Cookie Consent & Compliance.
Configure the GDPR cookie consent banner and privacy compliance settings.
Privacy compliance is essential. Reward Loyalty includes a built-in cookie consent banner to help you meet GDPR and other privacy regulations.
Accessing Compliance Settings
- Navigate to Settings in the admin sidebar
- Click the Compliance tab
You can also configure these settings via environment variables in your .env file.
Enable Cookie Consent Banner
Controls whether visitors see a cookie consent banner before any tracking cookies are set.
Default: Disabled (false)
Via Admin Dashboard
- Navigate to Settings > Compliance tab
- Toggle Enable Cookie Consent Banner on or off
- Click Save Changes
GDPR & Privacy Compliance
When enabled, visitors will see a cookie consent banner before any tracking cookies are set. This helps ensure compliance with GDPR and similar privacy regulations.
Via Environment File
# Show cookie consent banner
APP_COOKIE_CONSENT=true
# Hide cookie consent banner (default)
APP_COOKIE_CONSENT=false
How It Works
When enabled, visitors see a banner asking them to accept or decline cookies.
When a user makes a choice, their preference is saved in a cookie_consent cookie:
- Accept: The system allows tracking scripts to run
- Decline: Tracking scripts are blocked
The user's preference persists across sessions until they clear their cookies.
Developer Integration
Checking Consent in PHP
If you're developing custom features, you can check for consent in your PHP code:
use App\Http\Controllers\Cookie\CookieController;
if (CookieController::userConsentsToCookies()) {
// Safe to run tracking code or store non-essential cookies
}
Checking Consent in Blade Templates
Conditionally load scripts (like Google Analytics) based on consent:
@if (\App\Http\Controllers\Cookie\CookieController::userConsentsToCookies())
<!-- Load Analytics Script -->
<script>...</script>
@else
<!-- Load Anonymized Script or Nothing -->
@endif
Default Behavior
If APP_COOKIE_CONSENT is set to false (disabled), the system assumes consent is granted by default, and userConsentsToCookies() returns true.
Privacy Policy
The consent banner links to your Privacy Policy. Ensure this policy accurately reflects your data usage.
To edit the Privacy Policy:
- Navigate to
lang/<locale>/md/ - Open
privacy.md - Update the content to match your legal requirements
Available languages:
lang/en_US/md/privacy.md— Englishlang/de_DE/md/privacy.md— Germanlang/es_ES/md/privacy.md— Spanishlang/fr_FR/md/privacy.md— Frenchlang/id_ID/md/privacy.md— Indonesianlang/it_IT/md/privacy.md— Italianlang/ja_JP/md/privacy.md— Japaneselang/nl_NL/md/privacy.md— Dutchlang/pt_BR/md/privacy.md— Portugueselang/pl_PL/md/privacy.md— Polishlang/tr_TR/md/privacy.md— Turkishlang/ar_SA/md/privacy.md— Arabic
Testing the Banner
After enabling cookie consent:
- Open your application in a private/incognito browser window
- Verify the banner appears on page load
- Test both Accept and Decline options
- Confirm the banner doesn't reappear after making a choice
Tip: Use your browser's developer tools to delete the
cookie_consentcookie if you want to test the banner again.
Privacy Regulations & Compliance
Cookie consent helps you comply with privacy regulations worldwide. While requirements vary by jurisdiction, the general principle is similar: obtain user consent before setting non-essential cookies.
Major Privacy Frameworks
| Region | Regulation | Cookie Consent Required? |
|---|---|---|
| 🇪🇺 EU | GDPR | ✅ Yes — Prior consent for non-essential cookies |
| 🇺🇸 California | CCPA/CPRA | ⚠️ Opt-out required (not prior consent) |
| 🇬🇧 UK | UK GDPR / PECR | ✅ Yes — Prior consent required |
| 🇧🇷 Brazil | LGPD | ✅ Yes — Consent for personal data collection |
| 🇨🇦 Canada | PIPEDA | ✅ Yes — Implied or express consent |
| 🇦🇺 Australia | Privacy Act | ⚠️ Recommended best practice |
| 🇸🇬 Singapore | PDPA | ⚠️ Consent required for personal data |
| 🇯🇵 Japan | APPI | ✅ Yes — Consent for cookies that track users |
| 🇨🇳 China | PIPL | ✅ Yes — Separate consent for each purpose |
Tip: When in doubt, enable cookie consent. It's better to ask for consent and not need it than to violate privacy regulations.
Beyond Cookie Consent
Enabling the cookie consent banner is an important step, but privacy compliance requires more:
You should also:
- ✅ Maintain an up-to-date Privacy Policy
- ✅ Provide a way for users to request their data (data portability)
- ✅ Allow users to delete their accounts (right to erasure)
- ✅ Document what data you collect and why
- ✅ Implement proper data retention policies
- ✅ Keep activity logs for audit purposes (see Activity Logs)
Note: The platform provides technical tools for compliance, but you're responsible for ensuring your overall practices meet legal requirements. Consult with a legal professional if you're unsure about your obligations.
External Integrations and Member Data
When you enable integrations, member data crosses system boundaries. Your Privacy Policy should name each integration you use and what it shares:
| Integration | Data shared outward | Data received | Why |
|---|---|---|---|
| Shopify | Discount creation requests | Order details with billing name and email | Match customers to members, award points, create reward discounts |
| WooCommerce | Coupon creation requests, including the member's email address as a usage restriction | Order details with billing name and email | Match customers to members, award points, create discount coupons |
| Google Wallet | Card design, member name, balance and pass state | Save and removal events | Generate and update wallet passes |
| Stripe | Partner billing details (handled by Stripe Checkout) | Subscription status | Partner subscription billing |
Two points deserve special attention with the store integrations:
- Members can be created from store orders. A customer who orders in a connected Shopify or WooCommerce store gets a loyalty account from their billing email and receives loyalty emails about their own activity: a welcome message, points received, and coupon codes. Every email carries an opt-out, and members can disable emails in their account. Whether this fits the consent rules in your jurisdiction is your responsibility as the operator; mention it in your store's privacy policy and checkout terms where required.
- Credentials stay on your installation. Store API keys are stored encrypted and are deleted when a partner disconnects. Webhook logs store order metadata and hashed email addresses, never the address itself.
See WooCommerce and Google Wallet for each integration's data table.
Troubleshooting
Banner Not Appearing
Possible causes:
- Setting wasn't saved
- Browser cached the old page
- User already made a choice (cookie exists)
Solutions:
- Verify the setting is enabled and saved
- Hard refresh:
Ctrl+Shift+R(Windows/Linux) orCmd+Shift+R(Mac) - Delete the
cookie_consentcookie in browser developer tools - Try in a private/incognito window
Banner Appears Every Time
Cause: The cookie_consent cookie isn't being saved.
Solutions:
- Check your browser allows cookies
- Verify your
SESSION_DOMAINin.envmatches your actual domain - Ensure you're not running on
localhostwith a domain mismatch
Important Notes
- Settings configured in the Admin Dashboard override environment file values
- Changes take effect immediately for new visitors
- Existing visitors retain their previous consent choice
- The banner is not shown if consent cookie already exists
Related Topics
- System Settings — Overview of all admin configuration
- Branding — Customize your platform appearance
- Languages & Translations — Edit Privacy Policy content