Customer Privacy API
region property requires level 1 access. The applyTrackingConsentChange property requires the collect_buyer_consent capability.The Customer Privacy API provides access to the buyer's tracking consent preferences and lets your extension apply consent changes. Use this API to build consent banners, check current consent decisions for analytics, marketing, and data sale, and save updated preferences.
Anchor to Use casesUse cases
- Display a consent banner: Determine whether to show a cookie consent banner when the page loads.
- Read current consent state: Check the buyer's current preferences for analytics, marketing, and data sharing.
- Apply consent changes: Save the buyer's updated consent preferences after they interact with your consent UI.
- Handle regional requirements: Detect if the buyer is in a jurisdiction requiring specific opt-out controls, such as CCPA in California.
Supported targets
- customer-account.
footer. render-after - customer-account.
order-index. announcement. render - customer-account.
order-index. block. render - customer-account.
order-status. announcement. render - customer-account.
order-status. block. render - customer-account.
order-status. cart-line-item. render-after - customer-account.
order-status. cart-line-list. render-after - customer-account.
order-status. customer-information. render-after - customer-account.
order-status. fulfillment-details. render-after - customer-account.
order-status. payment-details. render-after - customer-account.
order-status. return-details. render-after - customer-account.
order-status. unfulfilled-items. render-after - customer-account.
order. action. menu-item. render - customer-account.
order. action. render - customer-account.
order. page. render - customer-account.
page. render - customer-account.
profile. addresses. render-after - customer-account.
profile. announcement. render - customer-account.
profile. block. render - customer-account.
profile. company-details. render-after - customer-account.
profile. company-location-addresses. render-after - customer-account.
profile. company-location-payment. render-after - customer-account.
profile. company-location-staff. render-after - customer-account.
profile. payment. render-after
Supported targets
- customer-account.
footer. render-after - customer-account.
order-index. announcement. render - customer-account.
order-index. block. render - customer-account.
order-status. announcement. render - customer-account.
order-status. block. render - customer-account.
order-status. cart-line-item. render-after - customer-account.
order-status. cart-line-list. render-after - customer-account.
order-status. customer-information. render-after - customer-account.
order-status. fulfillment-details. render-after - customer-account.
order-status. payment-details. render-after - customer-account.
order-status. return-details. render-after - customer-account.
order-status. unfulfilled-items. render-after - customer-account.
order. action. menu-item. render - customer-account.
order. action. render - customer-account.
order. page. render - customer-account.
page. render - customer-account.
profile. addresses. render-after - customer-account.
profile. announcement. render - customer-account.
profile. block. render - customer-account.
profile. company-details. render-after - customer-account.
profile. company-location-addresses. render-after - customer-account.
profile. company-location-payment. render-after - customer-account.
profile. company-location-staff. render-after - customer-account.
profile. payment. render-after
Anchor to PropertiesProperties
The shopify global object provides the customer privacy data and consent management methods. Access the following properties on shopify to read privacy consent settings and apply consent changes.
- Anchor to applyTrackingConsentChangeapplyTrackingConsentChangeapplyTrackingConsentChangeApplyTrackingConsentChangeTypeApplyTrackingConsentChangeTyperequiredrequired
Applies updated tracking consent preferences for the buyer, including their decisions for analytics, marketing, and data sale, along with any custom tracking consent metafields. Returns a promise that resolves with the result of the consent update.
Requires the
capability and access to protected customer data.- Anchor to customerPrivacycustomerPrivacycustomerPrivacySubscribableSignalLike<CustomerPrivacy>SubscribableSignalLike<CustomerPrivacy>requiredrequired
The buyer's current privacy consent settings, including their consent decisions for analytics, marketing, and data sale, whether a consent banner should be displayed, and whether the buyer is in a region that requires specific opt-out controls. Use this to read the buyer's consent state and determine how to display privacy-related UI.
ApplyTrackingConsentChangeType
- visitorConsent
VisitorConsentChange
Promise<TrackingConsentChangeResult>VisitorConsentChange
- analytics
The visitor's consent for analytics tracking. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - marketing
The visitor's consent for marketing and targeted advertising. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - metafields
Tracking consent metafield data to be saved. If the value is `null`, the metafield is deleted.
TrackingConsentMetafieldChange[] - preferences
The visitor's consent for storing preferences such as language and currency. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - saleOfData
The visitor's consent for the sale or sharing of their personal data with third parties. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - type
Identifies this as a visitor consent change. This is the only supported change type for `applyTrackingConsentChange()`.
