Cookie Consent Management
How to keep Sophi usable from the first page view while respecting GDPR/KVKK cookie rules.
This page explains how to keep Sophi usable from the first page view while respecting GDPR/KVKK cookie rules.
Recommended approach for most storefronts:
- Load Sophi on all pages (including before consent), often via SDK GTM Integration.
- Start in memory-only mode (
storageConsent: false). - Upgrade to persistent mode immediately when cookie consent is granted.
This gives visitors an instant chat experience and keeps tracking/storage behavior aligned with your consent policy.
Pre-consent behavior (memory-only chat)
Before consent is granted:
- No cookies or
localStorageare written or read. The chat session lives only in memory, so the visitor starts fresh on every page load. - The chat works fully as a guest — no
userIdis sent to the backend, so the session is never linked to a known user. - The Web Object analytics SDK stays completely passive: no session is created and no events are sent until consent is granted.
When consent is granted, the SDK upgrades in place: it persists the current in-memory session to cookies and (for logged-in users) merges the guest session into the user account.
The chat (sophi-web-sdk) runs anonymously as a guest because it is a
service the visitor explicitly requested. The Web Object analytics SDK
(sophi-web-object) sends nothing until consent — tracking requires
consent.
storageConsent flag
A single flag controls consent-aware behavior end-to-end. It defaults to true
(the existing persistent behavior), so memory-only pre-consent mode is strictly
opt-in and existing
integrations are unaffected.
| Surface | How to set it |
|---|---|
| Widget Launcher | consent: { storage: false } in window.sophiWidgetConfig |
Web SDK (SophiWidget.init) | storageConsent: false |
Web Object (window.sophi_object.config) | storageConsent: false |
Runtime consent updates
When the visitor accepts cookies, call the matching method. The open chat is upgraded in place — the conversation is not lost.
// e.g. inside your cookie banner's "Accept" handler
window.sophiWidget.setConsent(true);widget.setStorageConsent(true);window.SophiTracker.setConsent(true);Calling the same method with false withdraws consent at runtime: cookies are
cleared and the SDK falls back to memory-only.
Runtime upgrade flow
The sequence below shows what happens when a logged-in visitor accepts cookies while the chat is open:
- For guest visitors, only the cookies are written — no merge.
- For logged-in visitors, the existing guest session is merged into the user via Sophi's standard endpoint. No extra backend work is required.
GTM-first integration guidance
If you use GTM, this is the preferred rollout pattern:
- Load the widget on all pages through GTM.
- Initialize with
storageConsent: falseuntil consent is granted. - On banner accept, call
setConsent(true)/setStorageConsent(true). - Keep Web Object passive until consent, then enable it with the same consent signal.
If your policy requires loading nothing until consent, use a strict consent-gated setup from SDK GTM Integration.
Why this structure
Splitting cookie consent handling into its own section improves usability for integration teams:
- Product and legal teams can review policy impact in one place.
- Frontend teams can implement a single consent signal across SDK surfaces.
- GTM owners can follow a clear activation path without reading low-level SDK details first.
Related docs
- SDK Initialization —
storageConsentoption - SDK Methods —
widget.setStorageConsent(granted) - SDK GTM Integration — load on all pages, upgrade on consent
- Web Object Configuration — passive without consent
- Web Object SophiTracker API —
SophiTracker.setConsent(granted)