Shopify consent management

10 min

chord integrates with shopify's customer privacy api to manage user consent preferences this ensures events are only sent to destinations that the customer has consented to, helping you comply with privacy regulations like gdpr and ccpa how it works before sending any events, chord checks the customer's consent status using shopify's customer privacy api the custom web pixel checks if tracking is allowed by verifying that both analyticsprocessingallowed() and marketingallowed() return true if tracking is not allowed, no events are sent to the chord cdp if tracking is allowed, a consent object is attached to every event describing the customer's preferences for each consent category the chord cdp uses the consent category mappings you configure to determine which destinations receive each event step 1 confirm pixel settings in your shopify admin, go to customer events > custom pixels > your chord cdp pixel and confirm the options in the customer privacy configuration above the pixel code note these settings are recommended by the chord team as the cdp pixel is deployed with these permissions in mind if these need to be set to a different configuration, please reach out to help\@chord co permission required selected marketing enabled analytics enabled why "required" with marketing + analytics when set to "required", shopify populates the customerprivacystatus object that the pixel reads the marketing and analytics checkboxes tell shopify that these are the consent categories relevant to this pixel without them, the consent fields may not reflect the visitor's actual choices data sale data collected qualifies as data sale selected why "data collected qualifies as data sale" this ensures the saleofdataallowed flag is populated when a visitor opts out of data sale (e g , under ccpa) if set to "does not qualify", this flag would always return as allowed, even if the visitor opted out step 2 configure customer privacy in shopify in your shopify admin, go to settings > customer privacy cookie banner (required) the cookie banner must be enabled for chord's consent management to work without it, the customer privacy api is unavailable and chord will not send any events to enable select cookie banner > activate cookie banner choose the regions where the banner should appear click activate alternatively, to use a custom banner from the shopify app store select cookie banner > more actions > use custom cookie banner choose regions and click activate data sales opt out page (recommended) allows visitors to control how their data is shared with third parties select data sales opt out page choose regions and click activate step 3 configure consent categories in chord cdp shopify's customer privacy api provides four consent categories you need to map these in the chord cdp so events are routed to the correct destinations based on customer preferences in the chord cdp, navigate to cdp > consent categories > create your first consent category and add these four categories category name (customizable) category id (must be exact) performance cookies analytics marketing cookies marketing preference cookies preferences sale of data sale of data for each category, choose which destinations should be mapped mapping a destination to a category means that destination will only receive events if the customer has consented to that category consent category definitions analytics — customer analytics about storefront usage and interactions collected by shopify's cookie banner as "performance cookies " marketing — marketing, attribution, and targeted advertising collected as "marketing cookies " preferences — customer preferences such as language, currency, and size collected as "preference cookies " sale of data — sharing data with third parties for behavioral advertising collected by shopify's data sales opt out page how consent is transmitted the custom web pixel reads the customer's consent preferences from the customer privacy api and constructs a consent object on every event { "analytics" true, "marketing" true, "preferences" true, "sale of data" false } the values are determined by shopify's customer privacy api methods category shopify api method analytics customerprivacy analyticsprocessingallowed() marketing customerprivacy marketingallowed() preferences customerprivacy preferencesprocessingallowed() sale of data customerprivacy saleofdataallowed() global privacy control (gpc) chord cdp recognizes the global privacy control signal as an opt out of data sales if a customer has gpc activated in their browser and is browsing from a region where opting out is supported, the sale of data category will be set to false no additional code required consent management is handled automatically by the custom web pixel and the chord cdp you do not need to add any consent related code to your storefront — the web pixel reads consent status from shopify's customer privacy api and includes it with every event