Cookie Policy
1. What is a cookie
Cookies are small text files placed on your computer or other electronic device ("Device") that enables you to access our website(s), mobile application(s), or other online media or electronic communications services operated by us ("Services"). Cookies may collect information about your access to and use of that Service by logging your device's activity in relation to that Service.
2. Why do we use cookies?
We may use cookies and similar technologies for different purposes, including: i) for security and fraud protection and to detect and prevent cyber-attacks; ii) to provide selected services; iii) to monitor and analyze the performance, operation and effectiveness of our services; and iv) to enhance the user experience.
3. What types of cookies do we use?
When you access our Services, the following types of cookies may be placed on your device. They can be categorized according to their origin, technical characteristics, and purpose. These categories are not mutually exclusive, and a cookie may therefore belong to more than one of the following categories.
Cookies from internal/external sources
Cookies from internal sources (first-party cookies)
First-party cookies are cookies we place directly on your device that can only be read by our Services. These can be session or persistent cookies (see below). For example, we use first-party cookies to speed up the login process, improve your experience using our Services, for internal analytics and user measurement, and to tailor our Services or offerings to your interests.
Cookies from external sources (third-party cookies)
Third-party cookies are cookies placed on your device by third parties that we use for services embedded in our Services. They are used, for example, to analyze user traffic and improve the relevance of our Services' content.
Session/persistent cookies
Session cookies
Session cookies are cookies that are stored on your device during a browsing session and expire when you close your browser. We and our partners use session cookies for a variety of reasons, including to manage and measure your access to and use of our Services during a single browsing session and to help you use our Services more efficiently. For example, session cookies are used to remember that your device is logged into our Services.
Persistent cookies
Persistent cookies are cookies that are placed on your device during a browser session and remain stored on your device for a specific period of time. For example, persistent cookies allow our Services to recognize your device when it is used to access our Services with a new browser session and help you quickly log back in to our Services. We and our partners may also use persistent cookies for analytical purposes.
Technical/advertising/targeting/analytics cookies and social network cookies
The cookies used by our services may have the following purposes:
Technical cookies
Technical cookies are used to identify your device, recognize you as a returning user, and remember preferences you set when you previously accessed the Services. Technical cookies can therefore allow us to deliver content tailored to your interests and save you the time you spend re-entering information when using our Services.
Our personalized recommendations, which result from the use of these technical cookies, are an integral part of our advisory service. They are essential for the sale of our products and services and enable us to provide you with the best possible advice.
Advertising cookies
Advertising cookies are used to help us tailor the content and advertisements you may see when you access the Services or that may appear on third-party services to promote our Services.
Cookies from social networks
Social network cookies are used to check if you are logged in to these third-party social networks (Facebook, Spotify, Instagram...).
Targeting cookies
Targeting cookies are used to target the user device retroactively or in real time (e-mailing, database enrichment).
Analysis cookies
Analytics cookies are used to monitor statistics about the traffic of our Services (either in relation to the usage of the Services or to improve the functionality offered by the Services) and to help us measure and review the effectiveness of our interactive online content, features, advertising and other communications.
List of cookies we use in our services
The following tables categorize and describe the different cookies used on our services. This list may not be exhaustive.
