Closed beta: Data Protection Plus is in closed beta and is only available in select regions.
This feature is part of VTEX Shield, meaning additional fees may apply.
If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support.
If you are not yet a customer but are interested in this solution, please complete our contact form.
This document outlines the changes in the default behavior of certain VTEX features, which apply to stores using Data Protection Plus.
To handle PII data, we provide alternative approaches that are necessary to ensure data privacy best practices. As a result, some commerce features of the VTEX platform require adaptations when implemented by the store.
In this guide, you can learn about the changes you must be aware of when managing your customers' information with the Profile System.
Promotions - Customer cluster
To set up promotions for specific customer clusters in a way that is compatible with the PII data architecture, you must use the piiClusterExpressions field instead of clusterExpressions in Promotions and Taxes API.
Order Management
There are no restrictions to the use of these Order Management features for PII data architecture accounts:
- Subscriptions
- VTEX DO
- Conversation tracker
- Shipping notifications
However, API requests to /do, /conversationtracker, /subscriptions, and /shipping-tracker paths must include the query parameter reason in order to retrieve unmasked PII information.
Orders API: PII data architecture endpoints
In order to use Orders API, you should adapt your integrations to use new endpoints, for features you may already have implemented in your store, such as retrieving order information or notifying invoices. See the table below to know which endpoints need adaptation and where to find the new reference.
| Feature | Previous endpoint | New endpoint (PII data architecture) | Payload changed |
|---|---|---|---|
| Get order | GET /api/oms/orders/{orderId} | GET /api/orders/pvt/document/{orderId} | No |
| List orders | GET /api/oms/pvt/orders | POST /api/orders/extendsearch/orders | Yes |
| Start handling order | POST api/oms/orders/{orderId}/start-handling | POST /api/orders/pvt/document/{orderId}/actions/start-handling | No |
| Cancel order | POST api/oms/pvt/orders/{orderId}/cancel | POST /api/orders/pvt/document/{orderId}/cancel | No |
| Order invoice notification | POST api/oms/orders/{orderId}/invoice | POST api/orders/pvt/document/{orderId}/invoices | Yes |
| Send payment notification | POST /api/oms/pvt/orders/{orderId}/payments/{paymentId}/payment-notification | POST /api/orders/pvt/document/{orderId}/payment/{paymentId}/notify-payment | No |
To display the unmasked contact information (
contactInformation) with the PII-compliant Get order endpoint, thecontactIdproperty must be provided. This property should be available in the Profile System via the Address.More specifically, the
shippingAttachmentof the orderForm must contain thecontactIdthat the address is related to. This is sent in the request for Add shipping address and select delivery option, whereaddress.contactIdmust match thecontactInformation[0].id.
Orders Admin interface
The PII rules have also been applied to the Orders List (Beta) and Order details pages. The pages have been adjusted so that:
- By default, the account will see all data masked.
- Searches by name only work with the shopper's full name.
- Searches by document only work with the shopper's full document ID.
It is possible to configure PII preferences on OMS' interface of your VTEX Admin, by following these instructions:
- Access the VTEX Admin, go to the Orders menu, then click All Orders.
- Click an order on the list.
- Under the Customer information card, click
PII Preferences. - Select one of the following options to configure how you will view customer's PII and be audited depending on your choice: a. On all orders: View personal information and be audited on all orders. b. This order only: View PII content and be audited on this order only. c. Hide and do not audit: Browse orders without displaying personal information.
- Click
Confirm.
Subscriptions
The subscription feature is compatible with the PII data architecture.
However, the Subscriptions Admin interface displays only masked PII. If you wish to see unmasked PII, you must use the Subscriptions v3 API endpoints, while sending the reason query parameter. Learn more about retrieving unmasked data.
Message Center
When you edit an email template on the Message Center Admin interface, you can see information about the last email sent from that template, rendered as an email. Currently, all values on the JSON Data will be masked.
Master Data - CL, AD, BK entities
In the PII data architecture, Master Data does not have CL, AD, BK entities. There will be a new isolated system to protect those information, Profile System.
If you are integrated to Master Data API to get any of this data (CL, AD, BK entities) you will need to integrate with the new Profile System API.
Checkout
Although Checkout endpoints that retrieve order information use the same path, they may behave differently. Contracts are the same for masked data, but for complete data, you must include the query parameter: reason. Learn more about retrieving unmasked data.
Payments
In order to be able to view transaction logs, store users must be assigned a role with the resource View Payments Sensitive Data, from the PCI Gateway product in the License Manager. Learn more about License Manager resources and how to Create roles.
Limitations
Master Data
Note that Master Data features may be impacted in the following three aspects.
Triggers
At the moment, triggers are not supported by the PII platform version Profile System.
Orders Index
This is a legacy integration that was deprecated and it should not be used.
CL
Currently, Master Data custom CL fields are not supported.
Pricing - Price tables
The Price tables feature is not supported at this moment.
Order Management
VTEX’s Order Management System is impacted on a few different aspects. See details below.
Call center
You must disable call center impersonation at the License Manager.
Orders Admin interface
The PII rules have also been applied to the Orders List (Beta) and Order details pages. The pages have been adjusted so that:
- By default, the account will see all data masked.
- Searches by name only work with the shopper's full name.
- Searches by document only work with the shopper's full document ID.
It is possible to configure PII preferences on OMS' interface of your VTEX Admin, by following these instructions:
- In your VTEX Admin, in the Orders menu, then All Orders.
- Click an order on the list.
- Under the Customer information card, click
PII Preferences. - Select one of the following options to configure how you will view customer's PII and be audited depending on your choice: a. On all orders: View personal information and be audited on all orders. b. This order only: View PII content and be audited on this order only. c. Hide and do not audit: Browse orders without displaying personal information.
- Click
Confirm.
Subscriptions
The subscription feature is compatible with the PII data architecture.
However, the Subscriptions Admin interface displays only masked PII. If you wish to see unmasked PII, you must use the Subscriptions v3 API endpoints, while sending the reason query parameter. Learn more about retrieving unmasked data.
Message Center
When you edit an email template on the Message Center Admin interface, you can see information about the last email sent from that template, rendered as an email. Currently, all values on the JSON Data will be masked.
Gift card
The gift card feature is not supported for PII platform version accounts yet.
Customer Credit
Currently, the Customer Credit feature is not supported.