'changeVisitorConsent'
TrackingConsentMetafieldChange
- key
The identifier for the tracking consent metafield to update.
string - value
The new value to store in the metafield. Set to `null` to delete the metafield. Consent metafield values are strings, not booleans. Pass `null` to delete a tracking consent metafield.
string | null
TrackingConsentChangeResult
TrackingConsentChangeResultSuccess | TrackingConsentChangeResultErrorTrackingConsentChangeResultSuccess
The returned result of a successful tracking consent preference update.
- type
Indicates that the tracking consent update was applied successfully.
'success'
TrackingConsentChangeResultError
The returned result of an unsuccessful tracking consent preference update with a message detailing the type of error that occurred.
- message
A message that explains the error. This message is useful for debugging. It isn't localized and shouldn't be displayed to the buyer.
string - type
Indicates that the tracking consent update couldn't be applied. Check the `message` property for details.
'error'
SubscribableSignalLike
Represents a reactive signal interface that provides both immediate value access and subscription-based updates. Enables real-time synchronization with changing data through the observer pattern. This interface extends `ReadonlySignalLike` with deprecated fields that are still supported for backwards compatibility.
- current
The current value of the signal. Equivalent to `.value`, accessing this property subscribes to changes when used in a reactive context.
T - destroy
Cleans up the subscription and releases any resources held by this signal. After calling `destroy()`, the signal stops receiving updates from the main thread.
() => Promise<void> - subscribe
Subscribes to value changes and calls the provided function whenever the value updates. Returns an unsubscribe function to clean up the subscription. Use to automatically react to changes in the signal's value.
(fn: (value: T) => void) => () => void - value
The current value of the signal. This property provides immediate access to the current value without requiring subscription setup. Use for one-time value checks or initial setup.
T
CustomerPrivacy
- allowedProcessing
Flags indicating whether each type of data processing is permitted, based on the visitor's consent, the merchant's privacy configuration, and the visitor's geographic location.
AllowedProcessing - metafields
The tracking consent metafields that have been stored for this visitor. These contain app-specific consent data beyond the standard categories.
TrackingConsentMetafield[] - region
The visitor's geographic location, used to determine whether more granular consent controls should be displayed based on regional privacy regulations.
CustomerPrivacyRegion - saleOfDataRegion
Whether the visitor is located in a region that requires an explicit opt-out option for the sale or sharing of personal data, such as California (CCPA) or other jurisdictions with similar regulations.
boolean - shouldShowBanner
Whether a consent banner should be displayed by default when the page loads. Use this as the initial open/expanded state of the consent banner. This is determined by the visitor's current privacy consent, the shop's [region visibility configuration](https://help.shopify.com/en/manual/privacy-and-security/privacy/customer-privacy-settings/privacy-settings#add-a-cookie-banner) settings, and the region in which the visitor is located.
boolean - visitorConsent
The visitor's current privacy consent settings. Each property represents a consent category and is `true` (actively granted), `false` (actively denied), or `undefined` (no decision made yet).
VisitorConsent
AllowedProcessing
- analytics
Whether analytics data can be collected based on the visitor's consent, the merchant's privacy configuration, and the visitor's region. Analytics data includes how the shop was used and what interactions occurred. Whether analytics data can be collected right now. Combines the buyer's consent, the merchant's privacy configuration, and the buyer's region into a single boolean. Check this flag, not `visitorConsent.analytics`, before calling `shopify.analytics.publish()`.
boolean - marketing
Whether marketing data can be collected based on the visitor's consent, the merchant's privacy configuration, and the visitor's region. Marketing data includes attribution and targeted advertising preferences. Whether marketing data can be collected right now. Combines the buyer's consent, the merchant's privacy configuration, and the buyer's region into a single boolean. Check this flag, not `visitorConsent.marketing`, before performing marketing-related data collection.
boolean - preferences
Whether preference data can be collected based on the visitor's consent, the merchant's privacy configuration, and the visitor's region. Preference data includes language, currency, and sizing choices. Whether preference data can be collected right now. Combines the buyer's consent, the merchant's privacy configuration, and the buyer's region into a single boolean. Check this flag, not `visitorConsent.preferences`, before storing or reading buyer preference data.
boolean - saleOfData
Whether data can be shared with third parties based on the visitor's consent, the merchant's privacy configuration, and the visitor's region. This typically applies to behavioral advertising data. Whether buyer data can be shared with or sold to third parties right now. Combines the buyer's consent, the merchant's privacy configuration, and the buyer's region into a single boolean. Check this flag, not `visitorConsent.saleOfData`, before sharing or selling buyer data with third parties.
boolean
TrackingConsentMetafield
- key
The identifier for the tracking consent metafield, such as `'analyticsType'` or `'marketingType'`.
string - value
The value stored in the tracking consent metafield, such as `'granular'` or a stringified JSON object.
string
CustomerPrivacyRegion
- countryCode
The buyer's country code in [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) format. The value is `undefined` if geolocation failed. {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data).