|
name |
Description |
Length of time |
|
_away |
Determines when the admin bar is displayed in the storefront. |
1 year |
|
_abv |
Keeps the admin bar minimized. |
1 year |
|
_checkout_queue_token |
Used when there is a queue during the checkout process. |
1 year |
|
_cmp_a |
Used to manage customer privacy settings. |
1 day |
|
_identity_session |
Contains the ID of the user's identity session. |
2 years |
|
_master_udr |
The permanent ID of the device. |
meeting |
|
_pay_session |
The Rails session cookie for Shopify Pay |
meeting |
|
_secure_account_session_id |
Used to track a customer session for new customer accounts. |
30 days |
|
_session_id |
Used to create reports and analyses. |
2 years |
|
_shopify_essential |
Contains important information for the correct functioning of a shop, such as session and checkout information as well as data to protect against manipulation. |
1 year |
|
_storefront_u |
Used to support updating customer account information |
1 minute |
|
_tracking_consent |
Used to store a user's preferences when a merchant has set up privacy rules in the visitor's region. |
1 year |
|
auth_state_<> |
Stores the authentication status before customers are redirected to a third party for authentication. |
25 minutes |
|
card_update_verification_id |
Supports verification when a shopper is redirected to Shopify during checkout after completing 3D Secure. |
20 minutes |
|
cart |
Contains information about the user's shopping cart. |
2 weeks |
|
cart_currency |
Used after checkout is complete to initialize a new, empty shopping cart with the same currency as the just completed shopping cart. |
2 weeks |
|
cart_sig |
A hash value of the contents of a shopping cart. It is used to verify the integrity of the shopping cart and ensure the performance of certain shopping cart operations. |
2 weeks |
|
cart_ts |
Used in conjunction with checkout. |
2 weeks |
|
check out |
Used in conjunction with checkout. |
21 days |
|
checkout_prefill |
Encrypts and stores URL parameters with personal data used in the shopping cart permalink URLs. |
5 minutes |
|
checkout_session_lookup |
Used in conjunction with checkout. |
3 weeks |
|
checkout_session_token_<> |
Used when a checkout session is established on the server. |
3 weeks |
|
checkout_token |
Captures the landing page of visitors who come from other websites. |
meeting |
|
customer_account_locale |
Used to track the locale of a customer account when redirecting from checkout or storefront to customer accounts. |
1 year |
|
customer_payment_method |
Stores the payment method that is updated for subscriptions. |
1 hour |
|
customer_shop_pay_agreement |
Used to verify a new payment method for Shop Pay. |
20 minutes |
|
device_fp_id |
Contains the device fingerprint ID, which is used as a fraud protection measure. |
meeting |
|
device_id |
Contains the session device ID, which is used as a fraud protection measure. |
meeting |
|
discount_code |
Stores a discount code (received from an online store visit with a URL parameter) that will be applied at the next checkout. |
meeting |
|
dynamic_checkout_shown_on_cart |
Customizes the checkout experience for shoppers who use regular checkout rather than dynamic checkout. |
30 minutes |
|
hide_shopify_pay_for_checkout |
Set when a shopper abandons the Shop Pay login modal during checkout. Displays an informational message to the shopper. |
meeting |
|
identity-state |
Saves the status before customers are redirected to identity authentication. |
1 day |
|
identity-state-<> |
Saves the status before customers are redirected to identity authentication. |
1 day |
|
identity_customer_account_number |
Stores an ID that facilitates login across the customer account and storefront domains. |
12 weeks |
|
keep_alive |
Used when international domain forwarding is enabled to determine whether a request is the first in a session. |
meeting |
|
locale_bar_accepted |
Persists if the modal has been accepted by the app for geolocation. |
meeting |
|
locale_bar_dismissed |
Remains if the modal has been dismissed by the app for geolocation. |
1 day |
|
localization |
Used to localize the shopping cart according to the correct country. |
2 weeks |
|
logged_in |
Reference to the logged in identity. |
12 weeks |
|
login_with_shop_finalize |
Used to facilitate login to the shop. |
5 minutes |
|
master_device_id |
The permanent ID of the device. |
1 year |
|
order |
Used to provide access to the buyer's order details page data. |
3 weeks |
|
pay_update_intent_id |
Stores the ID of an update intent for a Shop Pay billing agreement, required for a callback after verifying a new Shop Pay payment method. |
20 minutes |
|
preview_theme |
Indicates whether the theme is being previewed. |
meeting |
|
previous_checkout_token |
Used to pre-fill the checkout with the information from the previous checkout. |
1 year |
|
previous_step |
Used in conjunction with checkout. |
1 year |
|
profile_preview_token |
Used to display a preview of checkout customizations. |
5 minutes |
|
receive-cookie-deprecation |
A cookie used by Google to identify certain Chrome browsers affected by the deprecation of third-party cookies. More information about this cookie can be found here . |
meeting |
|
remember_me |
Used to pre-fill the checkout with the information from the previous checkout. |
1 year |
|
secure_customer_sig |
Used to identify a user after they have logged in as a customer in a store so that they do not have to log in again. |
1 year |
|
shop_pay_accelerated |
Indicates whether a shopper is eligible for Shop Pay expedited checkout. |
1 year |
|
shopify-editor-unconfirmed-settings |
Saves changes a merchant makes in the editor to update the preview. |
16 hours |
|
shopify_pay |
Used to enroll a shopper in Shop Pay when they return to checkout in the same store. |
