Consent and regional compliance
Configure Apex so storefront testing and tracking respect consent requirements, Do Not Track, and regional privacy expectations.
Apex can render storefront variations separately from analytics tracking. This helps you configure experiments for stores that need consent before persistent storage or analytics events begin.
This page is product guidance, not legal advice. Work with your privacy or legal team to decide which settings are required for each region and storefront.
Consent mode
Use consent mode when your store needs Apex to wait for consent before using persistent storage or tracking. The SDK treats consent as required when requireConsent is true, when an initial hasConsent value is provided, or when consentMode.enabled is true.
Apex supports these SDK consent providers:
| Provider | Typical use |
|---|---|
custom | Your storefront owns consent state and calls setConsent(). |
onetrust | The store uses OneTrust consent groups. |
usercentrics | The store uses Usercentrics services. |
cookiebot | The store uses Cookiebot consent categories. |
ccm19 | The store uses CCM19 accepted embeddings. |
See SDK consent modes for copy-paste developer examples.
Do Not Track and storage
Apex runtime settings can respect browser Do Not Track and can change storage mode between local storage, session storage, cookies, and memory. Memory storage is the most temporary mode; it does not persist assignment identity across page loads.
When consent is denied, the SDK clears Apex visitor, goal, signal, config-cache, session, QA, and identity context storage where possible.
Platform install notes
Shopify, WooCommerce, Shopware, headless, and custom installs all use the same privacy principle: configure the runtime for the consent rules that apply to the storefront.
- Shopify installs should also respect Shopify customer privacy settings and the enabled web pixel behavior.
- WooCommerce installs load the Apex snippet through the WordPress plugin, so confirm your cookie banner rules allow or block that script according to your policy.
- Shopware installs declare the Apex statistical cookie entry in the app manifest and load the storefront bridge for confirmed active installs.
- Custom and headless installs can call the SDK consent API directly.
Regional checklist
- Decide whether Apex can render variations before analytics consent or must wait entirely.
- Enable provider-backed consent mode when a consent manager is present.
- Use Do Not Track support when your policy requires it.
- Use a storage mode that matches your retention and consent expectations.
- Document which identifiers your support team uses for export and deletion requests.
- Test consent granted and consent denied paths before launching an experiment in a regulated region.