İçeriğe atla
Start free

KVKK and Consent Mode v2 for e-commerce, in a single line.

Ready-made setup for Shopify, WooCommerce, Magento and custom platforms. Consent management that reflects GA4, Meta Pixel and Google Ads signals correctly; cart tracking, retargeting and the checkout flow run without interruption.

Start free E-commerce demo not an overlay · real consent log · 5 min setup

Regulations and standards covered on your e-commerce site

The badges above are supported standards. Customer-related examples are clearly marked as example on the page.

Why a dedicated solution is needed

E-commerce goes far beyond a standard blog.

An e-commerce site runs an average of 12 third-party scripts. Each has a different consent category, a different blocking rule and a different GCM v2 signal mapping.

Ad ROI and Consent Mode v2

Without consent, Google Ads and Meta Pixel fly blind.

After the GCM v2 requirement, as long as the ad_storage, ad_user_data and ad_personalization signals stay "denied", Google modeling does not kick in; conversion tracking has gaps and ad spend cannot pay back. cerez.io automatically handles the logic that turns user choices into signals in real time.

  • 5 GCM v2 signals are managed automatically (ad_storage, analytics_storage, ad_user_data, ad_personalization, functionality_storage)
  • Meta Pixel, Google Ads and TikTok are blocked until consent or rejection
  • After consent is given, scripts fire automatically with no reload needed
See the GCM v2 signal flow
EAA and Accessibility

From June 2025, EAA compliance is mandatory for e-commerce.

The European Accessibility Act (EAA 2019/882) now covers all digital products. On an e-commerce site, product gallery photos, filters, search, the cart and the payment steps must be usable with a keyboard and screen reader. cerez.io's Shadow DOM widget supports visitors with 40+ features; the real WCAG 2.2 scanner shows which page has a violation.

  • Product gallery alt text, cart keyboard usage and payment form accessibility are checked
  • The EAA statement generator documents your obligation (Word + PDF)
  • 0-100 WCAG compliance score + prioritized violation list + remediation guide
Why overlays do not work
0
Ready-made integration for the e-commerce platform or universal SDK
0
GCM v2 signals are managed automatically, no manual code needed
0 dk
Average setup time with the single-line embed code
0
Accessibility feature on product + payment pages under the EAA
Google Consent Mode v2

Without consent, advertising scripts do not run.

Every script marked with the data-cb-category attribute is not loaded in the browser until the user approves that category. GCM signals are sent to Google at the moment of consent; no manual GTM setup is required.

These scripts do not run without consent

Once consent is given cerez.io The SDK activates them automatically

Ad ROI returns with GCM v2
GCM v2 signal tablee-commerce scenario
GA analytics_storageGA4 page view, e-commerce events; user gave analytics consent granted
ADS ad_storageGoogle Ads, remarketing cookies; advertising consent given granted
ADS ad_user_dataUser data for Enhanced Conversions; advertising consent given granted
PER ad_personalizationDynamic remarketing, personalized ads granted
FUN functionality_storageCart, wishlist, session; necessary, no consent required Always

The table above cerez.io shows the default behavior; the signal names come from Google's GCM v2 specification. They are set to "denied" before consent and updated to "granted" after the user's choice.

Which scenario, which product

Cart, checkout, retargeting: every flow is covered.

Typical user flows on e-commerce sites are mapped below in terms of consent. See what is necessary and what requires consent in each scenario.

Cart Tracking

The cart feature is in the necessary cookie category, no consent required. However, cart abandonment retargeting requires advertising consent.

  • Cart state: functionality_storage (necessary)
  • Cart abandonment email: ad_storage + ad_personalization required
  • Scripts controlled automatically with data-cb-category="advertising"

Checkout and Payment

Since payment pages (iyzico, PayTR, Stripe) are in the "necessary" category, there is no interruption from the consent banner.

  • Payment iframe: functionality_storage (necessary)
  • The banner is not shown again during checkout (the session remembers)
  • Timestamped consent log; retained for the KVKK burden of proof

Dynamic Remarketing

The most effective channel to win back visitors who viewed a product but did not buy; the correct GCM v2 signal is required.

  • ad_storage + ad_user_data + ad_personalization must be granted
  • cerez.io automatically updates the signals after consent
  • Google Enhanced Conversions and Dynamic Ads activate automatically

Live Support and Chat

Live support tools such as Tawk.to, Intercom and Zendesk use 3rd-party cookies; they are recognized in the functionality or analytics category.

  • Blocked before consent with data-cb-category="functional"
  • Categorized automatically with 217+ known cookie definitions
  • Browser script analysis shows what is being loaded

EAA and Accessibility

Product galleries, filters, search and payment forms fall under the EAA. A widget alone is not enough; a real scan is required.

  • The WCAG 2.2 scanner analyzes product and payment pages
  • AI-assisted alt text suggestions for product photos (human-approved)
  • The EAA statement document is generated automatically

KVKK Compliance Evidence

The most common question in a KVKK Board review: "From which person, when and for what scope was consent obtained?"

  • Timestamped consent log (retained for 365 days by default)
  • Category-based granular consent; more than a single bulk "accept all" option
  • Logs are on servers in Turkey, compliant with KVKK data residency
Platform integrations

6 platforms, one SDK, plugin ready.

