ConsentPixel – Privacy · Verified

Miva ⚡ No App Required

Cookie Consent for
Miva Stores
B2B, DTC & Multi-Storefront.

Miva powers serious mid-market and enterprise eCommerce — B2B wholesale, DTC retail, and hybrid operations running complex product catalogues across multiple storefronts. Every one of those storefronts fires tracking scripts to visitors in the EU, California, and beyond. Miva has no built-in consent management. ConsentPixel — Privacy · Verified does. One script tag, no module installation, full compliance.

Start Free 14-Day Trial → Scan My Miva Store
MultiStorefront supported
GDPR · CCPA · CIPA · 19 US state laws
Google Consent Mode v2 built in
B2B buyer data protection
25+
Years Miva has powered mid-market & enterprise eCommerce
$5,000
Per-visitor CIPA exposure from checkout session-replay
€20M
Max GDPR fine for EU customer data mishandling
5 min
To install ConsentPixel on any Miva storefront

Why Miva Stores Face Elevated Privacy Risk

Miva's strength as a platform — its deep customisability, rich integration ecosystem, and ability to run complex B2B and DTC operations from a single admin — also means that a typical Miva store carries a significantly richer stack of third-party data-sharing relationships than a simpler platform might. ERP integrations, marketing automation, analytics platforms, CRM connectors, loyalty programmes, and advertising pixels all introduce data flows that privacy law increasingly regulates.

The merchants who have built on Miva for years — industrial suppliers, specialty retailers, wholesale distributors — are precisely the businesses that EU DPAs and CIPA plaintiff firms are targeting in 2026. The assumption that "we're B2B, privacy law doesn't apply to us" is incorrect and expensive. GDPR applies to any personal data processed about natural persons. CCPA and CIPA apply to any California resident who visits your store, whether they are buying for business or personal use.

⚠️
Miva has no native consent management. Miva's platform is built for eCommerce operational power — inventory management, B2B pricing, multi-storefront architecture. Cookie consent management — script blocking, consent logging, GPC signal detection, Google Consent Mode v2 — is not part of its core. Every Miva store running Google Analytics, Meta Pixel, or session-replay tools needs a dedicated consent solution.

Miva's MultiStorefront capability adds a further layer. A brand running a US wholesale portal, a European retail storefront, and a UK direct-to-consumer channel from one Miva instance must apply different consent rules to each storefront — GDPR opt-in for the EU, UK GDPR for Britain, CCPA opt-out for California. Managing that complexity without a purpose-built consent platform is an operational risk as well as a legal one.

Trackers Commonly Running on Miva Stores

Miva's integration ecosystem connects to a wide range of marketing, analytics, and operational tools. These are the most common tracking integrations on Miva stores — and the specific compliance exposure each creates.

📊
Google Analytics 4
GDPR · CCPA · GCM v2
Added via Miva's global header or GTM. Must not fire before GDPR consent. Requires all four GCM v2 parameters for EEA/UK visitors.
🎯
Google Ads / Shopping
GDPR · GCM v2 Required
Conversion tags for Google Shopping and Performance Max campaigns require GCM v2 — without it, EU/UK conversion data disappears entirely.
📘
Meta Pixel
GDPR · CCPA · CIPA
Fires product view, add-to-cart, and purchase events. Shares visitor and transaction data with Meta's advertising network.
🔥
Hotjar / Clarity
GDPR · CIPA
Session-replay on checkout and quote-request pages. $5,000 per California visitor CIPA exposure. Primary target of plaintiff scanning campaigns.
📧
Klaviyo / Marketing Automation
GDPR · CCPA
Onsite tracking identifies visitors for email targeting. Must be consent-gated before EU visitors are tracked and profiled.
🔗
Miva Connect Integrations
GDPR · CCPA
Third-party integrations via Miva Connect — ERP connectors, CRM systems, fulfilment platforms — may introduce their own tracking scripts and data-sharing relationships.
🎵
TikTok / Pinterest Pixel
GDPR · CCPA
Social advertising pixels share browse and conversion events. Under heightened regulatory scrutiny for cross-border data transfers in 2026.
💬
Live Chat (Intercom, Drift)
GDPR · CCPA
B2B chat tools set persistent session identifiers and transmit interaction data. Common on Miva trade portals and account management pages.
📦
ERP / OMS Tracking Scripts
GDPR · CCPA
Some ERP and order management integrations inject client-side scripts for real-time inventory or order status updates that carry tracking identifiers.

