Retail Growth

Ecommerce Personalization: How 5 Brands Balance It With Data Privacy

Aaron Sullivan
August 15, 2022

Ecommerce personalization is a double-edged sword for online stores.

According to a 2021 McKinsey study, 71% of consumers expect companies to deliver personalized experiences, and 76% get frustrated when companies don’t do that.

At the same time, 57% of customers in 2022 have an increasing concern with how brands use their “personal information.” But without collecting some personal data, companies risk frustrating customers by not providing the expected experience.

Transparency is key to balancing these dueling customer needs. When you let customers know you’re collecting data — and how you plan to use it — you start creating customer experiences that lead to higher conversion rates.

Unless you balance ecommerce personalization with the data-privacy concerns of your customer base, you’ll lose potentially loyal customers — or worse, break the law. 

What is ecommerce personalization?

Ecommerce personalization is a marketing strategy that uses data about site visitors to create a more engaging online shopping experience. This ecommerce customer experience includes customized on-site visuals and prompts, email and SMS recommendations, social media activity, and even paid ads.

Ecommerce stores gather customer data by recording shoppers’ interactions with their website and responses to their marketing communications.

If this data-driven personalization meets customer expectations, McKinsey finds that customers are 78% more likely to recommend your brand and purchase again.

In other words, personalization done right leads to customer loyalty.

Why does ecommerce personalization require a data privacy policy?

Successful ecommerce personalization requires customer data. And that data needs to be used ethically and responsibly. A data privacy policy builds customer trust — which leads to loyalty over time — and puts you in compliance with privacy laws.

Besides the stringent European Union GDPR data privacy law, US states such as Colorado, Virginia, and California have also enacted laws. These rules can apply when you sell to customers in these areas. So, if you’re based in Iowa but sell in California, the California law may apply to you. Similarly, if you’re based in the United States but sell globally, the GDPR laws may apply. 

These laws guarantee certain customer rights, such as access to certain data you may hold, and may require you to track and communicate details like:

  • What personal data you collect and why
  • How you use the data you collect
  • How you plan to protect the data from theft
  • When and where you’ll share the data if you plan to do so

Fines for violating these laws can reach millions of euros or dollars.

5 brands that build customer trust through data transparency

The following ecommerce brands effectively communicate their data-use policies without creating friction at key touchpoints. They excel at using that data to create personalized shopping experiences. Use these examples to inspire you to create noteworthy personalized experiences while addressing customers’ needs for privacy and transparency.

Stitch Fix: Make your privacy policy easy to access

Fashion ecommerce website Stitch Fix keeps its privacy policy front and center. The company nestles a privacy policy link at the beginning of the most important customer touchpoint: the style quiz.

Stitch Fix leverages a style quiz to personalize their ecommerce experience.
Image source

The style quiz asks first-time visitors for their name, height, weight, and age with the goal of creating personalized “style profiles.” Stitch Fix uses this information to match customers with boxes of clothing curated to match their preferences.

Stitch Fix personalization: "Is this your style?"
Image source

With so much information required upfront, Stitch Fix wants to head off any concerns about privacy and how it plans to use the data.

Its privacy policy reassures customers with a reader-friendly grid listing use cases for different data categories, including demographics.

Stitch Fix Privacy Policy Resource
Image source

It also builds customer trust by not providing personal information to third parties for monetary or marketing purposes.

Peloton and Boozt: Help new customers manage tracking cookies

Ecommerce businesses Peloton and Boozt are based in different countries and sell different products, but they align on an important aspect of data privacy: cookies.

A cookie policy is different from a privacy policy, though most privacy policies include a statement about cookie use. Cookie policies unpack the tracking technologies used to personalize the website experience, while privacy policies address how you collect, process, and store consumer data. Both have privacy implications.

Rather than make first-time site visitors search for its cookie policy, Peloton offers a pop-up explaining that some cookies are necessary for the site to function while others related to marketing are optional.

Peloton makes it clear for customers to see which cookies they allow.
Image source

With this prompt, customers who opt in to all cookies won’t be surprised when they receive a cart abandonment email containing an image from the product page they last viewed before checkout.

Peloton cart abandonment email
Image source: Personal email

EU-based fashion brand Boozt uses cookies to personalize its homepage with images and similar products from the returning visitor’s browsing history. A first-time visitor gets this homepage:

Personalized homepage of EU-based fashion brand Boozt.
Image source

When a customer freely opts in to cookies — much like the Peloton experience — and looks at men’s apparel, they see a menswear-focused homepage on their return visit:

A personalized shopping results page from Boozt
Image source

Boozt’s official cookie policy is clear about what customers should expect when they opt in: “Permanent cookies are stored and will be renewed every time you visit the website or use the app….By using these cookies, it is possible to ‘recognize’ you when you return to the website or the app, which we use, for example, to adapt our platforms to your interests.” 

The company also states that these cookies “delete themselves” after a certain period of time. 

Brilliant Earth: Be clear about third-party data usage

As an ecommerce site selling sustainably crafted jewelry, Brilliant Earth realizes that customers often need nurturing to feel comfortable buying an engagement ring or luxury jewelry piece online.

One of their personalization tactics is Facebook retargeting, which places an ad into the feed of a customer who recently visited their website. The goal of these personalized ads is to bring customers back to the Brilliant Earth website to learn more about its products or make a purchase. 

Some customers might like one of Brilliant Earth’s rings but hesitate to purchase it because they want to try it on. One of its retargeting ads takes customers to a landing page with information about nearby showrooms, so they can see the ring in person.

Brilliant Earth Facebook ad
Image source: Private Facebook account

But these ads can often take customers by surprise, which is why the company’s privacy policy is clear about third-party data usage. Its privacy policy mentions the use of “web beacons” or pixels to bring personalized ads to customers’ social media feeds, namely Instagram and Facebook. 

Brilliant Earth must share more identifiable information, such as name and email, with Extend when a customer purchases a product protection plan. Whether it’s Extend or another third-party service provider, Brilliant Earth “contractually prohibits them from retaining, using, or disclosing information about you for any purpose other than performing the services for us.”

CB2: Include terms of use at SMS opt-in touchpoint

CB2 is an online retailer of home furnishings. It uses SMS notifications for exclusive offers, cross-selling, and upsells. With spam calls so rampant, CB2 lets customers know at registration how it plans to use their phone numbers.

At the SMS opt-in touchpoint, CB2 mentions that it will only send promotional and marketing messages and provides links to its longer privacy policy. It also requires customers to agree to these terms before signing up.

CB2 SMS sign-up form
Image source

In a nod to personalization, CB2 lets customers select which brand messages they’d like to receive (CB2, Crate & Barrel, or Crate & Kids).

In-SMS personalization flow
Image source: Private text

When the SMS confirmation arrives, it clearly states how customers can opt out of messages in the future.

According to marketing automation platform Klaviyo, email campaigns had a 1.42% average click rate in Q1 2022. SMS campaigns had an 8.33% average click rate during the same time period.

Increase conversions with responsible ecommerce personalization

Reassuring customers about data privacy might cost them an extra click or two. But in the long run, it safeguards your ecommerce personalization strategy. 

By staying up to date with evolving privacy regulations, you can give new and returning customers the experience they want. With this extra peace of mind, customer engagement with your brand is more likely to lead to your ultimate goals: fuller shopping carts and better retention.

To learn more about how Extend protects customer information related to product protection plan claims, get in touch with a specialist.
Aaron Sullivan
Aaron Sullivan is senior content marketing manager at Extend. He specializes in writing about e-commerce, finance, entertainment, and beer.

Our latest articles