GDPR Compliance in self-hosted Custom Storefront with separate Checkout on *.myshopify.com

jacobmellin · ‎04-15-2025

Hi,

I have some trouble finding the right solution for building a Shopify Custom Storefront in a GDPR compliant way and was wondering if you could help me.

We have a Wordpress Blog that is coupled with a Shop. To seamlessly integrate the Shop into the Wordpress website, we built a Custom Storefront using the GraphQL Storefront API on the frontend. All the storefront shop data is loaded in from the Storefront API except for the checkout: When the user clicks on "to cart", we obtain a Checkout URL from the Storefront Cart API and redirect the user to the separate Shopify Checkout (not hosted by us, but on [shop id].myshopify.com).

Now as I understand it, there is a lot of tracking and data processing happening on the separate Storefront Checkout, therefore in my understanding, a separate Cookie Consent Banner as well as Privacy Policy would be required on the checkout.

Is this correct? And if you know, is there perhaps a better solution for my use case, that still keeps Wordpress Blog and Shop well integrated?

This issue is giving me quite a headache. Thanks so much in advance for taking the time to help me.

Best

Jacob

jacobmellin · ‎04-15-2025

By the way, I couldn't post in the Forum: "Hydrogen, Headless, and Storefront APIs" since it said it was read only, so if a mod could move my post there or in the appropriate forum, this would be awesome, thanks!

GDPR Compliance in self-hosted Custom Storefront with separate Checkout on *.myshopify.com

GDPR Compliance in self-hosted Custom Storefront with separate Checkout on *.myshopify.com

Community Blog Articles