πΊπΈ How to Ensure CCPA Compliance with Hoppy Cookie Consent
The California Consumer Privacy Act (CCPA) and similar US state privacy laws give consumers the right to understand how their personal information is used, request access to their data, request deletion, and opt out of the sale or sharing of personal information.
For Shopify stores, this means providing clear privacy notices, honoring consumer choices, and maintaining records of consent and opt-out requests.
Hoppy GDPR EU Cookie Banner includes several features designed to support these requirements, including:
- Data Sales Opt-Out controls
- Consent logging
- Region targeting
- Cookie scanning and classification
- Data request handling
- Global Privacy Control (GPC) support
This guide walks through the recommended setup process for creating a CCPA-focused privacy experience on your storefront.
β Before You Begin
Before configuring your banner:
- Install the Hoppy GDPR EU Cookie Banner app.
- Ensure you have access to Shopify Admin and Theme Editor.
- Create and publish a Privacy Policy page.
- Understand which cookies and tracking tools your store uses.
β οΈ This guide is intended to help configure the app and does not constitute legal advice. For legal requirements specific to your business, consult a privacy professional.
π οΈ Step 1 β Enable the App Embed
The cookie banner cannot appear on your storefront unless the App Embed is enabled.
How to Enable
Navigate to:
Shopify Admin β Online Store β Themes β Customize β App Embeds
Then:
β‘οΈ Locate Cookie PopUp/Banner
β‘οΈ Enable the App Embed
β‘οΈ Click Save
Expected Result
The cookie banner becomes eligible to display on your storefront.
π οΈ Step 2 β Create and Publish a Cookie Banner
After enabling the App Embed, create your banner configuration.
How to Configure
β‘οΈ Open Hoppy GDPR EU Cookie Banner
β‘οΈ Click Create New Cookie Banner
β‘οΈ Configure the banner content
β‘οΈ Click Save
β‘οΈ Click Publish
Expected Result
The banner becomes active on your storefront.
β οΈ Saving alone does not make the banner live.
π οΈ Step 3 β Choose the Appropriate Banner Type
CCPA does not require the same consent model as GDPR, but visitors should still have a clear way to manage privacy preferences.
How to Configure
Navigate to:
Banner Settings β Behavior β Banner Type
Recommended Options
Accept / Decline
Provides a simple and clear choice between accepting or declining.
Suitable for most CCPA-focused implementations.
Preferences
Provides additional control by allowing visitors to manage:
- Analytics
- Marketing
- Functional
- Data Sales preferences
Expected Result
Visitors can easily understand and manage their privacy choices.
β οΈ Banner types such as Accept Only or Informative generally provide less privacy control.
π οΈ Step 4 β Configure Region Targeting
You can choose whether privacy controls appear only for visitors from states with privacy legislation or for all visitors.
How to Configure
Navigate to:
Banner Settings β Region
Then:
β‘οΈ Select US State Laws
or
β‘οΈ Configure specific regions manually
Covered States
California
Virginia
Colorado
Connecticut
Utah
Expected Result
Privacy controls appear only for the targeted visitors.
Many merchants choose to display privacy controls globally to maintain a consistent visitor experience.
π οΈ Step 5 β Enable Data Sales Opt-Out
One of the most important CCPA requirements is allowing visitors to opt out of the sale or sharing of personal information.
How to Configure
Navigate to:
Banner Settings β Behavior β Data Sales Opt-Out
Enable one or both of the following options:
Show Checkbox at Consent Banner
Show Checkbox at Preference Popup
Expected Result
Visitors can select:
Do Not Sell or Share My Personal Information
When selected, the app automatically updates the corresponding consent settings and notifies supported integrations.
π οΈ Step 6 β Add a Privacy Policy Link
CCPA requires businesses to explain how personal information is collected, used, shared, and managed.
How to Configure
Navigate to:
Banner Settings β Behavior β Privacy Policy Link
Available Options
Auto Generate Privacy Policy
The app automatically creates a location-based privacy policy link.
Use Specific Privacy Policy
Allows you to select an existing policy page from your Shopify store.
Expected Result
Visitors can review your privacy practices directly from the banner.
Your Privacy Policy should clearly explain:
- Information collected
- Purposes of collection
- Third-party sharing practices
- Consumer rights
- Data sales opt-out process
π οΈ Step 7 β Scan and Classify Cookies
Understanding which cookies and trackers exist on your storefront is an important part of privacy compliance.
