TL;DR
If your Meta match quality fell in late 2025 and you cannot find a broken pixel, the cause may be a Shopify platform change, not your setup. On December 10, 2025, Shopify began nulling personally identifiable fields in web pixel event payloads for any app that is not approved for protected customer data access. The filtering runs at runtime across storefront, checkout, and customer accounts. Two stores running the same kind of pixel can get opposite results purely on whether the app is approved. The fix is not a setting you toggle; it depends on the app, and the structural answer is server-side events governed by the app's own approved data access.
Key Takeaways
- Since December 10, 2025, Shopify nulls PII (name, email, phone, address including zip) in web pixel payloads when the pixel's app lacks approved protected-customer-data access.
- The filtering applies at runtime across storefront, checkout, and customer accounts.
- The outcome is per-app and binary: an approved app keeps the matching fields, an unapproved app gets null. Same pixel type, opposite result.
- The symptom most merchants notice is downstream: Meta Event Match Quality falls, match rates sink, and attributed conversions drop weeks before anyone connects it to the December change.
- Custom pixels you added yourself are out of scope for this specific change, but that is not a reason to switch to one.
- Server-side purchase events are built from the order webhook under the app's own approved data access, which is why match quality now leans on the server path.
What changed in December 2025?
On December 10, 2025, Shopify enforced a rule it had been warning developers about: web pixels only receive customer PII if their app is approved for the matching protected customer data scope. If the app is not approved, Shopify sets the corresponding fields in the pixel event to null. This is runtime filtering, it happens as events fire, and it applies across storefront, checkout, and customer accounts.
The protected fields are name, email, phone, and address (zip is part of the address object, not a separate field). These are the same identifiers ad platforms use to match a conversion to a person, so removing them from the pixel payload has a direct downstream effect.
This is a privacy-enforcement change at the platform layer, not a bug and not something a merchant misconfigured. Shopify decided that apps reading customer PII in the browser must have gone through approval to do so, and apps that did not now get nulls. The change is about who is allowed to receive the data, not about consent, and the two should not be confused.
Is your setup affected?
The answer is per-app, which is what makes this confusing. The same browser pixel that works fine on one store can return null PII on another, because the determining factor is whether the app behind the pixel is approved for protected customer data access, not the pixel code itself.
Three rough cases:
- An approved app pixel. It continues to receive the customer fields it is approved for. Nothing changed for you on December 10.
- An unapproved app pixel. It now receives null in place of email, name, phone, and address. This is the group that saw match quality fall.
- A custom pixel you added yourself. Custom pixels are out of scope for this specific change, so they were not affected by the December enforcement. That is a fact about the change, not a recommendation, hand-rolling a custom pixel to read checkout PII is not a workaround, and treating it as one tends to age badly as platform rules tighten.
If you are not sure which case you are in, the next section is how to check rather than guess.
Why did your match quality drop?
The chain runs from a Shopify change to an ad-platform metric, and the two ends are far enough apart that most people never connect them.
Meta's Event Match Quality is calculated from which customer-information parameters arrive on your events, how good they are, and how often Meta can match an event to an account. Email is among the strongest signals; each additional identifier (phone, name, address) raises match probability. When Shopify nulls those fields in the pixel payload, Meta receives fewer parameters per event, so match probability falls, EMQ drops, and fewer conversions get attributed.
The reason it is hard to diagnose is timing and silence. The PII disappears at the platform layer with no error, EMQ erodes over the following weeks, and by the time someone notices "our match rate is down," the December change is old news nobody is looking at. If you want the full picture of what drives that score and how to read it, see Meta Event Match Quality on Shopify.
How to check what your pixels receive
You can confirm this directly instead of guessing, in two places.
In Meta Events Manager. Open your dataset and look at the Event Match Quality trend. If EMQ stepped down somewhere in early-to-mid December 2025 and has stayed lower, that timing is the fingerprint of this change rather than a gradual setup drift.
In the pixel payload. Inspect a recent web pixel event and look at the customer and shipping-address fields. If email, phone, and name read as null where they used to carry values, the app firing that pixel is not approved for the data, and that is your answer. The same browser-data inspection skill is part of a full post-install verification routine, and it pairs with understanding how first-party identity on Shopify works once cookies and PII both tighten.
One note: if you run a custom pixel only, you will not see this symptom from the December change, so a null-PII problem on a custom-pixel-only store points to a different cause.
Why server-side events still carry matching data
The web-pixel nulling is a browser-payload gate. It governs what an app pixel is handed in the browser. Server-side events take a different route, and that route is the structural answer to the whole problem.
A server-side purchase event is built from the Shopify order webhook, and what it can carry is governed by the app's own approved data access. An app approved for the customer data its events carry can deliver hashed customer-matching data on those server events to GA4, Meta, TikTok, Google Ads, and Reddit, drawn from the order rather than scraped from the browser. Hashing is how that matching data moves safely; it is a matching mechanism, not a statement about consent.
This is why, after December 2025, match quality leans on the server path. WeltPixel Conversion Tracking is approved for the customer data its events carry, and its server-side purchase events deliver that hashed matching data from the order webhook, so the identifiers Meta and the other platforms need do not depend on what survives the browser. Its browser events still respect Shopify's Customer Privacy API signals, the server path is about delivering complete, matchable conversions, and the two operate independently.
FAQ
Why is email suddenly null in my Shopify pixel events?
Because since December 10, 2025, Shopify nulls PII in web pixel payloads for apps that are not approved for protected customer data access. If your app pixel is unapproved, email, name, phone, and address now come through as null.
Did this break my Meta tracking?
It did not break the pixel; it removed the matching fields the pixel used to send, which lowers Event Match Quality and reduces attributed conversions. The events still fire, they just match fewer people.
Should I switch to a custom pixel to get the data back?
No. Custom pixels are out of scope for this specific change, but that is not a sanctioned workaround, and reading checkout PII through hand-rolled code is the kind of thing platform rules keep tightening. The durable answer is an approved app and server-side events.
How do I get matching data flowing again?
Use an app approved for the customer data it carries, and lean on server-side events. A server purchase built from the order webhook can deliver hashed matching data regardless of what the browser payload is allowed to include.
Match on the server, not the browser
The December 2025 change made one thing clear: browser payloads are no longer a reliable place to carry customer-matching data. WeltPixel Conversion Tracking is approved for the data its events carry and delivers hashed matching data server-side from the order webhook to GA4, Meta, TikTok, Google Ads, and Reddit, so if your match quality slipped this winter, the fix is to stop depending on what the browser is allowed to send.
Install WeltPixel Conversion Tracking on the Shopify App Store