π How Does Data Requests Work
The Data Request feature allows visitors to exercise their privacy rights directly from your storefront without needing to contact support or send manual emails.
Built to support privacy regulations such as GDPR, CCPA, LGPD, PIPEDA, and APPI, the feature helps merchants collect, verify, and log privacy-related requests while providing visitors with a secure self-service experience.
The entire processβfrom identity verification to request loggingβis handled automatically by the app.
β οΈ Before You Begin
To use Data Requests:
β Install and configure GDPR EU Cookie Banner
β Ensure a Privacy Policy page is available
β Publish your Cookie Banner
π‘ Data Request forms are automatically embedded into supported privacy policy pages created by the app.
π€ Access Account Information
This request type allows visitors to view the personal information currently stored about them.
When selected:
- The visitor submits their email address
- Their Shopify customer profile is retrieved
- A read-only view of their information is displayed
- The request is logged after confirmation
This helps visitors understand what information is associated with their account.
βοΈ Edit Account Information
This request type allows visitors to request corrections to their personal information.
When selected:
- Existing profile information is displayed
- The visitor can update available fields
- The requested changes are recorded
This provides a structured way for visitors to submit data correction requests.
ποΈ Delete Account Information
This request type allows visitors to request deletion of their personal information.
When selected:
- Existing profile information is displayed
- The visitor reviews the information
- The deletion request is submitted and logged
β οΈ The request is recorded for merchant review. Actual account deletion must be completed separately.
π Show All Requests
This request type allows visitors to view their previous request history.
When selected:
- A downloadable CSV file is generated
- Previous requests are included
- The visitor receives a record of past privacy requests
This helps improve transparency and record visibility.
π€ Visitor Request Journey
Every request follows a secure verification workflow before it is recorded.
π Privacy Policy Page
Visitors begin the process from one of the available privacy policy pages.
Examples include:
- GDPR Privacy Policy
- CCPA Privacy Policy
- LGPD Privacy Policy
- PIPEDA Privacy Policy
- APPI Privacy Policy
These pages contain the built-in Data Request options.
π§ Email Submission
After selecting a request type:
- The visitor enters their email address
- The email format is validated
- Customer information is retrieved from Shopify
- A secure verification token is generated
This helps verify that the request belongs to the correct individual.
βοΈ Verification Email
A verification email is automatically sent.
The email contains:
- Request information
- Verification details
- A secure verification link
The visitor must complete verification before the request can continue.
π Verification Link
After clicking the verification link:
- The token is validated
- Expiration is checked
- Request-specific screens are displayed
Depending on the request type, the visitor may:
- Review information
- Edit information
- Confirm deletion
- Download request history
β Request Confirmation
Once the visitor confirms the request:
- The token is validated again
- The request is permanently logged
- The token is invalidated
- A success message is displayed
This ensures requests remain secure and cannot be reused.
πͺ Data Request Logs
All submitted requests are recorded inside the app for merchant review.
Navigate to:
Consent Logs β Data Requests
to view request activity.
π Request Records
Each record contains information such as:
- Email Address
- Request Type
- IP Address (masked)
- Date & Time
This provides a clear audit trail of visitor privacy activity.
π Search & Filtering
Data Requests can be filtered using:
- Email Address
- IP Address
- Request Type
This makes it easier to locate specific requests when needed.
π Pagination
Requests are organized into pages to make large request histories easier to browse and manage.
βοΈ Custom Sender Email
Verification emails can be sent from a custom sender address instead of the app's default email address.
How It Works
Enter your preferred sender email and complete verification.
Once verified:
- Verification emails use your branded email address
- Visitors receive more recognizable communications
- Brand consistency improves
Verification Statuses
Possible statuses include:
Not Started
No email has been configured yet.
Pending
Verification has been initiated and is awaiting confirmation.
Verified
The sender email has been verified and is active.
Failed
Verification was unsuccessful and must be retried.
π Privacy Policy Link Settings
The Privacy Policy Link setting controls which privacy policy page visitors see when selecting:
- Privacy Policy
- Learn More
from the Cookie Banner.
Available Options
Auto Generate
Automatically directs visitors to the most appropriate privacy policy based on location.
Specific Privacy Policy
Choose a dedicated policy page such as:
- Shopify Policy
- GDPR Policy
- CCPA Policy
- PIPEDA Policy
- LGPD Policy
- APPI Policy
All supported policy pages include Data Request functionality.
π Data Sales Opt-Out
For supported privacy regulations, additional data sales options can be displayed.
Examples include:
- Do Not Sell My Personal Information
- Do Not Share My Personal Information
These options can be displayed:
- On the Cookie Banner
- Inside the Preferences Popup
when required by applicable regulations.
π Security Features
Several security measures help protect visitor information throughout the process.
π Verification Tokens
Each request generates a secure verification token.
Tokens are:
- Randomly generated
- Single-use
- Automatically expired
This prevents unauthorized access to visitor information.
π IP Address Masking
IP addresses stored inside logs are masked for privacy.
This allows merchants to maintain records while reducing exposure of personal information.
π‘οΈ Email Verification
Requests must be verified through email before completion.
This helps prevent fraudulent or unauthorized submissions.
β οΈ Important Notes
Requests Are Logged, Not Automatically Processed
Data Requests create a documented record of visitor intent.
Merchants remain responsible for reviewing and completing requests where required.
Delete Requests Do Not Automatically Remove Data
Deletion requests are logged for review.
The actual deletion process must be handled separately.
Edit Requests Do Not Automatically Update Shopify Records
Requested changes are recorded but do not automatically modify Shopify customer information.
Verification Is Required
Visitors must verify ownership of the submitted email address before a request can be completed.
Unverified requests are not processed.
π Final Result
Once configured successfully:
β Visitors can submit privacy requests directly from your storefront
β Identity verification helps protect visitor information
β Requests are securely logged and organized
β Merchants gain visibility into privacy-related activity
β Verification emails can be branded using a custom sender address
β Privacy workflows become easier to manage and document
The Data Request feature helps merchants provide a more transparent and privacy-friendly experience while maintaining organized records of visitor privacy activity.
Updated on: 14/07/2026
Thank you!