Shopify Permissions
Plain-language explanation of every Shopify access scope the EasyWithdraw app requests, what each permission is used for, and what the app deliberately does not request, published pursuant to Annex II of the Data Processing Agreement.
Last updated
Provider: R11N Ventures GmbH (the "Provider")
Service: EasyWithdraw. Shopify application for handling end-customer withdrawal declarations
Document type: Access-scope explanation pursuant to Annex II Part 1 of the Data Processing Agreement (the "DPA")
Last updated: 4 June 2026
Purpose of This Page
When you install EasyWithdraw, Shopify shows you a consent screen listing the permissions (called "access scopes") the app requests. This page explains, for each of those permissions, what Shopify grants, why the app needs it, and what the app does not do with it.
The app requests six scopes in total: four are read-only, and two grant write access (orders and returns) because cancelling, refunding, and creating return requests are the app's core job. The app requests no other scopes.
Permissions at a Glance
| # | Permission | What Shopify grants | Access | Used for |
|---|---|---|---|---|
| 1 | read_locales | Shop languages (ShopLocale) | Read-only | Showing the withdrawal form and emails in your store's language |
| 2 | read_products | Products, variants, collections | Read-only | Configuring unreturnable-item rules and resolving their labels |
| 3 | read_themes | Online Store themes | Read-only | Detecting whether the withdrawal form is installed in your theme |
| 4 | read_customers | Customer records | Read-only | Linking a withdrawal to the customer record in your Shopify admin |
| 5 | write_orders | Orders, transactions, fulfillments (last 60 days only) | Read and write | Looking up orders for withdrawal validation; cancelling and refunding |
| 6 | write_returns | Returns | Read and write | Creating return requests for fulfilled items |
1. Shop Languages (read_locales)
| Field | Detail |
|---|---|
| Scope | read_locales |
| Shopify API resources | ShopLocale |
| Access level | Read-only |
| What the app reads | The list of languages your store has published, and which one is the primary language |
| Why the app needs it | The withdrawal form, confirmation pages, and emails to your customers are shown in your store's language. The app reads your published languages once during setup to pick the right defaults |
| What the app does not do | The app never changes your store's language settings |
2. Products and Collections (read_products)
| Field | Detail |
|---|---|
| Scope | read_products |
| Shopify API resources | Product, ProductVariant, Collection |
| Access level | Read-only |
| What the app reads | Product titles and IDs, product types, vendors, tags, collections, and variant option names (such as "Size") |
| Why the app needs it | When you configure rules for items that are exempt from withdrawal (for example made-to-measure goods), the app shows you pickers for your product types, vendors, tags, collections, and individual products. It also resolves the names of the items you selected so your rules stay readable, and suggests variant option names for size-based exemption settings |
| What the app does not do | The app never creates, edits, or deletes products, variants, collections, prices, or inventory |
3. Theme Detection (read_themes)
| Field | Detail |
|---|---|
| Scope | read_themes |
| Shopify API resources | OnlineStoreTheme |
| Access level | Read-only |
| What the app reads | The list of your themes (name and role) and the JSON template and settings files needed to check whether the app's blocks are present, plus the list of installed sales channels |
| Why the app needs it | During onboarding and on the status page, the app checks whether the withdrawal form block or embed is installed in your published theme, so it can tell you whether setup is complete and link you to the right spot in the theme editor. It also detects whether your storefront is a standard Online Store theme or a headless or POS setup, to show you the matching installation instructions |
| What the app does not do | The app never modifies, installs, or publishes themes or theme files |
4. Customer Link (read_customers)
| Field | Detail |
|---|---|
| Scope | read_customers |
| Shopify API resources | Customer |
| Access level | Read-only |
| What the app reads | The ID of the customer linked to an order for which a withdrawal was declared |
| Why the app needs it | The withdrawal detail page in the app links directly to the matching customer record in your Shopify admin, so you can jump to the customer with one click. Shopify only exposes the customer attached to an order if this permission is granted |
| What the app does not do | The app never browses, lists, exports, edits, or deletes your customer base, and does not read customer segments or company records |
5. Orders, Cancellations, and Refunds (write_orders)
| Field | Detail |
|---|---|
| Scope | write_orders |
| Shopify API resources | Order, OrderTransaction, Fulfillment (write access includes read access) |
| Access level | Read and write, limited by Shopify to orders created within the last sixty (60) days |
| What the app reads | The order a customer references on the withdrawal form (looked up by order number, with the email checked against the order), its items, amounts, fulfillment and payment status, refund state, and a small sample of recent fulfilled orders to check whether your shipping setup records delivery dates |
| What the app writes | On the cancellation path, the app cancels the order and creates the refund; this happens automatically only if you enabled the automation, and otherwise only when you approve a withdrawal in the dashboard. The app also stores one app-owned configuration value (its own domain) on the app installation |
| Why the app needs it | Validating a withdrawal declaration requires reading the order it refers to: the app checks that the order exists, that the email matches, that the withdrawal period has not expired, and which items are unfulfilled, so it can route the case to cancellation, return request, or manual review. Executing your decision (or your automation) requires writing the cancellation and the refund |
| What the app does not do | The app never requests access to your full order history (see "Permissions We Do Not Request" below), never edits order contents, and never creates orders |
6. Return Requests (write_returns)
| Field | Detail |
|---|---|
| Scope | write_returns |
| Shopify API resources | Return (write access includes read access) |
| Access level | Read and write |
| What the app reads | The fulfillment line items of an order, to determine which items a return request can cover |
| What the app writes | A standard Shopify return request for the withdrawn items, so the return appears in your Shopify admin's regular returns workflow |
| Why the app needs it | When items have already been shipped, a withdrawal cannot be handled by cancelling the order. Instead the app creates a return request in Shopify (automatically only if you enabled the automation, and otherwise on your approval), keeping your returns process in one place |
| What the app does not do | The app never closes, declines, or deletes returns you manage yourself |
Permissions We Do Not Request
- No full order history. The app does not request the
read_all_ordersscope. Shopify therefore limits the app's order access to orders created within the last sixty (60) days. - No write access outside orders and returns. The app cannot modify your products, themes, customer records, or language settings; those scopes are read-only.
- Nothing else. The app requests no scopes for checkouts, draft orders, discounts, marketing, analytics, fulfillment services, inventory, price rules, or shipping.
Note on Protected Customer Data
Shopify additionally gates access to order and customer fields (such as name and email address) through its protected customer data requirements, which apply on top of the scopes above. The app's access to and use of these fields is limited to the purposes described on this page and in Annex II of the DPA.
Note on GDPR Webhooks
Independently of the permissions above, Shopify sends every app the mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact). These require no permission grant; the Provider's handling commitments are set out in §17 of the DPA.
Changes to This List
Adding a scope requires your renewed approval: Shopify shows the consent screen again before the app receives the new permission. The Provider updates this page whenever the requested scopes change, so this page is the up-to-date list of permissions referenced in Annex II Part 1 of the DPA.