All Shopify apps require different permissions to work, and POPSMASH is no different. The permissions requested are based on what the app does.
Here we'll explain which Shopify app permissions POPSMASH uses and why.
POPSMASH Shopify App Permissions
First, sometimes Shopify permissions are grouped together, so here's context on what they are and how we use them:
Customer information: The ability to read/write customer information as they opt-in to marketing (e.g. join your email list).
Store owner information: Default information Shopify shares with every app to serve the merchant.
Content provider information: This comes as part of read_content, which we use, but is specifically for blog posts/comments, which we don't use. It's grouped with read_content.
If you want to learn more, you can find more details on the above here: https://help.shopify.com/en/manual/apps/app-personal-information
Here are the limited scopes that POPSMASH requests:
read_content (website pages)
read_customers (check if customer profile already exists)
write_customers (create/update customer's name, email, location, accepts marketing)
write_draft_orders (optional, draft order to send the prize to a winner)
read_products (website products for selection during campaign setup)
Here is the reference for the above scopes: https://shopify.dev/docs/api/usage/access-scopes
If you have any other questions about the permissions and scopes our app uses, just contact our support team!