Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
FeatherX is a user generated content and social proof platform built for Shopify and Shopify Plus stores. It aggregates reviews from sources like Yotpo, Judge.me, Google, Amazon and Instagram, then uses an AI engine to display the most engaging content to each visitor on product pages. FeatherX sets first party cookies, tracks engagement and runs on US infrastructure, which makes it a marketing and personalisation tool that requires prior consent under the GDPR and the ePrivacy Directive.
FeatherX is a Shopify app focused on social proof and user generated content. It pulls reviews from a long list of sources (Yotpo, Judge.me, Stamped, Okendo, Google, Facebook, Amazon, Flipkart) and tagged Instagram and Facebook posts, then displays this content on storefront pages with an AI engine that prioritises the items most likely to drive conversion for each visitor.
Once installed, FeatherX injects a JavaScript widget into the Shopify theme. The widget loads the reviews and UGC from FeatherX servers, ranks them in real time, and tracks which content the visitor sees, hovers and engages with. That signal feeds the personalisation model that selects the next batch of content shown.
FeatherX sets first party cookies on the merchant domain to identify each visitor, remember the personalisation profile and group engagement events. The widget also reads the page URL, product ID, language, country, device type and basic interaction signals (impressions, hovers, clicks).
On top of visitor data, FeatherX processes the personal data of the original content authors: names, profile pictures, social handles, post text, photos and reviews pulled from third party platforms. That secondary processing also has to be assessed under the GDPR.
FeatherX is a marketing and personalisation tool. Its cookies and identifiers are not strictly necessary under Article 5(3) of the ePrivacy Directive, so prior consent is required before the widget loads. The CNIL has confirmed multiple times that personalisation, recommendation and engagement tracking belong to the same regime as advertising tags.
For the UGC ingested from Instagram, Facebook and review sites, the merchant becomes a data controller for the new processing activity (display on the storefront). You should rely on a clear lawful basis (often the original platform terms combined with the rights granted by the author) and respond to deletion requests propagated from those sources.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
FeatherX, Inc. is a US based vendor and processes data on US cloud infrastructure. Any deployment on a website that targets EU or UK visitors involves an international transfer governed by Chapter V of the GDPR. The transfer must be covered by the EU US Data Privacy Framework, by Standard Contractual Clauses, or by another valid Article 46 safeguard, plus a documented Transfer Impact Assessment.
To use FeatherX on a Shopify store that serves EU or UK customers, you should: load the FeatherX widget only after consent to marketing or personalisation cookies, document the lawful basis (consent), name FeatherX and the United States transfer in your privacy and cookie policies, sign the Data Processing Addendum, run a DPIA when personalisation is enabled, and offer a clear reject all option in the banner.
With FlowConsent you can block the FeatherX domains until the visitor opts in to personalisation, and release them on the fly so the social proof feed loads without breaking the consent layer.
For merchants who want UGC and social proof without sending personal data outside the EU, alternatives include EU hosted review platforms (Trustpilot with EU tenants, Avis Verifies in France, Trusted Shops) and native Shopify Reviews. You can also limit the FeatherX scope by disabling personalisation, showing a static feed, and only enabling tracking for visitors who have explicitly accepted analytics or marketing cookies.
Websites using FeatherX must obtain user consent under GDPR regulations.
DPIA considerations
A Data Protection Impact Assessment is recommended when FeatherX is configured to personalise content based on visitor behaviour or to ingest UGC from social platforms. Key risks: behavioural profiling, combination with Shopify customer data, transfer of EU and UK personal data to the United States, and indirect collection of personal data from third party reviewers (names, photos, comments). Document the lawful basis (consent), the necessity test, the transfer impact assessment and the rights of the original content authors.
Sample consent text
We use FeatherX to display reviews and user generated content on our store, and to personalise which posts and reviews you see based on your interactions. This involves storing first party cookies on your device and transferring engagement data to FeatherX servers in the United States. You can accept, refuse or customise these cookies and you can withdraw your consent at any time from our cookie preferences page.
Third-party domains contacted
featherx.aiapp.featherx.aicdn.featherx.aiapi.featherx.aiCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| fx_visitor | first_party | 1 year | First party visitor identifier set on the merchant domain to recognise returning visitors and feed the FeatherX personalisation engine |
| fx_session | first_party | session | Session level identifier used to group impressions, hovers and clicks on the UGC widget within a single visit |
| fx_segment | first_party | 6 months | Stores the personalisation segment computed by the AI engine based on past interactions with the UGC widget |
| fx_consent | first_party | 1 year | Stores the visitor consent state used by the FeatherX widget to gate personalised content and analytics signals |
FeatherX uses cookies for user preferences — inform visitors with a consent banner.
FeatherX sets first party cookies on the merchant domain to identify visitors and remember the personalisation profile assigned to each. Names typically use the featherx or fx prefix (for example fx_visitor and fx_session). Cookies are deposited on your shop domain, but they are used for personalisation and analytics, not strictly necessary purposes.
Yes. FeatherX is a marketing and personalisation tool that profiles visitors to choose which UGC to show. Its cookies and identifiers fall outside the strictly necessary exemption of Article 5(3) of the ePrivacy Directive, so prior, freely given, specific, informed and unambiguous consent is required before the widget loads.
For visitor data, the lawful basis is consent under Article 6(1)(a). For UGC pulled from Instagram, Facebook or review platforms, the merchant relies on the original platform terms combined with the rights granted by the author and, when needed, on legitimate interests under Article 6(1)(f), with a documented balancing test.
Yes. FeatherX, Inc. is a US based company with infrastructure in the United States. Visitor data, engagement events and the UGC ingested from third party platforms are transferred to the US. The transfer must be covered by the EU US Data Privacy Framework, by Standard Contractual Clauses, or by another valid Article 46 GDPR safeguard, plus a documented Transfer Impact Assessment.
A DPIA is recommended whenever FeatherX is configured to personalise content or to ingest UGC at scale. The combination of behavioural profiling, indirect collection of personal data from third party authors, and cross border transfer triggers several criteria from the EDPB DPIA list. Document the lawful basis, the data flows, the safeguards and the rights of all data subjects involved.
Block the FeatherX widget before consent through a CMP such as FlowConsent, classify the cookies under the marketing or personalisation category, name FeatherX and the United States transfer in your privacy notice, sign the FeatherX Data Processing Addendum, run a DPIA when personalisation is enabled, and offer a clear reject all option. Test that the widget only loads after explicit opt in.
Alternatives include EU hosted review platforms such as Trustpilot with EU tenants, Avis Verifies, Trusted Shops, and the native Shopify Reviews app for a lighter footprint. You can also use a static social proof block (a curated photo carousel) rather than dynamic personalisation, which removes the need to track engagement and keeps the cookie banner simple.
List FeatherX in your cookie policy under the marketing or personalisation category. Specify the cookie names, the purpose (UGC display and personalisation), the duration, the controller and processor roles, and the fact that the data is transferred to the United States. Link to the FeatherX privacy policy and to your CMP preferences page so visitors can withdraw consent at any time.