The B2B Privacy Risk Miva Merchants Often Overlook

Miva is specifically built for B2B and hybrid B2B/DTC merchants — it is one of the platform's core differentiators. This creates a compliance blind spot that is worth addressing directly: many B2B Miva merchants assume that because they sell to businesses rather than consumers, privacy law does not apply to them. That assumption is incorrect under every major privacy framework.

B2B Merchants Privacy law applies to your trade portal too

GDPR applies to any personal data processed about natural persons — including named purchasing agents, account contacts, and trade account holders on your B2B storefront. The fact that they are visiting for business purposes does not exempt their personal data from GDPR protection.

CCPA and CIPA similarly apply to California residents who visit your store, regardless of whether they are buying for personal or business use. A procurement manager visiting your Miva wholesale portal from California who has session-replay running on their account page is a potential CIPA plaintiff.

🏢 B2B Account Portals

Trade account holders are natural persons under GDPR. Session-replay on login and account management pages carries CIPA exposure.

📋 Quote Request Forms

Form interactions recorded by session-replay tools on quote pages capture personally identifiable business contact information — high CIPA risk.

🔐 Customer Segmentation Data

Miva's account-specific pricing and product visibility features create rich customer profiles. These profiles constitute personal data under GDPR and require lawful basis for processing.

📊 Wholesale Analytics

Analytics tools tracking named B2B accounts by email or user ID process personal data. GDPR consent or legitimate interest documentation is required.

Miva Built-In vs. ConsentPixel

Miva's platform offers deep customisation and a powerful integration ecosystem — but consent management is not part of its native feature set. Here is how the gap looks in practice.

Capability Miva Native ConsentPixel
Cookie consent banner✗ Not included✓ Deployed via single script tag
Technically blocks scripts before consent✗ No✓ Always
Google Consent Mode v2 (all 4 parameters)✗ No✓ All plans
Global Privacy Control (GPC) detection✗ No✓ Auto-detected
MultiStorefront per-channel consent config✗ No✓ Full support
CIPA session-replay blocking✗ No✓ Yes
US state law opt-out (19 states)✗ No✓ All plans
Consent audit log (timestamped)✗ No✓ All plans
Automatic tracker scanning✗ No✓ Continuous
No Miva module requiredN/A✓ One script tag in global header

See every tracker firing on your Miva store before consent

ConsentPixel scans your store — including B2B account pages and checkout flows — and shows you exactly which scripts share visitor data before any consent is given.

Scan My Store Free →

How to Install ConsentPixel on Miva

ConsentPixel installs on Miva as a single script tag in your store's global header — no Miva module download, no marketplace installation, no compatibility dependencies. The pixel must load before every other third-party script in your store head. Installation takes under five minutes.

1

Create your ConsentPixel account and scan your Miva store

Sign up at consentpixel.com, add your Miva store domain, and run the auto-scanner. ConsentPixel maps every tracker and cookie across your storefront — including those introduced through Miva Connect integrations, marketing modules, and third-party scripts in your global header. Copy your unique pixel snippet from the dashboard.

For MultiStorefront setups, create a separate site in your ConsentPixel dashboard for each Miva storefront and configure the appropriate consent rules per jurisdiction before generating its pixel snippet.

2

Add the pixel to your Miva Global Header — first script in head

In your Miva admin, navigate to Menu → User Interface → Global Header. Paste the ConsentPixel snippet as the very first item inside the <head> tag — before your Google Tag Manager snippet, before Google Analytics, before any other third-party script. This positioning is critical: ConsentPixel must read the visitor's consent state before any tracking tag has a chance to fire.

