AfterShip

Overview

AfterShip is a post-purchase experience platform used by thousands of e-commerce merchants worldwide. It provides branded shipment tracking pages, proactive delivery notifications, and a returns management workflow. Its JavaScript is embedded on merchant storefronts and dedicated tracking portals to render real-time parcel status and capture delivery feedback.

What This Script Does

Tracking Widget

AfterShip's embeddable tracking widget loads from aftership.com CDN assets and communicates with AfterShip's API using the merchant's public API key to retrieve shipment status by tracking number. The widget renders carrier events, estimated delivery dates, and a map visualization of parcel movement.

Returns Center Widget

For merchants using AfterShip Returns, a second script component renders the returns initiation flow. It reads order data from the page context, validates return eligibility against merchant rules, and initiates return label generation via the AfterShip Returns API.

Cookies Set

• _aftership_uid — First-party persistent cookie. Stores an anonymous visitor identifier used for session continuity on tracking pages. Duration: 1 year.
• _aftership_session — First-party session cookie. Stores the active tracking session token. Duration: session.
• aftership_lang — First-party persistent cookie. Stores the visitor's detected locale for the tracking page. Duration: 30 days.

Domains Contacted

• api2.aftership.com — AfterShip's primary REST API. Tracking and returns widget requests are sent here using the merchant's public API key.
• cdn.aftership.com — CDN serving the widget JavaScript, CSS, and localization assets.
• pusher.com — Real-time WebSocket push notifications for live tracking updates are relayed through Pusher channels.

Data Collected Per Interaction

• Tracking number entered by the visitor
• Carrier and shipment route data fetched from AfterShip's carrier aggregation layer
• Page URL and referrer of the tracking page
• Visitor IP address (used for geolocation and locale detection)
• Browser language preference
• Return reason codes and condition selections when a return is initiated
• Return shipment destination and label generation events

Consent & Compliance

GDPR / ePrivacy: AfterShip processes personal data (name, address, order ID) linked to shipment tracking on behalf of the merchant (acting as data processor). The shipment tracking itself serves a functional purpose directly requested by the end user. Session and language cookies are also functional. Because this processing is part of fulfilling a contract with the purchaser, it qualifies under GDPR Article 6(1)(b) (performance of a contract) without requiring separate consent, provided the merchant's privacy policy discloses AfterShip as a sub-processor.

CCPA / CPRA: AfterShip processes personal information (name, address, purchase details) as a service provider under a merchant-imposed data processing agreement. This does not constitute a sale under CCPA. Merchants must disclose AfterShip in their privacy policy under the service provider category.

EU-US Data Privacy Framework: AfterShip is incorporated in Hong Kong with US infrastructure. Merchants operating under GDPR should confirm appropriate transfer mechanisms (Standard Contractual Clauses) are in place via AfterShip's DPA.

Consent Category: Functional. No marketing or advertising profiling is performed by the AfterShip script.

Should You Block This Without Consent?

No. AfterShip's tracking and returns widgets are functional scripts that process data solely for delivering a service explicitly requested by the user (tracking their own order or initiating a return). They do not place advertising cookies or build behavioral profiles for third-party use. Blocking them would degrade the post-purchase experience without a consent-related justification.