Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Deco CX is an edge native commerce frontend platform that lets retailers build storefronts on Deno Deploy with built in A/B testing, personalisation, and observability.
Deco CX is an edge native commerce frontend platform. It lets retailers build composable storefronts powered by Deno Deploy and global CDNs, with first class support for A/B testing, on site personalisation, observability and integrations with VTEX, Shopify, Linx and other commerce engines. It is widely used in Latin America and is gaining traction with European retailers seeking a headless alternative.
Deco CX deploys Preact based pages on Deno Deploy edge nodes. The runtime evaluates routing, rendering and personalisation rules on the edge, calls the commerce backend over HTTPS, and emits structured events to the Deco Live analytics pipeline. Editors drive the experience through a visual admin that pushes changes in real time to the edge.
Deco CX sets first party cookies on your domain to assign A/B test variants (deco_flags, deco_segment), persist a visitor identifier (deco_uid), and keep the locale and currency preferences. Server side, every page render emits an event with the IP, user agent, URL, A/B variant, and cart state. Events flow to Deco Live in the United States.
The first party cookies used purely for A/B testing and personalisation are not strictly necessary under Article 5(3) ePrivacy, so consent is required for non essential variations. Deco CX acts as a processor under your DPA for storefront delivery, plus an independent controller for product analytics if you enable Deco Live. Disclose the platform in your privacy notice.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Deno Deploy runs at the edge close to the visitor, including EU points of presence. The Deco control plane and Deco Live analytics run primarily in the United States. Transfers rely on Standard Contractual Clauses and on the EU-US Data Privacy Framework where applicable. Document the transfer mechanism in your record of processing activities.
Sign the DPA, separate strictly necessary cookies (cart, locale) from analytics and A/B testing cookies. Wire the Deco CX consent block to your CMP so personalisation activates only after opt in. Minimise the user properties you pass to Deco Live, configure retention, and review the AI subprocessors used for any recommendation feature.
Websites using Deco CX must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Deco CX runs heavy personalisation or AI driven recommendations. Document the event pipeline, the third party AI subprocessors, the SCC mechanism for the US data plane, and the retention period for customer level data.
Sample consent text
We use Deco CX to deliver and personalise this storefront. Deco CX sets first party cookies on our domain and sends events to its servers in the United States. Personalisation and analytics only activate after you accept the relevant category in our cookie banner.
Third-party domains contacted
deco.cxdeno.devapi.deco.cxassets.decocache.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| deco_flags | http_cookie | 30 days | Stores the A/B test variant assignments for the visitor so the same experience is served across requests. |
| deco_segment | http_cookie | 30 days | Stores the personalisation segment computed at the edge for the visitor. |
| deco_uid | http_cookie | 1 year | Stable visitor identifier set on the merchant domain and used to consolidate Deco Live analytics. |
| deco_locale | http_cookie | 1 year | Stores the user preferred locale and currency for subsequent visits. |
Deco CX collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Deco CX sets first party cookies on your domain: deco_flags for A/B test assignment, deco_segment for personalisation, deco_uid as a stable visitor identifier, plus locale and currency cookies. Server side, every page render emits an event to Deco Live.
For strictly necessary functions (cart, locale, currency), no. For A/B testing, personalisation, and analytics, yes. Article 5(3) ePrivacy requires consent before non essential cookies are written and before personalisation events are sent.
Contract performance under Article 6(1)(b) GDPR for the storefront and the order. Consent under Article 6(1)(a) for the A/B testing and personalisation cookies, the Deco Live analytics, and any AI recommendation features.
Edge rendering happens close to the visitor (including EU). Deco Live and the control plane run primarily in the United States. Transfers rely on SCCs and the EU-US Data Privacy Framework where applicable.
A DPIA is recommended when Deco CX runs heavy personalisation, AI driven product recommendations, or large scale A/B testing on consumer journeys. Document the event flow, the AI subprocessors, and the retention.
Sign the DPA, split your cookies into strictly necessary and consent based, wire the Deco CX consent block to your CMP, configure retention for Deco Live, and disclose Deco CX in your privacy notice with the categories and the US transfer mechanism.
Alternatives include Vercel Commerce, Shopify Hydrogen, Nuxt Commerce, Saleor Storefront, Next.js Commerce, frontastic, and BloomReach Storefront. Some can be deployed entirely on EU edges if European data residency is a constraint.
List the deco_flags, deco_segment, deco_uid, locale and currency cookies with their lifetime and purpose. Explain that Deco CX renders the storefront at the edge and sends events to Deco Live in the United States. Link to the Deco privacy policy.