Skip to content

Privacy, cookies & tracking boundaries

Uisce keeps its own footprint light — it doesn't bundle third-party trackers — and it gives shoppers a privacy policy link and an account-area Privacy & data link. But consent capture, the cookie banner, and the data-processing settings that actually govern privacy live in Shopify, not the theme. And the moment you add an analytics app, a pixel, or a marketing tag, tracking is happening that the theme neither controls nor can switch off.

Not legal advice. This page explains the theme's boundary for privacy, cookies, and tracking. It does not assess your GDPR/PECR position.

Who does what

OwnsIn practice
The theme (Uisce)DisplayFooter privacy-policy link, account Privacy & data link, factual consent text you write
Shopify adminConsent & dataSettings → Customer privacy — cookie-consent banner, Customer Privacy API, data-processing settings
Apps & pixelsTrackingAnalytics, ad pixels, and marketing tags you install add their own tracking
You + your advisersObligationsPrivacy-policy correctness, lawful basis, consent configuration, data-subject rights

The cookie-consent experience for EU/UK visitors is configured in Settings → Customer privacy, where Shopify's Customer Privacy API gates tracking based on a shopper's choice. The theme does not implement the banner or decide what's blocked — it surfaces your privacy-policy link and respects the platform's consent state. Configure the banner there; don't rely on the theme to "handle cookies."

Planned

A shopper-facing privacy preferences control in the footer (a quick link to re-open consent choices) is planned for a future release. Until it ships, Shopify's consent banner and the Privacy & data account link are your privacy entry points.

Tracking — the boundary

Out of the box, Uisce doesn't load third-party tracking scripts. But any analytics app, Shopify pixel, ad tag, or embedded widget you add does track — through Shopify's customer-events and app layers, not the theme. So:

  • A "we don't track you" claim is false the moment any pixel or analytics is active. Describe what's actually running.
  • Honour consent by configuring tags through Shopify's customer-events/consent framework, so they respect the banner's state.

Safe vs. unsafe wording

From storefront wording guardrails:

  • ✅ "Manage your privacy preferences" (links to Shopify's consent tools) · "Cookie and consent settings are managed in Shopify admin" · "See our privacy policy for how data is handled."
  • ❌ "GDPR compliant" · "Fully private, no tracking" (when scripts run) · "We never collect any data" (when you do) · "Privacy guaranteed by the theme."

Where to go next

What this page is — and is not

This explains the boundary between the theme, Shopify's privacy tools, your apps, and your obligations. It is not legal advice and does not assess your GDPR, PECR, or other privacy position. The theme provides display surfaces only; consent capture, cookie banners, and data-processing settings are configured in Shopify admin, tracking is added by the apps you install, and the correctness of your privacy policy and lawful basis remains yours. Confirm your position with a professional.

Built for the Shopify Theme Store.