Customer PrivacyAPI
The API for interacting with a customer's privacy consent. It is similar to the Customer Privacy API in storefront.
Anchor to standardapiStandardApi
The base API object provided to this and other customer-account extension targets.
- Anchor to applyTrackingConsentChangeapplyTrackingConsentChangeApplyTrackingConsentChangeTyperequired
Allows setting and updating customer privacy consent settings and tracking consent metafields.
NoteRequires the
capability to be set totrue.Requires access to protected customer data.
- Anchor to customerPrivacycustomerPrivacySubscribableSignalLike<CustomerPrivacy>required
Customer privacy consent settings and a flag denoting if consent has previously been collected.
ApplyTrackingConsentChangeType
- visitorConsent
VisitorConsentChange
Promise<TrackingConsentChangeResult>( visitorConsent: VisitorConsentChange, ) => Promise<TrackingConsentChangeResult>VisitorConsentChange
- analytics
Visitor consents to recording data to understand how customers interact with the site.
boolean - marketing
Visitor consents to ads and marketing communications based on customer interests.
boolean - metafields
Tracking consent metafield data to be saved. If the value is `null`, the metafield will be deleted.
TrackingConsentMetafieldChange[] - preferences
Visitor consent to remembering customer preferences, such as country or language, to personalize visits to the website.
boolean - saleOfData
Opts the visitor out of data sharing / sales.
boolean - type
'changeVisitorConsent'
export interface VisitorConsentChange extends VisitorConsent { /** * Tracking consent metafield data to be saved. * * If the value is `null`, the metafield will be deleted. * * @example `[{key: 'granularAnalytics', value: 'true'}, {key: 'granularMarketing', value: 'false'}]` */ metafields?: TrackingConsentMetafieldChange[]; type: 'changeVisitorConsent'; }TrackingConsentMetafieldChange
- key
The name of the metafield. It must be between 3 and 30 characters in length (inclusive).
string - value
The information to be stored as metadata. If the value is `null`, the metafield will be deleted.
string | null
export interface TrackingConsentMetafieldChange { /** * The name of the metafield. It must be between 3 and 30 characters in * length (inclusive). */ key: string; /** * The information to be stored as metadata. If the value is `null`, the metafield will be deleted. * * @example 'any string', `null`, or a stringified JSON object */ value: string | null; }TrackingConsentChangeResult
TrackingConsentChangeResultSuccess | TrackingConsentChangeResultErrorTrackingConsentChangeResultSuccess
The returned result of a successful tracking consent preference update.
- type
The type of the `TrackingConsentChangeResultSuccess` API.
'success'
export interface TrackingConsentChangeResultSuccess { /** * The type of the `TrackingConsentChangeResultSuccess` API. */ type: 'success'; }TrackingConsentChangeResultError
The returned result of an unsuccessful tracking consent preference update with a message detailing the type of error that occurred.
- message
A message that explains the error. This message is useful for debugging. It is **not** localized, and therefore should not be presented directly to the buyer.
string - type
The type of the `TrackingConsentChangeResultError` API.
'error'
export interface TrackingConsentChangeResultError { /** * The type of the `TrackingConsentChangeResultError` API. */ type: 'error'; /** * A message that explains the error. This message is useful for debugging. * It is **not** localized, and therefore should not be presented directly * to the buyer. */ message: string; }SubscribableSignalLike
Represents a read-only value managed on the main thread that an extension can subscribe to. Example: Checkout uses this to manage the state of an object and communicate state changes to extensions running in a sandboxed web worker. This interface is compatible with [Preact's ReadonlySignal](https://github.com/preactjs/signals/blob/a023a132a81bd4ba4a0bebb8cbbeffbd8c8bbafc/packages/core/src/index.ts#L700-L709). Some fields are deprecated but still supported for backwards compatibility. In version 2025-10, [`StatefulRemoteSubscribable`](https://github.com/Shopify/remote-dom/blob/03929aa8418a89d41d294005f219837582718df8/packages/async-subscription/src/types.ts#L17) was replaced with `ReadonlySignalLike`. Checkout will remove the old fields some time in the future.
- current
T - destroy
() => Promise<void> - subscribe
(fn: (value: T) => void) => () => void - value
T
export interface SubscribableSignalLike<T> extends ReadonlySignalLike<T> { /** * @deprecated Use `.value` instead. */ readonly current: T; /** * @deprecated No longer needed. Use Preact Signal management instead. */ destroy(): Promise<void>; }CustomerPrivacy
- allowedProcessing
An object containing flags for each consent property denoting whether they can be processed based on visitor consent, merchant configuration, and user location.
