GDPR Consent

The SDK supports integrator-driven consent for GDPR compliance. It does not render its own consent UI — you control the flow using your existing consent management tool (OneTrust, Cookiebot, etc.).

How It Works

1. Configure consent state — pass it to the THGVTO constructor
2. User interacts with your banner — they accept or decline
3. Update the SDK — call updateConsent() to reflect the change
4. SDK responds — generate() is blocked until photoProcessing is granted

Configuration

const vto = new THGVTO({
  consent: {
    photoProcessing: false,  // Blocks generate() until true
    photoStorage: false,     // Prevents localStorage persistence of person photo
  },
});

Both default to true when omitted.

Consent Types

| Consent | Required | Effect when false | |---------|----------|-------------------| | photoProcessing | Yes | product.generate() logs a warning and resolves with null | | photoStorage | No | Person photo ref is not persisted — user re-uploads on every page load |

Dynamic Updates

When the user accepts your consent banner:

vto.updateConsent({
  photoProcessing: true,
  photoStorage: true,
});

You can call updateConsent() with a partial object — only the fields you pass are changed.

Gating the trigger

Since generate() short-circuits without photoProcessing, it’s best to also gate the trigger element itself so the user isn’t given a no-op button:

const btn = document.getElementById('vto-trigger');

function syncTriggerState() {
  const granted = getConsent('photoProcessing');
  btn.disabled = !granted;
  btn.title = granted ? '' : 'Accept cookies to use Virtual Try-On';
}

onConsentChange(() => {
  syncTriggerState();
  vto.updateConsent({
    photoProcessing: getConsent('photoProcessing'),
    photoStorage: getConsent('photoStorage'),
  });
});

Tip

If no consent config is provided, both values default to true — integrations in markets without strict consent requirements work without any extra code.