Miva Global Header — first script in <head> 
<head>
  <!-- ConsentPixel — must be FIRST script in head -->
  <script
    src="https://pixel.consentpixel.com/YOUR-SITE-ID.js"
    async></script>

  <!-- Your existing head scripts follow below -->
  <!-- GTM, GA4, Meta Pixel etc. -->
</head>
3

Register your tracking integrations by consent category

In the ConsentPixel dashboard, register each tracker with its consent category: Analytics (GA4, Hotjar), Marketing (Meta Pixel, Google Ads, Klaviyo, TikTok), Functional (live chat, loyalty tools), and Session Recording (Clarity, Lucky Orange). ConsentPixel will conditionally fire each integration only when the visitor has consented to that category — or suppress it entirely for GPC opt-out visitors and non-consenting EU visitors.

For Miva Connect integrations that inject client-side scripts, review each integration's JavaScript output and register any third-party domains that appear in the tracker scan.

4

Configure Google Consent Mode v2

Enable Google Consent Mode v2 in your ConsentPixel dashboard. This automatically passes all four GCM v2 parameters (analytics_storage, ad_storage, ad_user_data, ad_personalization) before any Google tag loads — protecting Google Shopping and Google Ads conversion measurement for EU and UK visitors.

5

For MultiStorefront — repeat per storefront channel

Each Miva storefront has its own Global Header. Install the storefront-specific ConsentPixel snippet in each storefront's Global Header separately, using the correct site ID for that channel. This gives each storefront its own independent consent configuration, consent log, and GPC signal handling — while all remaining manageable from your single ConsentPixel dashboard.

6

Verify with the ConsentPixel compliance checker

Use the compliance checker to confirm: no scripts fire before consent on a fresh session across all storefronts, GCM v2 parameters are passing correctly, session-replay tools are excluded from B2B account and checkout pages, and consent events are being logged separately per storefront.

💡
Using Google Tag Manager on Miva? ConsentPixel must load before GTM in the Global Header. Once ConsentPixel fires the GCM v2 default block, GTM reads the consent state and holds each tag until the matching signal is granted. Configure each Google tag in GTM with its required consent type — ConsentPixel's signals then control whether GTM fires it. No manual GTM trigger modifications needed.

What ConsentPixel Does for Your Miva Store

🛡️

Script blocking across all pages

Every registered tracker is held at page load — product pages, category pages, B2B account portals, quote forms, and checkout. Nothing fires until the visitor's consent state is established, eliminating GDPR violations and CIPA checkout exposure.

🌐

MultiStorefront per-channel consent

Each Miva storefront gets its own independent consent configuration and consent log. GDPR opt-in for EU storefronts, CCPA opt-out for US, UK GDPR for British channels — all managed centrally, applied automatically per storefront.

📡

Google Consent Mode v2

All four GCM v2 parameters fire before any Google tag loads. Protects Google Shopping, Google Ads, and GA4 conversion measurement for EU and UK visitors. Non-consenting sessions are modelled by Google rather than lost entirely.

🏢

B2B buyer data protection

Consent-gates analytics, session-replay, and marketing automation on B2B account portals and trade pages — protecting personally identifiable business contact data under GDPR and CIPA where session interactions are recorded.

📋

Per-storefront consent audit log

Every consent decision is timestamped with banner version, choices made, and signal source — maintained separately per storefront channel for jurisdiction-specific audit records. Exportable on demand for DPA investigations.

🔍

Continuous integration scanning

ConsentPixel scans your store on a schedule and alerts you when new trackers appear — including those introduced through Miva Connect integration updates. Your consent configuration stays current without manual quarterly audits.

Miva Privacy Compliance Checklist (2026)

Run through this checklist for your Miva store. Click each item to mark it complete.