The universal JS SDK runs on every platform. A ready-made WordPress plugin is available for WooCommerce; on other platforms a single-line embed code is used.

WordPress + WooCommerce

WP plugin ready. Optimized for WooCommerce product views and checkout.

  • One-click setup, WooCommerce native cookie override
  • GCM v2 signals automatic for GA4 + Meta Pixel

Download the WordPress plugin: available on the installation page

Shopify

Works with a single-line embed in theme.liquid. A Shopify App Store version is planned.

  • A single script tag in the head section of theme.liquid
  • GA4 + Meta Pixel consent signals automatic

A Shopify App Store listing is planned

Magento 2

A single-line embed into the head via Layout XML. No platform-specific plugin is expected.

  • Universal SDK compatible with every Magento 2 version
  • GCM v2 and script blocking work the same way

No platform-specific extension required

Next.js / React / Custom

The universal JS SDK runs on every framework; ready for headless e-commerce too.

  • Integration via script tag or npm package
  • CerezBanner.on('consent', callback) for custom flows

API documentation is available in the admin panel

Ticimax / İdeasoft / T-Soft

On local e-commerce platforms, a single-line embed is added to the theme or custom code area; no separate plugin is needed.

  • A single script tag in the theme or custom HTML area
  • GA4 + Meta Pixel consent signals automatic

Works in every panel that offers a custom code area

Trendyol / Hepsiburada Seller

If you sell through a marketplace, the platform handles its own consent management; cerez.io is not needed.

  • Trendyol.com and Hepsiburada.com: the platform manages it
  • If you have your own domain (brandname.com.tr) cerez.io is required

For your own site: the universal SDK is fully compatible

This site uses cookies

We use cookies to improve your experience. Make your choice, cookie policy.

Real behavior demo

Try the e-commerce scenario yourself.

The banner on the left shows the behavior of a real cerez.io shows the behavior of the consent banner. Accept or reject: watch how the GCM v2 signals behave. It also works with the keyboard (Tab + Enter).

  • Scripts do not run before you rejectMeta Pixel and GA4 are blocked in the browser until consent is approved.
  • The banner does not appear during checkoutConsent is remembered per session; it does not interrupt the cart and payment flow.
  • Always reversibleThe visitor updates their preference whenever they want via the "Cookie Preferences" link in the footer.
FAQ

About e-commerce and compliance

What do I need for KVKK on my e-commerce site?
A cookie disclosure text (compliant with KVKK Article 10), granular explicit consent (category-based), consent log retention, a reject button (as prominent as accept) and GCM v2 integration for GA4 + Meta Pixel + Google Ads are required. Correctly categorizing third-party live support, analytics and payment widgets also matters. cerez.io delivers all of these in one package.
How do I set up for Shopify?
You can set it up in 5 minutes by adding a single-line <script> embed to the <head> section of the theme.liquid file. In the admin panel, Shopify-specific steps and the embed code are available under Site Settings > Installation. GCM v2 signals activate automatically for GA4 + Meta Pixel. A Shopify App Store version is planned.
Is there a WordPress plugin for WooCommerce?
Yes, our free WordPress plugin is available. Fully compatible with WooCommerce; optimized for product view analytics consent, cart tracking and the checkout funnel. It overrides WooCommerce native cookie settings and applies category-based consent. Setup takes about 2 minutes; the plugin ZIP file can be downloaded from the Installation page.
I am a Trendyol or Hepsiburada seller, cerez.io do I need it?
If you sell only through a marketplace, the platform handles its own consent management, cerez.io is not needed. However, if you have your own domain (brandname.com.tr), blog or campaign page, cerez.io is required. This is especially true if you use retargeting, GA4 and other pixels on your own site.
Does cart tracking work without consent?
Since the cart function is a technical necessity, it falls into the "functionality_storage" category and no consent is required. However, for cart abandonment retargeting (bringing back users who leave the site with ads), email or SMS retargeting, the ad_storage + ad_personalization signals must be granted. cerez.io's scripts marked with the data-cb-category="advertising" attribute are kept under control automatically.
Does the banner interrupt the visitor during checkout?
No. Consent is obtained on the first visit and remembered per session; the default validity period is 365 days (adjustable from 90-365 days per domain). After the user adds a product to the cart and moves to the payment step, the banner is not shown again. Users who want to change their consent preference can use the "Cookie Preferences" link in the footer.
What do I need to do for dynamic remarketing?
The GCM v2 signals ad_storage, ad_user_data and ad_personalization must be "granted"; this means the user has given consent for the advertising category. cerez.io sends the correct signals to Google automatically at the moment consent is obtained; no manual GTM setup or extra code is required. This is how Google Ads Enhanced Conversions and Dynamic Remarketing work properly.

Start consent management on your e-commerce site today.

Ready for Shopify, WooCommerce, Magento and custom platforms. KVKK + GCM v2 + EAA in one embed, one panel, servers in Turkey, TRY pricing. Start free, no credit card required.

Start free Request an e-commerce demo

⚡ YASAL ZORUNLULUK 2025/10 Cumhurbaşkanlığı Genelgesi: Kamu, belediye, banka, üniversite, hastane, okullar için 21 Haziran 2026'ya WCAG 2.2 A zorunlu · Ceza: 5.000–25.000 TL/tespit
Detay →