The Shopify Customer Privacy API helps merchants comply with privacy regulations like GDPR and CCPA by allowing apps and third-party services (such as Meta Pixel, Google Ads, and other tracking scripts) to respect user consent.
With this API, your JavaScript code can check a visitor's consent status before loading tracking or marketing tags.
If you're integrating a Consent Management Platform (CMP) or creating a custom consent experience, you can use the setTrackingConsent() method to programmatically update a customer's consent preferences.
This method should only be used by authorized CMPs or after receiving explicit consent from the user. It is not intended to override user decisions made through Shopify’s native banner or external CMPs.
Example: Setting Consent Status
Shopify.loadFeatures(
[
{
name: 'consent-tracking-api',
version: '0.1',
},
],
(error) => {
if (error) {
console.error('Failed to load consent-tracking-api:', error);
return;
}
// Set consent status after the user agrees (e.g., via custom CMP UI)
Shopify.customerPrivacy.setTrackingConsent({
marketing: true,
analytics: true,
preferences: true,
});
}
);
Use the following code to load the API and access the visitor’s consent preferences:
window.Shopify.loadFeatures(
[
{
name: 'consent-tracking-api',
version: '0.1',
},
],
(error) => {
if (error) {
// Handle loading error
return;
}
// API is ready—check visitor consent
const consent = window.Shopify.customerPrivacy.currentVisitorConsent();
console.log(consent);
}
);
Make sure to place your logic inside the callback, as the API is only available once it's fully loaded.
{
"marketing": "yes",
"analytics": "yes",
"preferences": "yes",
"sale_of_data": "no"
}
The API returns consent status for the following categories:
Each category will return 'yes' or 'no', allowing you to conditionally load or block third-party scripts based on user preferences.
essential is always enabled by Shopify and cannot be toggled.