Articles on: Cookie Consent

πŸ‡ΊπŸ‡Έ How to Ensure CCPA Compliance with Hoppy Cookie Consent

The California Consumer Privacy Act (CCPA) and similar US state privacy laws give consumers the right to understand how their personal information is used, request access to their data, request deletion, and opt out of the sale or sharing of personal information.


For Shopify stores, this means providing clear privacy notices, honoring consumer choices, and maintaining records of consent and opt-out requests.


Hoppy GDPR EU Cookie Banner includes several features designed to support these requirements, including:


  • Data Sales Opt-Out controls
  • Consent logging
  • Region targeting
  • Cookie scanning and classification
  • Data request handling
  • Global Privacy Control (GPC) support


This guide walks through the recommended setup process for creating a CCPA-focused privacy experience on your storefront.



βœ… Before You Begin


Before configuring your banner:


  • Install the Hoppy GDPR EU Cookie Banner app.
  • Ensure you have access to Shopify Admin and Theme Editor.
  • Create and publish a Privacy Policy page.
  • Understand which cookies and tracking tools your store uses.


⚠️ This guide is intended to help configure the app and does not constitute legal advice. For legal requirements specific to your business, consult a privacy professional.



πŸ› οΈ Step 1 β€” Enable the App Embed


The cookie banner cannot appear on your storefront unless the App Embed is enabled.


How to Enable


Navigate to:


Shopify Admin β†’ Online Store β†’ Themes β†’ Customize β†’ App Embeds


Then:


➑️ Locate Cookie PopUp/Banner


➑️ Enable the App Embed


➑️ Click Save


Expected Result


The cookie banner becomes eligible to display on your storefront.



πŸ› οΈ Step 2 β€” Create and Publish a Cookie Banner


After enabling the App Embed, create your banner configuration.


How to Configure


➑️ Open Hoppy GDPR EU Cookie Banner


➑️ Click Create New Cookie Banner


➑️ Configure the banner content


➑️ Click Save


➑️ Click Publish


Expected Result


The banner becomes active on your storefront.


⚠️ Saving alone does not make the banner live.



πŸ› οΈ Step 3 β€” Choose the Appropriate Banner Type


CCPA does not require the same consent model as GDPR, but visitors should still have a clear way to manage privacy preferences.


How to Configure


Navigate to:


Banner Settings β†’ Behavior β†’ Banner Type



Accept / Decline


Provides a simple and clear choice between accepting or declining.


Suitable for most CCPA-focused implementations.


Preferences


Provides additional control by allowing visitors to manage:


  • Analytics
  • Marketing
  • Functional
  • Data Sales preferences


Expected Result


Visitors can easily understand and manage their privacy choices.


⚠️ Banner types such as Accept Only or Informative generally provide less privacy control.



πŸ› οΈ Step 4 β€” Configure Region Targeting


You can choose whether privacy controls appear only for visitors from states with privacy legislation or for all visitors.


How to Configure


Navigate to:


Banner Settings β†’ Region


Then:


➑️ Select US State Laws


or


➑️ Configure specific regions manually


Covered States


California


Virginia


Colorado


Connecticut


Utah


Expected Result


Privacy controls appear only for the targeted visitors.


Many merchants choose to display privacy controls globally to maintain a consistent visitor experience.



πŸ› οΈ Step 5 β€” Enable Data Sales Opt-Out


One of the most important CCPA requirements is allowing visitors to opt out of the sale or sharing of personal information.


How to Configure


Navigate to:


Banner Settings β†’ Behavior β†’ Data Sales Opt-Out


Enable one or both of the following options:


Show Checkbox at Consent Banner


Show Checkbox at Preference Popup


Expected Result


Visitors can select:


Do Not Sell or Share My Personal Information


When selected, the app automatically updates the corresponding consent settings and notifies supported integrations.



πŸ› οΈ Step 6 β€” Add a Privacy Policy Link


CCPA requires businesses to explain how personal information is collected, used, shared, and managed.


How to Configure


Navigate to:


Banner Settings β†’ Behavior β†’ Privacy Policy Link


Available Options


Auto Generate Privacy Policy


The app automatically creates a location-based privacy policy link.


Use Specific Privacy Policy


Allows you to select an existing policy page from your Shopify store.


Expected Result


Visitors can review your privacy practices directly from the banner.