1 year |
|
shopify_pay_redirect |
Used to speed up the checkout process when the buyer has a Shop Pay account. |
1 year |
|
storefront_digest |
Stores a summary of the storefront password so merchants can preview their storefront while it is password protected. |
1 year |
|
tracked_start_checkout |
Used in conjunction with checkout. |
1 year |
|
user |
Used in conjunction with the shop login. |
1 year |
|
user_cross_site |
Used in conjunction with the shop login. |
1 year |
|
wpm-domain-test |
Used to test Shopify's Web Pixel Manager with the domain to ensure everything is working correctly. |
meeting |
Reporting and statistics
|
name |
Description |
Length of time |
|
_landing_page |
Captures the landing page of visitors who come from other websites. |
2 weeks |
|
_orig_referrer |
Allows retailers to identify where visitors are coming from. |
2 weeks |
|
_shopify_ga |
Contains Google Analytics parameters that enable cross-domain analytics measurement. |
meeting |
|
_shopify_s |
Used to identify a specific combination of browser session and store. Automatically deleted 30 minutes after the last use. |
30 minutes |
|
_shopify_sa_p |
Records the landing page of visitors coming from other websites to support marketing analytics. |
30 minutes |
|
_shopify_sa_t |
Records the landing page of visitors coming from other websites to support marketing analytics. |
30 minutes |
|
_shopify_y |
Shopify analytics. |
1 year |
|
checkout_one_experiment |
Used when a checkout is eligible for Checkout One and has been assigned to an experiment (control group or test group). |
meeting |
|
shop_analytics |
Contains the information about buyers required for analytics in Shop. |
1 year |
|
unique_interaction_id |
Used to calculate checkout metrics. |
10 minutes |
In addition, we use pixels and tags from the following third parties, who may set cookies:
Security
|
Third-party providers |
Description |
Data protection |
|
Intuition Machines, Inc. |
Protection against bots and spam through user verification |
https://www.hcaptcha.com/privacy |
Reporting and statistics
|
Third-party providers |
Description |
Data protection |
|
Google Analytics |
We use Google Analytics to understand how users interact with our websites. |
|
|
Google Tag Manager |
We use Google Tag Manager to manage analytics providers. |
|
|
Judge.me LLC |
Display and management of product reviews, anonymized user behavior, simple evaluation of review processes |
Advertising
|
Third-party providers |
Description |
Data protection |
|
Facebook Pixel |
We use Facebook Pixel to determine how users interact with our websites. |
|
|
Facebook Custom Audiences |
We use Facebook Custom Audiences to deliver targeted advertising to visitors to our websites. |
|
|
|
We use Google Ads to deliver targeted advertising to visitors to our websites. |
|
|
|
We use Instagram to deliver targeted advertising to visitors to our websites. |
|
|
TikTok |
We use TikTok to understand how users interact with our websites. |
|
|
YouTube |
We use YouTube to deliver targeted advertising to visitors to our websites. |
Your rights
Depending on the type of cookie we place on your device (see table above), we may need your consent to place such cookies on your device from time to time.
You can give us your consent to place these cookies subject to your consent or express your refusal in the cookie information banner that appears when you first connect to our Services.
Note: Technical cookies cannot be refused as they are necessary to operate and deliver our services. Analytical cookies, which only enable audience measurement, are placed upon arrival at our services, but can be refused by setting them as described above.
Your cookie options
Cookies are managed in different ways.
1. The cookie manager of our services
The manager accessible via the cookie information banner.
2. Other means
There are several ways to manage cookies. Most internet browsers are set to accept cookies automatically. You can change your browser settings to block cookies systematically or based on their origin, or to alert you when cookies are being sent to your device. For more information, see the "How can I accept or reject cookies in my browser?" section.
Cookie rejection
If you refuse to accept cookies on your device or delete cookies that have already been saved, you will no longer be able to use certain features of our Services. This includes, for example, content or services that can only be accessed by logging in. Furthermore, we and our service providers cannot determine the type of browser your device uses, which is necessary for technical compatibility, or the language and display settings used. We cannot be held liable for the consequences of our Services functioning less efficiently if we are unable to save or read cookies necessary for their operation if you have refused or deleted them.
How can I accept or reject cookies in my browser?
Managing cookies and cookie settings varies slightly from browser to browser. You can review the steps for managing cookies in your browser's Help menu.
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Google Chrome
- Cookie settings in Safari (OS X)
- Cookie settings in Safari (iOS)
- Cookie settings in Android
To opt out of and prevent Google Analytics from using your data on all websites, follow these instructions: https://tools.google.com/dlpage/gaoptout .
Legal Notice
We reserve the right to make changes and updates to this policy. Please visit this page from time to time to review this and any new additional information.
Our privacy policy can provide you with further information about how we use your personal data, although not all information collected through the use of cookies will identify you.
Last updated: May 2025