Docs
  • INTRO
    • What is Shoplift?
    • What to Test
    • Quickstart
      • Install Shoplift
      • Create a Test
      • Edit Your Variant
      • Launch Your Test
  • TEST
    • Template Testing
      • Overview
      • Guides
        • Guide: Testing Individual Pages
        • Guide: Testing One-Click Payment Methods
        • Guide: Testing App Blocks
        • Guide: Testing Different Template Types
      • Theme Compatibility
      • Template Management
      • Switching Themes
      • Shopify Markets
      • Shopify Translate & Adapt
    • Theme Testing
      • Overview
      • Guides
        • Guide: Testing a Navigation Menu
        • Guide: Testing a Mini Cart
      • Theme Management
      • Theme Development
      • Switching Themes
    • URL Testing
      • Overview
      • Guides
        • Guide: Testing URLs
        • Guide: Testing Product Properties
    • JavaScript API Testing
      • isHypothesisActive
      • setAnalyticsConsent
      • getVisitorData
    • Lift Assist™
      • What is Lift Assist™?
      • How To Use Lift Assist™
      • Brand Styles
    • Audience Targeting
      • Devices
      • New and Returning Visitors
      • Custom Audiences (UTMs, Referring Domains, and Geo-targeting)
    • Test Management
      • Test Compatibility
      • Mutual Exclusion
      • QA Checklist
      • Scheduling Tests
      • Pausing Tests
      • Implementing Winning Tests
    • Performance
      • Pagespeed
      • Shopify Caching
      • CDNs and Edge Delivery
  • ANALYZE
    • Reports
      • Overview
      • Metrics
        • Goals & Reporting Metrics
        • Metric Views
      • Test Progress
      • Statistical Significance
      • Channel Groups
    • Tracking
      • Visitor Attribution
      • Web Pixel
      • Liquid Snippet
      • Anti-Flicker
      • Analytics Discrepancies
  • integrate
    • Integrations and Tooling
      • GA4 (Beta)
        • Integrate GA4 (Shopify)
        • Integrate GA4 with Google Tag Manager
        • Integrate GA4 with Elevar
        • Analyze Test Data In Google Analytics
        • Disabling the GA4 Integration
      • Subscription Apps
      • Page Builder Apps
      • Reporting Tools
      • Heatmapping Tools
      • Custom Integrations
  • ADMIN
    • Plans and Billing
      • Subscription Plans
      • Uninstalling Shoplift
    • Users and Permissions
      • Managing Team Access
      • Managing User Notifications
    • Privacy and Compliance
      • Customer Data and GDPR
  • PARTNERS & DEVELOPERS
    • Shoplift Partner Program
    • Testing on Development Stores
  • SUPPORT
    • Frequently Asked Questions
    • Get Help
    • Give Feedback
Powered by GitBook

Contact Us

  • Get help
  • Give feedback
  • Request a feature

Helpful Links

  • Shoplift
  • Shopify App Store
On this page
  • Overview
  • Data controllers and data processors
  • Obtaining consent for data collection
  • Tracking methods to ensure compliance
  • Does Shoplift collect identifiable information about website visitors?
  • Why does Shopify say Shoplift needs access to sensitive customer data when I install the app?

Was this helpful?

  1. ADMIN
  2. Privacy and Compliance

Customer Data and GDPR

PreviousPrivacy and ComplianceNextShoplift Partner Program

Last updated 5 months ago

Was this helpful?

Overview

When navigating data privacy laws, such as the General Data Protection Regulation (GDPR), Shoplift is committed to ensuring that merchants can stay compliant effortlessly while still benefiting from powerful A/B testing and revenue optimization tools.

In this article, we will explain Shoplift’s role as a data processor, how merchants are responsible as data controllers, and the steps we take to ensure that data collection is only done with visitor consent.

We will also discuss how Shoplift uses a blend of essential and analytics tracking methods to maintain a seamless website experience, even when consent is declined.

For a full overview of our data collection practices, see our .

Data controllers and data processors

Firstly, it's important to understand the distinction between data controllers and data processors under GDPR:

Merchants as Data Controllers

Merchants who use Shoplift are considered data controllers, meaning they determine the purpose and legal basis for collecting and processing visitor data. This also means that merchants are responsible for obtaining visitor consent in regions where it is required (such as the European Union) before any data is collected.

Shoplift as a Data Processor

Shoplift acts as a data processor, meaning we handle data on behalf of merchants based on the permissions and consent that merchants obtain from their visitors. Our responsibility is to process data securely and only in line with the merchant’s instructions and the applicable privacy laws.

Obtaining consent for data collection

Depending on the regions in which a you operate your store, GDPR and other privacy laws may require explicit visitor consent before any data collection occurs. Shoplift makes it easy for merchants to stay compliant out of the box.

1. Shopify's Customer Privacy API

By default, Shoplift leverages Shopify’s Customer Privacy API, which determines whether a visitor has granted analytics consent to collect data. If you use Shopify's data compliance tools, then no action is required to ensure Shoplift remains compliant with customer privacy laws:

  • If analytics consent is granted, Shoplift collects anonymized event data to run and measure experiment performance.

  • If analytics consent is declined, Shoplift ensures that no visitor data is collected, logged, or stored in any way, allowing merchants to respect the privacy choices of their visitors.

This process is seamless, meaning that merchants can focus on running their business without worrying about GDPR compliance.

2. Third-Party Consent Management Tools

If you use third-party tools to manage consent, Shoplift will be compliant out-of-the-box as long as your consent management platform is able to hook into Shopify's Customer Privacy API.

window.shoplift.setAnalyticsConsent(v: boolean): Promise<void>;

Tracking methods to ensure compliance

To provide the best possible user experience, Shoplift uses a combination of essential tracking and analytics tracking:

  • Essential tracking ensures that the website operates smoothly and delivers necessary functionality, regardless of consent.

  • Analytics tracking is only activated if analytics consent is granted by the visitor. This allows us to collect valuable, anonymized data to drive A/B testing, personalization, and optimization efforts.

Shoplift’s approach ensures that there is no “flicker” effect—an undesirable momentary disruption in the website’s appearance or performance—when conducting tests. Even if consent is denied, Shoplift maintains a stable and optimized user experience, ensuring your website performs at its best while respecting user privacy.

Does Shoplift collect identifiable information about website visitors?

When collecting data about website visitors, Shoplift does not log or store any personal identifiable information (PII). This includes information like name, email, phone number, IP address, or location.

Why does Shopify say Shoplift needs access to sensitive customer data when I install the app?

In order to access web pixel events from Shopify's servers, our app requires access to Shopify's Customer Event data.

In order to access this Customer Event data, Shoplift needs to request the necessary access scopes. The scopes required to access to this anonymized event data are bundled in with access to PII data like name, address, and phone number. This is why Shopify will display a message informing you of access to sensitive customer data during install.

Shoplift does not collect, log, or store any personal identifiable information from customers.

If you use a third-party consent management platform that does not hook into Shopify's Customer Privacy, we provide a method in our that can be called to set a boolean value for analytics consent:

Data Processing Addendum
JavaScript API