How to Configure
Navigate to:
Cookie Scanner & Manager
Then:
β‘οΈ Run a scan
β‘οΈ Review discovered cookies
β‘οΈ Verify category assignments
β‘οΈ Update any incorrect classifications
β‘οΈ Add missing cookies manually if necessary
Expected Result
All cookies are categorized appropriately and documented correctly.
Cookies marked as Unclassified should be reviewed manually.
π οΈ Step 8 β Verify Consent Logging
CCPA requires businesses to maintain records of privacy-related choices.
How to Check
Navigate to:
GDPR EU Cookie Banner β Consent Logs
Information Stored
Consent records include:
- Consent selections
- Data Sales preferences
- Timestamp
- Event ID
- Page URL
- Anonymized IP information
Expected Result
Privacy choices are recorded automatically whenever visitors interact with the banner.
π οΈ Step 9 β Enable Data Request Handling
Consumers have the right to request access, modification, and deletion of personal information.
How to Access
Navigate to:
Consent Logs β Data Requests
Supported Request Types
- Access Account Information
- Edit Account Information
- Delete Account Information
Expected Result
Visitors can submit privacy-related requests and merchants can manage them through the app.
π οΈ Step 10 β Enable Global Privacy Control (Recommended)
Global Privacy Control (GPC) is a browser-based privacy signal that communicates a visitor's preference not to have personal information sold or shared.
Many privacy regulations expect businesses to respect this signal.
How to Configure
Navigate to:
Integrations β Global Privacy Control
Then:
β‘οΈ Enable GPC
β‘οΈ Save changes
Expected Result
When a browser sends a GPC signal:
Marketing β Denied
Sale of Data β Denied
These settings are applied automatically before supported integrations initialize.
π οΈ Step 11 β Add Translations (Optional)
If your store serves multilingual audiences, translations can help ensure privacy notices remain understandable.
How to Configure
Navigate to:
GDPR EU Cookie Banner β Translation
Then:
β‘οΈ Add a language
β‘οΈ Translate banner content
β‘οΈ Translate Data Sales Opt-Out labels
β‘οΈ Activate the translation
Important
The language must already exist in:
Shopify Admin β Settings β Languages
Expected Result
Visitors see privacy controls in their preferred language whenever a matching translation is available.
π οΈ Step 12 β Test the Entire Setup
Before considering the setup complete, verify the visitor experience thoroughly.
Recommended Testing Process
β‘οΈ Open the storefront in an Incognito window.
β‘οΈ Simulate a visitor from a covered US state if using region targeting.
β‘οΈ Confirm the banner appears.
β‘οΈ Verify the Data Sales Opt-Out checkbox is visible.
β‘οΈ Save consent preferences.
β‘οΈ Review Consent Logs.
Verify That
β Consent records are created.
β Privacy Policy links function correctly.
β Data Request forms are accessible.
β Data Sales preferences are recorded correctly.
β GPC signals are respected when present.
β οΈ Important Compliance Notes
Provide a Clear Opt-Out
Visitors should be able to easily opt out of the sale or sharing of personal information.
Honor Opt-Out Requests Promptly
Once a visitor opts out, that choice should be respected immediately.
Do Not Discriminate Against Consumers
Privacy choices should not result in unfair treatment of visitors.
Maintain Privacy Records
Review Consent Logs regularly and retain records appropriately.
Respect Global Privacy Control
If GPC is enabled and detected:
Marketing β Denied
Sale of Data β Denied
These settings override previously granted consent.
Review Cookie Usage Regularly
Cookies, integrations, and tracking technologies often change over time.
Periodic scans help ensure your classifications remain accurate.
π Final Result
β Visitors can easily opt out of the sale or sharing of personal information.
β Privacy controls are displayed to the appropriate visitors.
β Data Sales preferences are captured and stored.
β Privacy Policy information is accessible from the banner.
β Cookie classifications remain organized and reviewable.
β Consumer privacy requests can be managed through the app.
β Global Privacy Control signals are respected automatically.
Following these steps helps create a transparent privacy experience while supporting CCPA requirements and similar US state privacy laws. β¨
Updated on: 14/07/2026
Thank you!