1. Shopify Privacy Webhook Compliance
ZapCOD supports Shopify mandatory privacy webhooks. Valid Shopify webhook requests are verified using HMAC signatures before processing. Valid requests receive a 200 OK response after ZapCOD accepts the request for processing.
2. customers/data_request
When Shopify sends a customer data request webhook, ZapCOD searches for stored customer/order data associated with the provided customer identifiers, such as email, phone number, or name. ZapCOD records the request handling event without exposing customer personal data in public responses.
Endpoint: https://zaptechapps.com/webhooks/customers/data_request
3. customers/redact
When Shopify sends a customer redaction webhook, ZapCOD redacts matching customer details in stored order records and removes related phone, OTP, abandoned cart, blacklist, and order analytics data where applicable.
Endpoint: https://zaptechapps.com/webhooks/customers/redact
4. shop/redact
When Shopify sends a shop redaction webhook after app uninstall and the applicable waiting period, ZapCOD deletes stored shop data, including sessions, analytics events, abandoned carts, OTP codes, shop configuration, orders, integrations, and related records.
Endpoint: https://zaptechapps.com/webhooks/shop/redact
5. Merchant Request Instructions
Merchants may request deletion, export, or review of data processed by ZapCOD by emailing support@zaptechapps.com from an address associated with the store owner or authorized staff account. Include the Shopify store domain and a clear description of the request.
6. Verification And Timing
ZapCOD may verify the identity and authority of the requester before taking action. We aim to respond to valid requests within a reasonable period and in accordance with applicable privacy laws and Shopify requirements.