CountryCode - provinceCode
The buyer's province, state, or region code in [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2) format. The value is `undefined` if geolocation failed or only the country was detected. {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data).
string
CountryCode
'AC' | 'AD' | 'AE' | 'AF' | 'AG' | 'AI' | 'AL' | 'AM' | 'AN' | 'AO' | 'AR' | 'AT' | 'AU' | 'AW' | 'AX' | 'AZ' | 'BA' | 'BB' | 'BD' | 'BE' | 'BF' | 'BG' | 'BH' | 'BI' | 'BJ' | 'BL' | 'BM' | 'BN' | 'BO' | 'BQ' | 'BR' | 'BS' | 'BT' | 'BV' | 'BW' | 'BY' | 'BZ' | 'CA' | 'CC' | 'CD' | 'CF' | 'CG' | 'CH' | 'CI' | 'CK' | 'CL' | 'CM' | 'CN' | 'CO' | 'CR' | 'CU' | 'CV' | 'CW' | 'CX' | 'CY' | 'CZ' | 'DE' | 'DJ' | 'DK' | 'DM' | 'DO' | 'DZ' | 'EC' | 'EE' | 'EG' | 'EH' | 'ER' | 'ES' | 'ET' | 'FI' | 'FJ' | 'FK' | 'FO' | 'FR' | 'GA' | 'GB' | 'GD' | 'GE' | 'GF' | 'GG' | 'GH' | 'GI' | 'GL' | 'GM' | 'GN' | 'GP' | 'GQ' | 'GR' | 'GS' | 'GT' | 'GW' | 'GY' | 'HK' | 'HM' | 'HN' | 'HR' | 'HT' | 'HU' | 'ID' | 'IE' | 'IL' | 'IM' | 'IN' | 'IO' | 'IQ' | 'IR' | 'IS' | 'IT' | 'JE' | 'JM' | 'JO' | 'JP' | 'KE' | 'KG' | 'KH' | 'KI' | 'KM' | 'KN' | 'KP' | 'KR' | 'KW' | 'KY' | 'KZ' | 'LA' | 'LB' | 'LC' | 'LI' | 'LK' | 'LR' | 'LS' | 'LT' | 'LU' | 'LV' | 'LY' | 'MA' | 'MC' | 'MD' | 'ME' | 'MF' | 'MG' | 'MK' | 'ML' | 'MM' | 'MN' | 'MO' | 'MQ' | 'MR' | 'MS' | 'MT' | 'MU' | 'MV' | 'MW' | 'MX' | 'MY' | 'MZ' | 'NA' | 'NC' | 'NE' | 'NF' | 'NG' | 'NI' | 'NL' | 'NO' | 'NP' | 'NR' | 'NU' | 'NZ' | 'OM' | 'PA' | 'PE' | 'PF' | 'PG' | 'PH' | 'PK' | 'PL' | 'PM' | 'PN' | 'PS' | 'PT' | 'PY' | 'QA' | 'RE' | 'RO' | 'RS' | 'RU' | 'RW' | 'SA' | 'SB' | 'SC' | 'SD' | 'SE' | 'SG' | 'SH' | 'SI' | 'SJ' | 'SK' | 'SL' | 'SM' | 'SN' | 'SO' | 'SR' | 'SS' | 'ST' | 'SV' | 'SX' | 'SY' | 'SZ' | 'TA' | 'TC' | 'TD' | 'TF' | 'TG' | 'TH' | 'TJ' | 'TK' | 'TL' | 'TM' | 'TN' | 'TO' | 'TR' | 'TT' | 'TV' | 'TW' | 'TZ' | 'UA' | 'UG' | 'UM' | 'US' | 'UY' | 'UZ' | 'VA' | 'VC' | 'VE' | 'VG' | 'VN' | 'VU' | 'WF' | 'WS' | 'XK' | 'YE' | 'YT' | 'ZA' | 'ZM' | 'ZW' | 'ZZ'VisitorConsent
- analytics
The visitor's consent for analytics tracking. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - marketing
The visitor's consent for marketing and targeted advertising. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - preferences
The visitor's consent for storing preferences such as language and currency. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean - saleOfData
The visitor's consent for the sale or sharing of their personal data with third parties. `true` means the visitor actively granted consent, `false` means actively denied, and `undefined` means no decision has been made yet.
boolean
Anchor to Best practicesBest practices
- Use
shouldShowBannerfor initial state: Check theshouldShowBannerproperty to determine whether to display a consent banner when the page loads, rather than always showing one. - Respect regional requirements: Use
saleOfDataRegionandregionto determine if additional opt-out controls are required for the buyer's location.