LightSpeed

LightSpeed

Lightspeed is a cloud-based POS and e-commerce platform for retail and restaurant businesses. E-commerce sites built on Lightspeed load commerce tracking scripts that monitor purchases, cart activity, and visitor sessions for analytics and reporting.

Back to Vendor Library

Overview

Lightspeed Commerce is a cloud-based unified commerce platform serving retail, restaurant, and golf businesses with integrated point-of-sale, inventory management, payments, and e-commerce storefronts. Headquartered in Montreal and publicly traded (NYSE: LSPD), Lightspeed powers tens of thousands of merchants globally across independent retail, apparel, electronics, sporting goods, and food service verticals.

Lightspeed's e-commerce product (previously Lightspeed eCom, now integrated as part of Lightspeed Retail and Lightspeed Restaurant) generates the primary browser-side footprint on merchant storefronts. When a retailer runs their online store on the Lightspeed platform, Lightspeed's JavaScript is embedded as a first-party component of the storefront, handling commerce functionality, session management, and built-in analytics.

What This Script Does

Script loading: On Lightspeed-hosted storefronts, commerce scripts load from the merchant's subdomain (e.g., [merchant].ecwid.com for merchants using Lightspeed's Ecwid-based e-commerce layer, or from [merchant].lightspeedhq.com). Third-party retailers embedding a Lightspeed e-commerce widget may load scripts from app.ecwid.com/script.js?[store-id].

Essential commerce functions:

  • Cart management: First-party session cookie (ECWID_SESSION or ec_SID) — session duration — maintains cart contents, quantity selections, and visitor session identity throughout the shopping flow. This is strictly necessary for checkout.
  • Checkout processing: Authentication tokens and transaction state cookies are set during the checkout flow to maintain PCI-compliant state between checkout steps and payment processing. Session duration.
  • Authentication: For returning customers with saved accounts, session cookies maintain the logged-in state (ec_AUTH, session duration).

Analytics and reporting:

  • ec_GUEST — First-party persistent cookie, up to 2 years, stores an anonymized returning visitor identifier used to recognize repeat customers in the merchant's built-in analytics dashboard (conversion rate, repeat purchase rate)
  • Page view events, product view events, category navigation, and cart interaction events are tracked and sent to Lightspeed's analytics APIs to populate the merchant's built-in reporting
  • Purchase conversion events (order value, product SKUs, payment method) are logged for revenue reporting

Ecwid widget (embedded storefronts): Merchants embedding a Lightspeed/Ecwid widget on a non-Lightspeed website load app.ecwid.com/script.js, which renders an iframe-based storefront widget. The widget sets cookies on the ecwid.com domain for cart and session management. The persistent visitor cookie for analytics is also set in this context.

Payment processing: Lightspeed Payments (powered by Stripe in many regions) handles card tokenization. Payment processing cookies are strictly necessary for checkout.

Consent & Compliance

Lightspeed is categorized as analytics and essential.

  • Essential (no consent required): Cart state cookies (ECWID_SESSION, ec_SID), checkout authentication tokens, and payment processing session cookies are strictly necessary for the e-commerce service the visitor has requested. These qualify for the ePrivacy strictly necessary exemption.
  • Analytics (consent required): The ec_GUEST persistent visitor cookie and the behavioral event tracking (page views, product interactions, conversion data) that populate the merchant's analytics dashboard are not strictly necessary for checkout and require consent under GDPR/ePrivacy. Some DPA guidance treats merchant-only analytics on their own storefront as falling under a narrow analytics exemption, but this varies by jurisdiction.
  • CCPA/CPRA: Transaction data is processed as a service provider function. The analytics data usage should be disclosed in the merchant's privacy policy.
  • Lightspeed as data processor: For analytics data, Lightspeed acts as a data processor on behalf of the merchant. A DPA is available and should be executed for GDPR-regulated merchants.

Should You Block This Without Consent?

Conditional. The essential cart, checkout, and authentication cookies must not be blocked — doing so would break the e-commerce experience. The analytics tracking components (persistent visitor identifier, behavioral event reporting) should be suppressed or anonymized without consent. If you are a merchant operating on Lightspeed, review your platform settings for options to disable persistent visitor identification in analytics, or configure your CMP to allow essential Lightspeed cookies while blocking the analytics cookie on first visit.

Visit website

Consent Categories

Analytics
Essential

Also Known As

lightspeed poslightspeed ecommerce trackinglightspeed cookieslightspeed commerce analyticslightspeed hq privacy

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesFinance

Tracked Domains (1)

lightspeedhq.comAnalytics

Frequently Asked Questions

Does Lightspeed require consent on ecommerce sites?

Partially. Cart, checkout, and authentication cookies are strictly necessary for the shopping experience and require no consent. The persistent ec_GUEST visitor identifier and behavioral event tracking that power the merchant analytics dashboard do require analytics consent under GDPR and ePrivacy.

What is the ec_GUEST cookie and why does it matter?

The ec_GUEST cookie is a first-party persistent identifier lasting up to 2 years that recognizes returning visitors in Lightspeed's merchant analytics, tracking repeat purchase rates and conversion data. It is not required for checkout to function and needs analytics consent before being set.

How does ConsentStack handle Lightspeed?

ConsentStack permits Lightspeed's essential cart and checkout cookies without consent while blocking the analytics components — including the ec_GUEST persistent visitor identifier — until analytics consent is granted. This ensures checkout always works while keeping analytics compliant.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for LightSpeed

ConsentStack automatically detects and manages LightSpeed trackers so your site stays compliant with global privacy regulations.

Get started free