Customer Privacy API

Check what processing is allowed

• Using API calls
• Using an event listener

To build a cookie banner

• Load the Customer Privacy API
• Collect and set consent
• Custom storefront installation
• Control the cookie banner

To use the Customer Privacy API, you must load it using loadFeatures as follows:

The second argument to loadFeatures is a callback that indicates that the API has loaded. When invoked without an error, the API is globally available at window.Shopify.customerPrivacy.

To check what processing is allowed, use the Allowed methods. These methods combine the following factors to determine what processing is allowed:

• The current merchant settings: Is consent required in this region?
• User location: Is the customer in a region where consent is required?
• User consent given: Did the customer give consent for a specific purpose?

You can check for permission by calling the API or with an event listener.

The default permissions state depends on how merchants have configured their privacy settings. For regions that are configured to require consent, non-essential purposes are not allowed by default until consent is given. For other regions, the default behavior is to allow all processing purposes.

The Customer Privacy API offers the following methods to check if data can be processed:

These methods return true / false if permission is given for the following:

• preferencesProcessingAllowed: customer preferences such as language, currency, size, and more.
• analyticsProcessingAllowed: customer analytics about how the storefront was used and interactions made on the storefront.
• marketingAllowed: Marketing, attribution and targeted advertising from the merchant.
• saleOfDataAllowed: Sharing data with third parties, usually for behaviorial advertising.

The Customer Privacy API publishes the document event visitorConsentCollected when consent changes.

Updates are published only when consent changes, not when the listener is added.

You can see the detected geolocation by using the getRegion method. It returns a ISO 3166-2-formatted string with a two character country code, followed by an optional one to three character region code. Returns an empty string if the location can't be determined.

Examples:

• "USCA": California, USA
• "CAON": Ontario, Canada
• "IEL": Leinster, Ireland
• "GBENG": England, United Kingdom

To record customer consent, use the setTrackingConsent method:

The following consent purposes are supported:

• Preferences: Cookies that remember customer preferences, such as country or language, to personalize visits to the website.
• Analytics: Cookies to understand how customers interact with the site.
• Marketing: Cookies to provide ads and marketing communications based on customer interests.

See the Shopify Cookie Policy for the full list of cookies used by Shopify.

You can set one or more consent signals at once:

To record a customer's opt-out from data sale / sharing, use the setTrackingConsent method with the sale_of_data option:

Data sale opt-outs should be initiated by the customer, not presented immediately with a banner. For this reason, true allows data sale / sharing and false blocks data sale / sharing when requested by a customer.

Data sale / sharing opt-out is enforced independently from consent, and caution is advised when combining them.

To opt a Customer out of server-side data sale / sharing use the dataSaleOptOut GraphQL API.

The GPC signal is automatically collected and honored in regions configured for data sale opt-out and cannot be adjusted through setTrackingConsent.

You can save custom data to this API using the optional metafields argument, which is also available through checkout UI extensions.

Metafields takes an Array containing an object with two keys:

1. key: A string containing the key used to identify this value. This value must be 25 characters or less.
2. value: A string containing the value. Null may be passed to delete the key. This value must be 100 characters or less. The metafields object must be less than 250 characters in total.

For custom storefronts, pass the following additional parameters to the setTrackingConsent method:

• headlessStorefront: true,
• checkoutRootDomain: Your checkout domain
• storefrontRootDomain: Your storefront domain
• storefrontAccessToken: Your Storefront API access token

Learn more about installing the Customer Privacy API into a custom storefront.

Check users' consent decisions by calling the currentVisitorConsent method. This returns the preferences selected by the users and doesn't include critical information like location and merchant configuration.

• 'yes' - the current visitor has actively granted consent.
• 'no' - the current visitor has actively denied consent.
• '' (empty string) - the current visitor has not yet granted or denied consent.

To check if a cookie consent banner should be displayed to the current customer, use shouldShowBanner. This method indicates if the current customers is in a region that's configured to show a cookie banner.

This is true if consent isn't already set and the visitor is in a region showing consent.

To check if the current customer is eligible for data sale opt-out, use the saleOfDataRegion method. This method indicates whether the current customers is in a region configured for data sale opt outs.

This is true if the visitor is from a region that requires data sale opt-outs.

When the Shopify cookie banner is enabled, it displays in the configured regions and automatically passes consent to this API.

If you're using an app to provide cookie banners, then contact the app's developer to understand where the consent banner is rendered.

Learn more about configuring a cookie banner.

When the data sale opt out page is enabled, the opt out form is available to visitors from the configured regions, which is usually US states. In these regions, the Global Privacy Control (GPC) is honored automatically, sale_of_data will be set to false, refer above for details.

To integrate into a custom storefront, you need to load the correct JavaScript asset, pass additional parameters, and update the storefront's content security policy.

Include the Customer Privacy JavaScript asset, either by itself or bundled with a consent banner using one of the following:

• Customer Privacy API

• Customer Privacy API bundled with the Shopify Cookie Banner

When using an app, the developers might provide a different bundled asset.

Identify the following domains:

• Storefront: This is the domain of your storefront. For example, hydrogen.shop.
• Checkout: The domain where customers check out. For example, checkout.hydrogen.shop.

If your custom storefront uses Hydrogen, then you can find these values in the Shopify admin, at Settings -> Domains.