AllowedProcessing - metafields
Stored tracking consent metafield data.
TrackingConsentMetafield[] - region
Details about the visitor's current location for use in evaluating if more granular consent controls should render.
CustomerPrivacyRegion - saleOfDataRegion
Whether the visitor is in a region requiring data sale opt-outs.
boolean - shouldShowBanner
Whether a consent banner should be displayed by default when the page loads. Use this as the initial open/expanded state of the consent banner. This is determined by the visitor's current privacy consent, the shop's [region visibility configuration](https://help.shopify.com/en/manual/privacy-and-security/privacy/customer-privacy-settings/privacy-settings#add-a-cookie-banner) settings, and the region in which the visitor is located.
boolean - visitorConsent
An object containing the customer's current privacy consent settings. *
VisitorConsent
export interface CustomerPrivacy { /** * An object containing flags for each consent property denoting whether they can be processed based on visitor consent, merchant configuration, and user location. */ allowedProcessing: AllowedProcessing; /** * Stored tracking consent metafield data. * * @example `[{key: 'analyticsType', value: 'granular'}, {key: 'marketingType', value: 'granular'}]`, or `[]` */ metafields: TrackingConsentMetafield[]; /** * An object containing the customer's current privacy consent settings. * * * @example `true` — the customer has actively granted consent, `false` — the customer has actively denied consent, or `undefined` — the customer has not yet made a decision. */ visitorConsent: VisitorConsent; /** * Whether a consent banner should be displayed by default when the page loads. Use this as the initial open/expanded state of the consent banner. * * This is determined by the visitor's current privacy consent, the shop's [region visibility configuration](https://help.shopify.com/en/manual/privacy-and-security/privacy/customer-privacy-settings/privacy-settings#add-a-cookie-banner) settings, and the region in which the visitor is located. */ shouldShowBanner: boolean; /** * Whether the visitor is in a region requiring data sale opt-outs. */ saleOfDataRegion: boolean; /** * Details about the visitor's current location for use in evaluating if more granular consent controls should render. * * @example `{countryCode: 'CA', provinceCode: 'ON'}` for a visitor in Ontario, Canada; `{countryCode: 'US', provinceCode: undefined}` for a visitor in the United States if geolocation fails to detect the state; or `undefined` if neither country nor province is detected or geolocation fails. * * {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data). */ region?: CustomerPrivacyRegion; }AllowedProcessing
- analytics
Can collect customer analytics about how the shop was used and interactions made on the shop.
boolean - marketing
Can collect customer preference for marketing, attribution and targeted advertising from the merchant.
boolean - preferences
Can collect customer preferences such as language, currency, size, and more.
boolean - saleOfData
Can collect customer preference for sharing data with third parties, usually for behavioral advertising.
boolean
export interface AllowedProcessing { /** * Can collect customer analytics about how the shop was used and interactions made on the shop. */ analytics: boolean; /** * Can collect customer preference for marketing, attribution and targeted advertising from the merchant. */ marketing: boolean; /** * Can collect customer preferences such as language, currency, size, and more. */ preferences: boolean; /** * Can collect customer preference for sharing data with third parties, usually for behavioral advertising. */ saleOfData: boolean; }TrackingConsentMetafield
- key
The name of the metafield. It must be between 3 and 30 characters in length (inclusive).
string - value
The information to be stored as metadata.
string
export interface TrackingConsentMetafield { /** * The name of the metafield. It must be between 3 and 30 characters in * length (inclusive). */ key: string; /** * The information to be stored as metadata. * * @example 'any string', '', or a stringified JSON object */ value: string; }CustomerPrivacyRegion
- countryCode
The [ISO 3166 Alpha-2 format](https://www.iso.org/iso-3166-country-codes.html) for the buyer's country. {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data).
