Hello. We have recently submitted for review an app, which has in it Shopify Customer Account API, which allows users to login using a OTP (currently a 6 digit code) received in their email. The login itself uses OAuth and that API provides access to customer data like orders and addresses. The app was not approved and the reasons cited by the reviewer were: The app uses a third-party login service, but does not appear to offer as an equivalent login option another login service with all of the following features: The login option limits data collection to the user’s name and email address. The login option allows users to keep their email address private from all parties as part of setting up their account. The login option does not collect interactions with the app for advertising purposes without consent. Note that Sign in with Apple is a login service that meets all the requirements specified in guideline 4.8. I would like to receive a confirmation that Shopify's new login system is considered a third party login and that it requires the provision of Apple Login as an alternative. The issue with that is that Shopify Customer Account login differs from other 3rd party providers, where you can use them to authenticate, but store data in your own platform afterwards. In Shopify's case, the data that the app needs resides in their platform. We have currently disabled the Shopify login and we could provide Sign in with Apple, if that's needed for compliance, but it would serve no purpose as it wouldn't provide anything more to the users, than our current guest account. Looking forward for a clarification on that issue.