When you build your query, use the checkout domain as the value for checkoutRootDomain. For example, checkout.hydrogen.shop.

For storefrontRootDomain, always use the shared, top level domain. For example, hydrogen.shop.

Your checkout should be within the same root domain as the storefront so that it can read cookies set on the storefront domain - otherwise checkout will not be able to read and respect visitor consent given on your storefront.

For example, in the following scenarios, checkout honours consent that's given on the storefront:

• If your storefront is hosted on hydrogen.shop and the checkout is on checkout.hydrogen.shop, consent will be honored on checkout.
• If your storefront is hosted on landing.hydrogen.shop and the checkout is on hydrogen.shop, consent will be honored on checkout.
• If your storefront is hosted on hydrogen.shop and the checkout is on example.com, consent management will not be honored on checkout, as cookies cannot be read across domains.

Our consent API will contact Shopify servers to manage consent using the Storefront API which needs a Storefront API token.

The Customer Privacy API (and the Shopify Cookie banner if used) will POST to the Storefront API at the checkout domain.

This domain needs to be allowed in your Content Security Policy. This can be done manually in your server, or configured for Oxygen.

To pass consent to the Customer Privacy API, load the Customer Privacy API and pass the additional arguments to setTrackingConsent:

Refer to setTrackingConsent for details on this method.

When using the Shopify Cookie banner, initialize the banner with the following configuration (this will automatically pass consent to the Customer Privacy API):

Re-show the consent preferences modal (requires the storefront-banner.js script, same as above):

To set data sale / sharing opt outs, integrate as above, but pass sale_of_data instead of marketing, analytics, and preferences arguments to setTrackingConsent(), with the desired preference (usually false after the visitor opts out in the form):

These API methods let you control and interact with the Shopify cookie banner at runtime.

You can show the preferences modal of the Shopify cookie banner using the showPreferences() method:

The Customer Privacy API is backwards compatible.

You must decide how to map the consent you collect in your banner to the four consent signals used by Shopify. The following snippet shows the backwards compatibility between the legacy Boolean argument and the new granular argument.

Two methods have been renamed to generalize their use:

Data processing has been separated into granular use. You must decide how to map your processing needs to one of the data processing purposes provided by Shopify.

userCanBeTracked and userDataCanBeSold use the following consent signals to determine if consent has been granted:

• userCanBeTracked: Analytics and marketing both must be accepted (when required)
• userDataCanBeSold: Sale of data must not be rejected

You can use this method to determine if you should show a GDPR banner.

window.Shopify.customerPrivacy.shouldShowGDPRBanner();

This method returns a boolean value that indicates if you should show a GDPR banner.

The response aggregates the visitor’s location, the app user's preference, and whether the visitor has already provided a consent value in the past year.

You can use this method to set a buyer's response to a tracking consent request.

window.Shopify.customerPrivacy.setTrackingConsent(consent: boolean, callback: function);

Request parameters:

Example request:

The following example request shows a JavaScript function that sets consent to true and executes another function to hide the banner.

The API executes the callback function and optionally emits a custom event called trackingConsentAccepted.

Example response:

A successful request returns an empty object:

If there is an error with the request, then an error object is returned:

You can use the Customer Privacy API to check if customers have consented to be tracked and if app users have decided to disallow the sale of visitor data. Your implementation must include a loading pattern to ensure that the API is available. For visitor tracking consent, you should implement a mechanism for listening to consent collection events that can fire asynchronously on the page, to ensure that you don't miss any tracking opportunities.

You can use the following methods for consent collection:

• userCanBeTracked(): boolean - Covers the scenario of tracking a visitor (GDPR).
• userDataCanBeSold(): boolean - Covers the scenario of selling visitor data (CCPA).

If userCanBeTracked is set to false, then the following behaviour must be observed:

• No persistent, non-essential cookies should be set
• No data should be emitted to third-party platforms

If userDataCanBeSold is set to false, then the following behaviour must be observed:

• Data can be emitted (if tracking isn't blocked)
• Data can't be sold to third-parties

If the Customer Privacy API isn't available, then tracking and data emission can proceed. All methods should be preceded with a check that the API is available before checking that tracking or sale of data is blocked.

Example API check:

if (!window.Shopify.customerPrivacy || window.Shopify.customerPrivacy.userCanBeTracked()) { startTracking() }

You can use this method to return whether the storefront visitor has consented to be tracked.

window.Shopify.customerPrivacy.userCanBeTracked();

The API returns a boolean value that indicates whether a user can be tracked.

The response aggregates the visitor’s consent and location, as well as the app user's preference.

A trackingConsentAccepted event fires when positive tracking consent is collected on the page.

By listening for this event and calling your custom start tracking method when it fires, you avoid any possible data loss due to missing asynchronous consent collection.

Use this method to determine if the app user has explicitly disallowed selling data to third parties for visitors located in California or Virginia. This enables compliance with the CCPA and VCDPA.

window.Shopify.customerPrivacy.userDataCanBeSold();

The API returns a Boolean value indicating whether data can be sold to third parties for visitors located in California (CA) or Virginia (VA).

The API response aggregates the app user's preferences and the visitor’s location. However, you can't use the API to enable visitors to opt-out of the sale of their data.