CountryCode - provinceCode
The buyer's province code, such as state, province, prefecture, or region. Province codes can be found by clicking on the `Subdivisions assigned codes` column for countries listed [here](https://en.wikipedia.org/wiki/ISO_3166-2). {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data).
string
export interface CustomerPrivacyRegion { /** * The [ISO 3166 Alpha-2 format](https://www.iso.org/iso-3166-country-codes.html) for the buyer's country. * * {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data). * * @example 'CA' for Canada, 'US' for United States, 'GB' for Great Britain, or undefined if geolocation failed. */ countryCode?: CountryCode; /** * The buyer's province code, such as state, province, prefecture, or region. * * Province codes can be found by clicking on the `Subdivisions assigned codes` column for countries listed [here](https://en.wikipedia.org/wiki/ISO_3166-2). * * {% include /apps/checkout/privacy-icon.md %} Requires level 1 access to [protected customer data](/docs/apps/store/data-protection/protected-customer-data). * * @example 'ON' for Ontario, 'ENG' for England, 'CA' for California, or undefined if geolocation failed or only the country was detected. */ provinceCode?: string; }CountryCode
'AC' | 'AD' | 'AE' | 'AF' | 'AG' | 'AI' | 'AL' | 'AM' | 'AN' | 'AO' | 'AR' | 'AT' | 'AU' | 'AW' | 'AX' | 'AZ' | 'BA' | 'BB' | 'BD' | 'BE' | 'BF' | 'BG' | 'BH' | 'BI' | 'BJ' | 'BL' | 'BM' | 'BN' | 'BO' | 'BQ' | 'BR' | 'BS' | 'BT' | 'BV' | 'BW' | 'BY' | 'BZ' | 'CA' | 'CC' | 'CD' | 'CF' | 'CG' | 'CH' | 'CI' | 'CK' | 'CL' | 'CM' | 'CN' | 'CO' | 'CR' | 'CU' | 'CV' | 'CW' | 'CX' | 'CY' | 'CZ' | 'DE' | 'DJ' | 'DK' | 'DM' | 'DO' | 'DZ' | 'EC' | 'EE' | 'EG' | 'EH' | 'ER' | 'ES' | 'ET' | 'FI' | 'FJ' | 'FK' | 'FO' | 'FR' | 'GA' | 'GB' | 'GD' | 'GE' | 'GF' | 'GG' | 'GH' | 'GI' | 'GL' | 'GM' | 'GN' | 'GP' | 'GQ' | 'GR' | 'GS' | 'GT' | 'GW' | 'GY' | 'HK' | 'HM' | 'HN' | 'HR' | 'HT' | 'HU' | 'ID' | 'IE' | 'IL' | 'IM' | 'IN' | 'IO' | 'IQ' | 'IR' | 'IS' | 'IT' | 'JE' | 'JM' | 'JO' | 'JP' | 'KE' | 'KG' | 'KH' | 'KI' | 'KM' | 'KN' | 'KP' | 'KR' | 'KW' | 'KY' | 'KZ' | 'LA' | 'LB' | 'LC' | 'LI' | 'LK' | 'LR' | 'LS' | 'LT' | 'LU' | 'LV' | 'LY' | 'MA' | 'MC' | 'MD' | 'ME' | 'MF' | 'MG' | 'MK' | 'ML' | 'MM' | 'MN' | 'MO' | 'MQ' | 'MR' | 'MS' | 'MT' | 'MU' | 'MV' | 'MW' | 'MX' | 'MY' | 'MZ' | 'NA' | 'NC' | 'NE' | 'NF' | 'NG' | 'NI' | 'NL' | 'NO' | 'NP' | 'NR' | 'NU' | 'NZ' | 'OM' | 'PA' | 'PE' | 'PF' | 'PG' | 'PH' | 'PK' | 'PL' | 'PM' | 'PN' | 'PS' | 'PT' | 'PY' | 'QA' | 'RE' | 'RO' | 'RS' | 'RU' | 'RW' | 'SA' | 'SB' | 'SC' | 'SD' | 'SE' | 'SG' | 'SH' | 'SI' | 'SJ' | 'SK' | 'SL' | 'SM' | 'SN' | 'SO' | 'SR' | 'SS' | 'ST' | 'SV' | 'SX' | 'SY' | 'SZ' | 'TA' | 'TC' | 'TD' | 'TF' | 'TG' | 'TH' | 'TJ' | 'TK' | 'TL' | 'TM' | 'TN' | 'TO' | 'TR' | 'TT' | 'TV' | 'TW' | 'TZ' | 'UA' | 'UG' | 'UM' | 'US' | 'UY' | 'UZ' | 'VA' | 'VC' | 'VE' | 'VG' | 'VN' | 'VU' | 'WF' | 'WS' | 'XK' | 'YE' | 'YT' | 'ZA' | 'ZM' | 'ZW' | 'ZZ'VisitorConsent
- analytics
Visitor consents to recording data to understand how customers interact with the site.
boolean - marketing
Visitor consents to ads and marketing communications based on customer interests.
boolean - preferences
Visitor consent to remembering customer preferences, such as country or language, to personalize visits to the website.
