Skip to main content
Nudj integrates with OneTrust to gate analytics providers behind user consent. PR #973 shipped the integration across all analytics providers Nudj ships to the user app.
OneTrust lives on your organisation’s marketing property and is expected to already be present on any surface where Nudj renders. Nudj reads the OneTrust consent state at runtime and conditions analytics loading on it.

What gets gated

Consent state gates every analytics provider Nudj ships to the browser:
  • PostHog — product analytics + session replay.
  • Google Analytics — page views and events.
  • Meta Pixel — advertising events.
  • BetterStack session replay — frontend session replay telemetry.
Server-side logging is unaffected — the log pipeline (BetterStack observability) does not route through OneTrust.
1

OneTrust emits a consent state

OneTrust exposes a global object on the page enumerating the consent categories the user has granted (e.g. C0001, C0002, C0003, C0004).
2

Nudj reads consent before loading providers

The Nudj user app checks the consent state before initialising each analytics provider. A provider gated on a category the user hasn’t consented to never loads at all.
3

Consent changes re-evaluate

OneTrust fires change events when the user updates their preferences. Nudj listens for these and updates provider loading state accordingly.

Per-organisation configuration

Cookie consent is organisation-level. An organisation can:
  • Enable or disable OneTrust integration entirely. Organisations without a OneTrust licence can opt out; without the integration active, Nudj falls back to the analytics configuration set elsewhere in the organisation.
  • Map categories to providers. Each analytics provider is keyed to a consent category; the mapping is part of the organisation’s analytics configuration.

Propagation into embedded surfaces

The OneTrust integration also applies when the Nudj user app is embedded:
  • Shopify storefront widgets — the merchant’s OneTrust banner (on their storefront) gates the Nudj widgets’ analytics loading.
  • Universal embed widget — the embedding page’s OneTrust state propagates to the embedded widget.
If your embedding page doesn’t run OneTrust, the Nudj widget falls back to the organisation-level analytics configuration. In regulated geographies this typically means analytics are disabled by default. From a test page:
  1. Open the browser devtools Network panel.
  2. Load the page with OneTrust banner dismissed “reject all”.
  3. Confirm no requests to PostHog / GA / Meta Pixel fire.
  4. Reload with “accept all”.
  5. Confirm the providers’ requests now fire.

Embedding modes

How the Nudj experience renders inside your surface.

Universal embed widget

The primary non-Shopify embed path.
Last reviewed: 2026-04 · Related PRs: #973