only be present in web pixel payloads when the app has been approved for the corresponding protected scopes.

## What’s changing

* Web pixel payloads will be filtered at runtime based on the app’s approved access scopes.
* If your app is not approved for a given scope, the corresponding fields in the pixel event will be set to null. Event data structure remains stable.
* Enforcement applies on all web pixel surfaces: storefront, checkout, and customer accounts.
* Custom pixels are out of scope for this change.

## Protected scopes enforced

* read\_customer\_name
* read\_customer\_email
* read\_customer\_phone
* read\_customer\_address
* read\_customer\_personal\_data

## Example

```
{
  "event": "checkout_completed",
  "customer": {
    "email": null,           // null if not approved for read_customer_email
    "first_name": null,      // null if not approved for read_customer_name
    "phone": null            // null if not approved for read_customer_phone
  },
  "shipping_address": {
     "first_name": null,	// null if not approved for read_customer_name
     "address_1": null, 	// null if not approved for read_customer_address
     "address_2": null, 	// null if not approved for read_customer_address
     "zip": null,      	// null if not approved for read_customer_address
     "phone": null            // null if not approved for read_customer_phone
     [other address fields exempt]
  }
}
```

Non-PII data events will continue to fire normally. Your analytics, conversion tracking, and non-PII use cases will not be affected.

## What you need to do

* **Review and request access.** Ensure you have approval for the protected scopes you require. See [Protected Customer Data Policy](https://shopify.dev/docs/apps/launch/protected-customer-data). You should only request the scopes your app uses.
* **Update your code paths.** Handle null for gated fields without breaking event handling or analytics pipelines.
* **Test across surfaces.** Verify behavior on storefront, checkout, and customer accounts. No downtime is expected.

This change will take effect starting on December 10th, 2025. We recommend submitting your request for protected customer data review as soon as possible if you need to maintain access to these values.

No action is needed if your app is already approved for protected customer data, or is resilient to null values. If you have questions about this change, please comment on this post in the Developer Community forums.