Closed beta: Data Protection Plus is in closed beta and is only available in select regions.

This feature is part of VTEX Shield, meaning additional fees may apply.

If you are already a VTEX customer and want to adopt VTEX Shield for your business, please contact Commercial Support.

If you are not yet a customer but are interested in this solution, please complete our contact form.

The VTEX platform allows stores to process shoppers' Personal Identifiable Information (PII) in compliance with data privacy regulations such as GDPR and LGPD.

When using Data Protection Plus, accounts follow the PII data architecture, where all PII is stored in the Profile System. Other VTEX modules, such as Order Management and Checkout, store only pseudonymized data associated with a Profile System token. These modules may also access PII from the Profile System, as described in the PII data architecture specifications.

See the Trust Hub to learn more about VTEX's vision regarding data privacy, including certifications, internal policies and commitments.

VTEX has established a comprehensive PII data architecture that incorporates a range of solutions and processes for PII. See the documentation below to learn more about how it works and how to implement it.

• PII Data Architecture specifications: Technical specifications of the PII data architecture, including the Profile System, data encryption and auditability, among other key features.
• Data residency: How PII data residency works for VTEX stores using the PII data architecture.
• Data subject rights: Detailed instructions on how VTEX stores can apply data subject rights.
• Profile System integration guide: How to integrate with the Profile System API.
• Working with schemas in the Profile System: How to interact with the structure of data stored in the Profile System.
• Changes in VTEX features behavior to handle PII data: Adaptations in the default behavior of certain VTEX features to handle the PII data architecture.
• Limitations of the PII data architecture during closed beta: Current limitations that apply to stores using PII data architecture, in relation to certain VTEX features.
• Erasing customer data: Process to erase customer data when using the PII data architecture.

VTEX isolates and protects all fields classified as sensitive. However, it is important to acknowledge that there are scenarios beyond VTEX's control. In such cases, as a VTEX client, it is the store's responsibility to ensure the integrity of your integrations and prevent any data misuse. The main scenarios to consider include:

• Sending PII in custom or text fields.
• Adhering to IO apps that depend on or consume PII data.
• Integrating with third-party systems that consume PII data, such as ERPs.