Cookie Management and Privacy Compliance

This article is intended for advanced users and our partners as it requires advanced web development or Salesforce admin or programming knowledge. While the functionality is part of StoreConnect, we do not provide end user assistance to implement it beyond our help documentation. If you need help or are unsure on how to do this, you can hire one of our StoreConnect partners.

What is Privacy Compliance?

Privacy Compliance is the catch-all term for a number of requirements imposed on websites in various territories, eg: GDPR in the EU, and SCA in the UK. The basic aim of these requirements is to enable the user to understand how their actions are being tracked and what information on them is being collected and how it is being shared, and to disable any of these features except those that are strictly required for the website to work.

How does it work?

Our implementation assumes that cookies are set by some custom javascript on the site. So we need to know what script is responsible for each cookie.

To achieve this we have created 3 new objects:

  1. Script_Blocks__c
  2. Cookies__c
  3. Compliance_Groups__c.

The basic working premise of the cookies and compliance feature is as such:

Script Blocks

A Script Block is where JavaScript code snippets such as Google Analytics, Facebook Pixel, or similar would be inserted. Conversely, Script Blocks can be used for any JavaScript code independent of the cookies and compliance system.

Global, Active script blocks will be reproduced in the Store’s2 <head>3 section, in position order.

Adding a Script Block

‌Image: Adding a Script Block


Cookies are the JavaScript code snippets typically used by web developers to help create a better end-user experience. They are saved to an end-user’s internet browser when they visit a website with cookies enabled.

Compliance Groups

Compliance Groups are a way to group cookies by function, and a way to mark certain cookies as required. If a cookie is required, it is automatically enabled and cannot be disabled.

Using Privacy Compliance

Once you have set your scripts you must then:

  1. Configure each of the components of the cookie and compliance feature
  2. Then enable it

Configuring Privacy Compliance

Configuring Cookies

Cookies need to belong to both a Compliance Group and a Script Block in order to have any effect on the site.

They can be turned off by unchecking the Active check box

The following fields are used in the Cookie management screen to provide the user with info about what the cookie does:

Multiple cookies can be attached to the one Script Block. This is useful when a 3rd party script is responsible for multiple cookies. If this occurs, it should be noted that the script will only show if all cookies attached to it are enabled.

New Cookie

‌‌Image: Adding a Cookie

Configuring Compliance Groups

Compliance Groups must belong to a Store.

They can be turned off by unchecking the Active check box.

They can be marked as required (enabled always) by checking the Required check box.

The following fields are used in the Cookie management screen to provide the user with info about the group of cookies:

New Compliance Group

‌‌Image: Adding a Compliance Group

Configuring the Compliance Banner

Privacy Compliance

‌‌Image: Privacy Compliance

The Store object has two other fields related to the configuring of Privacy Compliance on the website:

These fields allow the Store admin to supply the content that shows in both the Banner and the Settings screen.

In our default themes, the banner will consist of three things:

  1. The content from Privacy Banner Content
  2. An Accept All button
  3. A Manage Cookies button

Apart from the button labels, all the text in the banner comes from content in Salesforce.

Sample Cookie Banner

‌‌Image: Sample Cookie Banner

Likewise, the Settings screen will consist almost entirely of content supplied by the Store admin:

All text except for the button labels and the enable/disable toggles comes from content in Salesforce.

Sample Settings Screen Collapsed

‌Image: Sample Settings Screen Collapsed

Sample Settings Screen Expanded

‌Image: ‌Sample Settings Screen Expanded

Enabling Privacy Compliance

The Privacy Compliance features will only work if they are enabled on the Store.

To enable it, go to the Privacy Compliance section on the Store layout and check the Enable Privacy Compliance checkbox:

Privacy Compliance Checkbox

‌Image: ‌Privacy Compliance Checkbox

Once the Privacy Compliance feature has been enabled:

  1. A privacy banner will be shown on the Store to tell the user about cookies, allow them to accept all cookies or open the cookie settings to manage the cookies in greater detail.

  2. Only Script Blocks independent of the cookies and compliance system; those linked to required Compliance Groups; and cookies accepted by the End-User will be included in the HTML <head> tag.

If the user never bothers to accept all or manage cookies, the banner will stay there and only the independent JavaScripts or required (necessary) cookies will be included.

If they do accept or manage the cookies, the banner will no longer show and the independent JavaScripts, required (necessary) and User Accepted cookies will be included. This only lasts for the browser session. If they revisit the site on another occasion after closing the browser, they will get the banner again.

Using Privacy Compliance with Social & Ad Source tracking

Please note that enabling Privacy Compliance will disable UTM tracking4. To enable it, add a cookie with the internal name STORECONNECT_UTM_TRACKING.

If a cookie with that name is enabled, UTM tracking will no longer be disabled by Privacy Compliance (ie it may still be disabled for other reasons though, see that feature for more details).

Find out more about our UTM Tracking feature

Privacy and UTM Tracking

‌‌Image: Privacy and UTM Tracking



  1. Cookie: HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session (Wikipedia). See Cookie Management and Privacy Compliance for help on setting custom cookies and managing privacy compliances. 

  2. Store: A “store” is a website built within StoreConnect / Salesforce with its own unique domain name or path. would be a store, and would be another store. You could also have paths such as for a website dedicated to Europe, or as another website dedicated to Australia. You access the Store’s configuration page by navigating to the StoreConnect Config app then selecting Stores from the dropdown menu. 

  3. <head> tag: Used to contain metadata such as the title of the page, its description, and any relevant keywords. Scripts (code), links to scripts and CSS files (for page styling) may also be contained in the <head> tag. 

  4. UTM Tracking Code: Urchin Tracking Module (UTM) codes are very common and broadly used to track website clicks and performance of marketing activities. They were originally developed by a software analytics company, “Urchin Software Corp” who were purchased by Google Corp. They in turn developed the Urchin software into what is now called, “Google Analytics”. 


Back to Documentation