boolean - saleOfData
Opts the visitor out of data sharing / sales.
boolean
export interface VisitorConsent { /** * Visitor consents to recording data to understand how customers interact with the site. */ analytics?: boolean; /** * Visitor consents to ads and marketing communications based on customer interests. */ marketing?: boolean; /** * Visitor consent to remembering customer preferences, such as country or language, to personalize visits to the website. */ preferences?: boolean; /** * Opts the visitor out of data sharing / sales. */ saleOfData?: boolean; }Extension.jsx
Examples
Extension.jsx
Default
import '@shopify/ui-extensions/preact'; import {render} from 'preact'; export default async () => { render(<Extension />, document.body); }; function Extension() { const visitorConsent = shopify.customerPrivacy.value .visitorConsent || {}; // Use consent values console.log( 'analytics', visitorConsent.analytics, ); console.log( 'marketing', visitorConsent.marketing, ); console.log( 'preferences', visitorConsent.preferences, ); console.log( 'saleOfData', visitorConsent.saleOfData, ); return null; }
Anchor to examplesExamples
Anchor to example-use-a-sheet-to-manage-customer-privacy-consentUse a Sheet to manage customer privacy consent
You can apply changes to customer consent by using the API.
Requires the capability to be set to true.
Use a Sheet to manage customer privacy consent
Extension.jsx
Examples
Use a Sheet to manage customer privacy consent
Description
You can apply changes to customer consent by using the `applyTrackingConsentChanges` API. > Note: Requires the [`customer_privacy` capability](/docs/api/customer-account-ui-extensions/configuration#collect-buyer-consent) to be set to `true`.
Extension.jsx
import '@shopify/ui-extensions/preact'; import {render} from 'preact'; import {useState, useRef} from 'preact/hooks'; export default async () => { render(<Extension />, document.body); }; function Extension() { const { shouldShowBanner, visitorConsent: { analytics, marketing, preferences, saleOfData, }, } = shopify.customerPrivacy.value; const [ consentFormValues, setConsentFormValues, ] = useState({ analytics, marketing, preferences, saleOfData, }); const sheetId = 'sheet-consent'; const modalId = 'modal-consent'; const sheetRef = useRef(); const modalRef = useRef(); const getCheckboxOnChangeHandler = (key) => { return function (event) { setConsentFormValues({ ...consentFormValues, [key]: event.target.checked, }); }; }; const handleConsentChange = async (visitorConsent) => { try { const result = await shopify.applyTrackingConsentChange({ ...(visitorConsent ? visitorConsent : consentFormValues), type: 'changeVisitorConsent', }); // Check if operation was successful if (result.type === 'success') { modalRef.current?.hideOverlay(); sheetRef.current?.hideOverlay(); } else { // Handle failure case here } } catch (error) { // Handle error case here } }; const consentFormMarkup = ( <s-form onSubmit={() => handleConsentChange()} > <s-stack direction="block"> <s-grid gap="base"> <s-checkbox id="marketing" label="Marketing" value={consentFormValues.marketing} onChange={getCheckboxOnChangeHandler( 'marketing', )} /> <s-checkbox id="analytics" label="Analytics" value={consentFormValues.analytics} onChange={getCheckboxOnChangeHandler( 'analytics', )} /> <s-checkbox id="preferences" label="Preferences" value={consentFormValues.preferences} onChange={getCheckboxOnChangeHandler( 'preferences', )} /> <s-checkbox id="saleOfData" label="Sale of data" value={consentFormValues.saleOfData} onChange={getCheckboxOnChangeHandler( 'saleOfData', )} /> </s-grid> <s-button type="submit">Save</s-button> </s-stack> </s-form> ); return ( <s-sheet id={sheetId} ref={sheetRef} accessibilityLabel="A sheet that collects privacy consent preferences" defaultOpen // defaultOpen={shouldShowBanner} > <s-button slot="primary-action" variant="secondary" onClick={() => handleConsentChange({ analytics: false, marketing: false, preferences: false, saleOfData: false, }) } > I decline </s-button> <s-button slot="primary-action" variant="secondary" onClick={() => handleConsentChange({ analytics: true, marketing: true, preferences: true, saleOfData: true, }) } > I agree </s-button> <s-button slot="secondary-action" commandFor={modalId} > Settings </s-button> <s-modal id={modalId} ref={modalRef}> {consentFormMarkup} </s-modal> <s-paragraph> This website uses cookies to ensure you get the best experience on our website.{' '} <s-link>Privacy Policy</s-link> </s-paragraph> </s-sheet> ); }