Gorgias

Gorgias

Gorgias is a helpdesk platform built specifically for ecommerce brands, with deep Shopify integration. Scripts embed chat and contact widgets on storefront pages. Customer support agents see full order history alongside conversations, enabling order edits and refunds directly from the helpdesk.

Back to Vendor Library

Overview

Gorgias is a helpdesk and customer support platform built specifically for e-commerce brands, with deep native integrations into Shopify, BigCommerce, and Magento. It centralizes support tickets from email, live chat, social media DMs, and SMS into a single agent workspace. Merchants embed a Gorgias chat widget on their storefront to provide real-time customer support and access to order data during conversations.

What This Script Does

Chat Widget Script

The Gorgias chat widget loads from config.gorgias.chat/applications/{account-id}/onload.js. This script renders an interactive chat button in the corner of the storefront. On click, it expands into a full chat panel connected to Gorgias's agent workspace in real time via WebSockets.

Order Data Enrichment

When a customer initiates a chat, Gorgias's Shopify integration retrieves the customer's order history via the Shopify API (server-side) and surfaces it to the support agent. The chat widget itself does not directly access order data — it sends a customer identification event to the Gorgias API, which then fetches order context server-side.

Contact Identification

If the customer is logged into the store, the widget can be initialized with a signed customer token that identifies the visitor as a known account. This allows Gorgias to match the chat session to an existing customer record without the customer needing to re-enter their details.

Cookies Set

  • gorgias-session — First-party session cookie. Stores the active chat session token for widget state continuity. Duration: session.
  • gorgias-vid — First-party persistent cookie. Stores an anonymous visitor identifier for returning visitor recognition. Duration: 1 year.
  • gorgias-chat-open — First-party session cookie. Stores the open/closed state of the chat widget. Duration: session.

Domains Contacted

  • config.gorgias.chat — Serves the widget loader JavaScript and configuration payload.
  • us.gorgias.com / eu.gorgias.com — Regional API endpoints for message delivery, agent assignment, and customer lookup.
  • WebSocket connection to Gorgias infrastructure for real-time chat message delivery.

Data Collected Per Interaction

  • Page URL when chat is initiated
  • Browser user-agent and screen dimensions
  • Customer email, name, and order number if the customer provides them or is identified from the logged-in session
  • Full chat transcript (messages between customer and agent)
  • Customer satisfaction rating if the post-chat CSAT survey is enabled
  • IP address at connection time

Consent & Compliance

GDPR / ePrivacy: Gorgias processes personal data (name, email, order history, IP) as a data processor on behalf of the merchant. The chat functionality is a service explicitly requested by the user when they open the widget. This falls under GDPR Article 6(1)(b) (performance of a contract) or Article 6(1)(a) (consent by initiating the conversation). The gorgias-vid persistent cookie used for returning visitor recognition is functional. Merchants must include Gorgias in their privacy policy as a sub-processor.

CCPA / CPRA: Gorgias processes customer personal information under a merchant data processing agreement, qualifying it as a service provider. This is not a sale under CCPA. Merchants must disclose Gorgias in their privacy policy.

EU-US Data Privacy Framework: Gorgias offers EU-region data hosting (eu.gorgias.com) for merchants requiring data residency within the EU. EU merchants should select the EU region and confirm Gorgias's DPA is in place.

Consent Category: Functional. Gorgias is a customer support tool with no advertising or behavioral marketing functions.

Should You Block This Without Consent?

No. Gorgias is a customer support widget that provides a service explicitly requested by users who choose to open the chat. It does not perform advertising tracking or behavioral profiling. The persistent visitor cookie is functional (returning visitor recognition for support context). Blocking Gorgias without consent is not required by GDPR or CCPA. Merchants should ensure the chat is listed in their privacy policy as a sub-processor.

Visit website

Consent Categories

Functional

Also Known As

GorgiasShopify helpdeskecommerce supportchat widgetcustomer support cookiesShopify chat

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (2)

config.gorgias.chatFunctional
assets.gorgias.chatFunctional

Frequently Asked Questions

Does Gorgias require visitor consent under GDPR?

No. Gorgias is a customer support chat widget. The gorgias-vid persistent cookie provides returning visitor recognition for support context continuity — a functional purpose. No advertising tracking or behavioral profiling is performed. Merchants must list Gorgias as a sub-processor in their privacy policy.

What cookies does Gorgias set?

Gorgias sets gorgias-session (session token for active chat continuity), gorgias-vid (1-year persistent visitor identifier for returning customer recognition), and gorgias-chat-open (session cookie storing widget open or closed state). Scripts load from config.gorgias.chat with regional API endpoints at us.gorgias.com or eu.gorgias.com.

How does ConsentStack detect Gorgias?

ConsentStack classifies Gorgias as functional. The chat widget loads without a consent gate, as it provides a customer service function explicitly invoked by the user. ConsentStack does not block Gorgias, but merchants should declare Gorgias as a data sub-processor in their GDPR privacy policy and DPA documentation.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Gorgias

ConsentStack automatically detects and manages Gorgias trackers so your site stays compliant with global privacy regulations.

Get started free