Your Privacy Policy should clearly explain:


  • Information collected
  • Purposes of collection
  • Third-party sharing practices
  • Consumer rights
  • Data sales opt-out process



πŸ› οΈ Step 7 β€” Scan and Classify Cookies


Understanding which cookies and trackers exist on your storefront is an important part of privacy compliance.


How to Configure


Navigate to:


Cookie Scanner & Manager


Then:


➑️ Run a scan


➑️ Review discovered cookies


➑️ Verify category assignments


➑️ Update any incorrect classifications


➑️ Add missing cookies manually if necessary


Expected Result


All cookies are categorized appropriately and documented correctly.


Cookies marked as Unclassified should be reviewed manually.



πŸ› οΈ Step 8 β€” Verify Consent Logging


CCPA requires businesses to maintain records of privacy-related choices.


How to Check


Navigate to:


GDPR EU Cookie Banner β†’ Consent Logs


Information Stored


Consent records include:


  • Consent selections
  • Data Sales preferences
  • Timestamp
  • Event ID
  • Page URL
  • Anonymized IP information


Expected Result


Privacy choices are recorded automatically whenever visitors interact with the banner.



πŸ› οΈ Step 9 β€” Enable Data Request Handling


Consumers have the right to request access, modification, and deletion of personal information.


How to Access


Navigate to:


Consent Logs β†’ Data Requests


Supported Request Types


  • Access Account Information
  • Edit Account Information
  • Delete Account Information


Expected Result


Visitors can submit privacy-related requests and merchants can manage them through the app.



πŸ› οΈ Step 10 β€” Enable Global Privacy Control (Recommended)


Global Privacy Control (GPC) is a browser-based privacy signal that communicates a visitor's preference not to have personal information sold or shared.


Many privacy regulations expect businesses to respect this signal.


How to Configure


Navigate to:


Integrations β†’ Global Privacy Control


Then:


➑️ Enable GPC


➑️ Save changes


Expected Result


When a browser sends a GPC signal:


Marketing β†’ Denied


Sale of Data β†’ Denied


These settings are applied automatically before supported integrations initialize.



πŸ› οΈ Step 11 β€” Add Translations (Optional)


If your store serves multilingual audiences, translations can help ensure privacy notices remain understandable.


How to Configure


Navigate to:


GDPR EU Cookie Banner β†’ Translation


Then:


➑️ Add a language


➑️ Translate banner content


➑️ Translate Data Sales Opt-Out labels


➑️ Activate the translation


Important


The language must already exist in:


Shopify Admin β†’ Settings β†’ Languages


Expected Result


Visitors see privacy controls in their preferred language whenever a matching translation is available.



πŸ› οΈ Step 12 β€” Test the Entire Setup


Before considering the setup complete, verify the visitor experience thoroughly.



➑️ Open the storefront in an Incognito window.


➑️ Simulate a visitor from a covered US state if using region targeting.


➑️ Confirm the banner appears.


➑️ Verify the Data Sales Opt-Out checkbox is visible.


➑️ Save consent preferences.


➑️ Review Consent Logs.


Verify That


βœ… Consent records are created.


βœ… Privacy Policy links function correctly.


βœ… Data Request forms are accessible.


βœ… Data Sales preferences are recorded correctly.


βœ… GPC signals are respected when present.



⚠️ Important Compliance Notes


Provide a Clear Opt-Out


Visitors should be able to easily opt out of the sale or sharing of personal information.



Honor Opt-Out Requests Promptly


Once a visitor opts out, that choice should be respected immediately.



Do Not Discriminate Against Consumers


Privacy choices should not result in unfair treatment of visitors.



Maintain Privacy Records


Review Consent Logs regularly and retain records appropriately.



Respect Global Privacy Control


If GPC is enabled and detected:


Marketing β†’ Denied


Sale of Data β†’ Denied


These settings override previously granted consent.




Cookies, integrations, and tracking technologies often change over time.


Periodic scans help ensure your classifications remain accurate.



πŸŽ‰ Final Result


βœ… Visitors can easily opt out of the sale or sharing of personal information.


βœ… Privacy controls are displayed to the appropriate visitors.


βœ… Data Sales preferences are captured and stored.


βœ… Privacy Policy information is accessible from the banner.


βœ… Cookie classifications remain organized and reviewable.


βœ… Consumer privacy requests can be managed through the app.


βœ… Global Privacy Control signals are respected automatically.


Following these steps helps create a transparent privacy experience while supporting CCPA requirements and similar US state privacy laws. ✨

Updated on: 14/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!