Yotpo

Overview

Yotpo is a full-stack e-commerce marketing platform covering customer reviews, visual user-generated content (UGC), loyalty and referral programs, and SMS marketing. Founded in 2011 and headquartered in New York, Yotpo serves over 30,000 brands across Shopify, BigCommerce, Salesforce Commerce Cloud, and custom storefronts. Its scripts appear in multiple forms on e-commerce sites: review widgets on product pages, star rating badges in search results, loyalty point interfaces in navigation or checkout, and UGC galleries featuring customer photos and videos.

What This Script Does

Reviews widget loads from staticw2.yotpo.com or cdn-widgetsrepository.yotpo.com. The widget renders star rating summaries, written review snippets, and full review pagination on product detail pages. Review data is fetched from api.yotpo.com on widget initialization. The script also injects star rating micro-data (Schema.org AggregateRating) for Google rich snippet eligibility.

Post-purchase review requests: After an order is confirmed, Yotpo's integration fires a conversion event to api.yotpo.com containing the order ID, product SKUs, customer email, and customer name. Yotpo uses this to send automated review request emails or SMS messages on a configured delay (typically 7–14 days post-delivery). A _yotpo_ref cookie (30-day expiry, first-party) may be set to track attribution of the review request flow.

Loyalty and referrals widget (Yotpo Loyalty, formerly Swell Rewards) loads from cdn.sweettooth.io or loyalty.yotpo.com. The widget displays the visitor's loyalty point balance, available rewards, and referral links. A yt_session_id cookie (session-scoped) and yt_customer_id cookie (1-year expiry, first-party) identify the logged-in customer within the loyalty program. The script makes API calls to loyalty.yotpo.com to fetch the current visitor's account balance and program details.

Interaction analytics: The widget scripts track engagement events — review filter interactions, photo gallery views, loyalty redemption clicks, share actions — and send these to Yotpo's analytics pipeline. Engagement data is used for widget performance reporting and may feed into Yotpo's broader data products.

Visual UGC gallery loads customer-submitted photos and videos, typically sourced from Instagram imports or direct upload during the review flow. The gallery tracks which UGC items are viewed and clicked.

Consent & Compliance

Yotpo spans marketing and functional consent categories. The consent requirements differ by product component:

The review display widget — showing existing customer reviews and star ratings — is functional product information content. Static display of pre-existing reviews can be justified under legitimate interest as core product page content that assists purchase decisions. However, the engagement tracking layer (interaction events sent to Yotpo's analytics) goes beyond what is strictly necessary.

The post-purchase review solicitation flow, including the order event fired to Yotpo's API and the subsequent marketing emails/SMS sent to customers, is marketing activity that requires consent or, at minimum, a soft opt-in under applicable email marketing laws (CAN-SPAM, CASL, PECR).

The loyalty program widget sets persistent cookies and makes authenticated API calls for a logged-in user's account data. For authenticated users who explicitly enrolled in the loyalty program, this is functional. For anonymous visitors, loyalty tracking cookies are non-essential.

Under GDPR and ePrivacy, the _yotpo_ref cookie and engagement tracking require consent. Under CCPA/CPRA, customer data collected for loyalty program management and review solicitation must be disclosed, and sharing engagement data with Yotpo as a third-party analytics platform constitutes personal information processing. Yotpo is headquartered in New York; EU/EEA data transfers rely on Standard Contractual Clauses. Yotpo participates in the EU-US Data Privacy Framework.

Should You Block This Without Consent?

Conditional. Displaying existing product reviews and star ratings can be considered functional e-commerce content that does not require consent if tracking cookies are disabled. Review solicitation (post-purchase order events firing to Yotpo), loyalty program tracking for anonymous visitors, and engagement analytics all require consent. Sites should configure Yotpo to disable non-essential tracking until consent is obtained, or split the integration so the display widget loads without consent and the marketing features are deferred.