Consent requirements for various apps
Shopify recently notified us that all apps and themes that insert cookies into a merchant storefront will now be required to integrate with the Customer Privacy JS API starting February 6th, 2023. This ensures that buyer consent for a particular data processing purpose is respected before loading any non-essential cookies, in order to facilitate compliance with industry standards and applicable data privacy regulations. App and theme extensions must pass through consent signals using the Customer Privacy JS API.
As a direct result, if you've configured your store to collect preference, analytics, and marketing data after receiving consent in your store's settings (see screenshot below), there are a few Vitals apps that won't be able to function correctly until the visitors consent to data collection and cookies.
These apps include:
- Facebook Pixels - without proper consent, we are not allowed to initialize Facebook's script, as it would send data to Facebook;
- Facebook Messenger Chat - without proper consent, we are not allowed to initialize Facebook's script, as it would send data to Facebook;
- Visitor Replays - without proper consent, Vitals isn't allowed to capture and stream the visitors' mouse movements and clicks,
- Recently Viewed Products - without proper consent, we cannot use cookies to save the information about the products viewed by your visitors;
- Countdown Timer and Cart Notice - without proper consent, the expiration time would be the same every time the page is reloaded.
Some apps will behave differently until the proper consent is given:
- Pop-ups - typically, you can create a few pop-ups and customize how often different pop-ups should be shown. Without proper consent, Vitals would be unable to know how much time has passed since a banner was displayed, so we will default to only offering one pop-up per session, randomly chosen from your pop-ups, and once closed, no more pop-ups will show up again in that session. The same principles apply to the Spin the Wheel app as well;
- Recent Sales Notifications - typically, you can decide how many notifications will be shown during a session. However, without proper consent, we will display a set number of notifications on every pageview.
- Push Marketing - without consent, the Opt-in Prompt Timings based on the number of Page Views will not work. We are not allowed to place a cookie that helps us count the number of pages visited by the customer, so in the absence of the cookies' consent, the Push Opt-in Prompt will be displayed on each page, with a 5 seconds delay (until the cookie consent is provided or user chooses an option for the Push Marketing Opt-in).
Vitals fully respects the data collection setting you've made in your store's Shopify admin.
To enable your store to start respecting and getting of consent from visitors that are based in the EU, simply do the following steps:
- Go to Shopify admin > Settings > Customer Privacy:
From here, you have two options that you can do - either use Shopify's own Cookie Banner feature, or you can use one from a different app, such as our Cookie Banner app.
- If you would like to use Shopify's own Cookie Banner, you can simply do so by clicking the Activate Cookie Banner:
However, if you would like to use our Cookie Banner app, kindly click on More Actions > Use Custom Cookie banner instead;
- Regardless of what you choose, you will be provided a list of countries where you would like the cookie banner to appear. Select the regions where you would like the Cookie Banner app to appear on. (Note that Shopify has already pre-selected the recommended regions that should need consent, and you will be able to confirm it.)
💡 Given the complexities around jurisdictions, privacy laws/regulations, and how you and your team intend to use Shopify and Vitals, you should seek guidance from your legal counsel on when is the best approach to use this.