📋 Miva Store Compliance Checklist — 2026 12 items
Audit every tracker across all Miva storefrontsCheck Global Header scripts, Miva Connect integrations, GTM tags, and any third-party modules injecting scripts
Confirm no scripts fire before consent on a fresh sessionTest each storefront separately in incognito — including B2B account portals and checkout pages
Deploy a consent solution that technically blocks scriptsA notice overlay without script blocking is not compliance — especially for EU visitors requiring GDPR opt-in
Configure Google Consent Mode v2 with all four parametersRequired for EEA/UK Google Ads and Shopping — without it, declined sessions disappear from conversion reports
Configure per-storefront consent rules for each channel jurisdictionEach MultiStorefront channel serving a different market needs its own consent configuration
Block session-replay tools on checkout and B2B account pages$5,000/visitor CIPA exposure — never run Hotjar, Clarity, or Lucky Orange on quote or checkout flows
Assess B2B buyer data under GDPRNamed business contacts, account holders, and purchasing agents are natural persons — their data requires lawful basis
Add "Do Not Sell or Share" opt-out for US visitorsRequired under CCPA for California and effectively for all 19 US state privacy laws in 2026
Implement GPC browser signal recognitionMandatory in California and Virginia — must auto-honour without requiring any visitor click
Review Miva Connect integration data flowsERP, CRM, and fulfilment integrations may introduce data transfers requiring DPAs with each vendor
Update privacy policy to disclose all integrations and third-party recipientsName GA4, Meta, Klaviyo, Miva Connect partners, chat tools, and any ERP/OMS integrations as data recipients
Enable per-storefront consent loggingTimestamped, jurisdiction-specific consent records per channel — required under GDPR's accountability principle

Frequently Asked Questions

Miva does not include a native GDPR-compliant cookie consent banner. While highly customisable via its module and integration ecosystem, cookie consent management — script blocking, GCM v2 signalling, GPC detection, consent logging — requires a dedicated consent management solution. ConsentPixel installs as a single script tag in your Miva Global Header, requiring no module installation and no changes to your store's codebase.
Paste the ConsentPixel pixel snippet into your Miva store's Global Header (Menu → User Interface → Global Header) as the first item inside the <head> tag — before GTM, GA4, Meta Pixel, and any other tracking script. For MultiStorefront setups, install the storefront-specific snippet in each storefront's Global Header separately.
Yes — if your Miva store uses session-replay tools (Hotjar, Clarity, Lucky Orange) and receives visitors from California, CIPA applies. B2B Miva stores are not exempt — CIPA plaintiff firms target eCommerce checkout flows and B2B account portals equally. $5,000 statutory damages per affected California visitor apply without proof of harm. ConsentPixel blocks all session-replay scripts until explicit consent is given.
Yes — ConsentPixel fully supports Miva's MultiStorefront architecture. Each storefront gets its own pixel snippet and independent consent configuration — GDPR opt-in for EU storefronts, CCPA opt-out for US, UK GDPR for British channels — all managed from one ConsentPixel dashboard. Consent logs are maintained separately per storefront for clean, jurisdiction-specific audit records.
Yes — B2B buyer data is not exempt from privacy law. GDPR applies to any personal data processed about natural persons, including named purchasing agents, account holders, and business contacts on your Miva B2B storefront. CCPA and CIPA apply to California residents visiting your store regardless of whether they buy for personal or business use. B2B Miva stores running analytics, marketing automation, or session-replay on trade portal pages carry the same compliance obligations as consumer-facing stores.
No. ConsentPixel is a single lightweight script served from Cloudflare's global edge network with sub-50ms load times worldwide. For non-consenting visitors it actually improves performance by blocking multiple heavy third-party scripts that would otherwise fire — Miva stores with rich integration stacks can carry significant third-party script weight. Blocking these by consent state reduces Time to Interactive for declined visitors.
Miva Compliance — B2B, DTC & MultiStorefront

Your integrations. Your buyers.
Actually protected.

One script tag in your Miva Global Header. No module. No compatibility issues. Full GDPR, CCPA, CIPA, and 19-state US compliance — with MultiStorefront support, B2B buyer data protection, and Google Consent Mode v2 built in from day one.

Start Free 14-Day Trial Scan My Miva Store →
Scroll to Top