Appearance
Privacy, cookies & tracking boundaries
Uisce keeps its own footprint light — it doesn't bundle third-party trackers — and it gives shoppers a privacy policy link and an account-area Privacy & data link. But consent capture, the cookie banner, and the data-processing settings that actually govern privacy live in Shopify, not the theme. And the moment you add an analytics app, a pixel, or a marketing tag, tracking is happening that the theme neither controls nor can switch off.
Not legal advice. This page explains the theme's boundary for privacy, cookies, and tracking. It does not assess your GDPR/PECR position.
Who does what
| Owns | In practice | |
|---|---|---|
| The theme (Uisce) | Display | Footer privacy-policy link, account Privacy & data link, factual consent text you write |
| Shopify admin | Consent & data | Settings → Customer privacy — cookie-consent banner, Customer Privacy API, data-processing settings |
| Apps & pixels | Tracking | Analytics, ad pixels, and marketing tags you install add their own tracking |
| You + your advisers | Obligations | Privacy-policy correctness, lawful basis, consent configuration, data-subject rights |
Cookies & consent — the boundary
The cookie-consent experience for EU/UK visitors is configured in Settings → Customer privacy, where Shopify's Customer Privacy API gates tracking based on a shopper's choice. The theme does not implement the banner or decide what's blocked — it surfaces your privacy-policy link and respects the platform's consent state. Configure the banner there; don't rely on the theme to "handle cookies."
Planned
A shopper-facing privacy preferences control in the footer (a quick link to re-open consent choices) is planned for a future release. Until it ships, Shopify's consent banner and the Privacy & data account link are your privacy entry points.
Tracking — the boundary
Out of the box, Uisce doesn't load third-party tracking scripts. But any analytics app, Shopify pixel, ad tag, or embedded widget you add does track — through Shopify's customer-events and app layers, not the theme. So:
- A "we don't track you" claim is false the moment any pixel or analytics is active. Describe what's actually running.
- Honour consent by configuring tags through Shopify's customer-events/consent framework, so they respect the banner's state.
Safe vs. unsafe wording
From storefront wording guardrails:
- ✅ "Manage your privacy preferences" (links to Shopify's consent tools) · "Cookie and consent settings are managed in Shopify admin" · "See our privacy policy for how data is handled."
- ❌ "GDPR compliant" · "Fully private, no tracking" (when scripts run) · "We never collect any data" (when you do) · "Privacy guaranteed by the theme."
Where to go next
- EU & UK readiness checklist — the Customer Privacy settings step
- Footer — where the privacy-policy link renders
- Storefront wording guardrails
What this page is — and is not
This explains the boundary between the theme, Shopify's privacy tools, your apps, and your obligations. It is not legal advice and does not assess your GDPR, PECR, or other privacy position. The theme provides display surfaces only; consent capture, cookie banners, and data-processing settings are configured in Shopify admin, tracking is added by the apps you install, and the correctness of your privacy policy and lawful basis remains yours. Confirm your position with a professional.