Skip to main content

Legal Documents & GDPR

Quark Commerce provides legal document management and GDPR compliance features.

Legal documents (Terms of Service, Privacy Policy, etc.) are managed in the Backoffice and served to the storefront.

GET /api/storefront/documents
X-Store-Code: us-store
X-Language-Code: en

Response:

[
  {
    "id": "guid",
    "title": "Terms of Service",
    "slug": "terms-of-service",
    "type": "TermsOfService",
    "version": "1.2",
    "effectiveDate": "2026-01-01T00:00:00Z"
  },
  {
    "id": "guid",
    "title": "Privacy Policy",
    "slug": "privacy-policy",
    "type": "PrivacyPolicy",
    "version": "2.0",
    "effectiveDate": "2026-01-01T00:00:00Z"
  }
]

Get Document Content

GET /api/storefront/documents/{slug}
X-Store-Code: us-store
X-Language-Code: en

Returns the full document content (HTML) with placeholders replaced by store-specific values.

Placeholder System

Legal documents support placeholders that are automatically replaced:

PlaceholderReplaced With
{{CompanyName}}Store's company name
{{StoreName}}Store name
{{StoreUrl}}Store URL
{{ContactEmail}}Store contact email

GDPR Features

Data Export

Authenticated users can request an export of their personal data:

POST /api/storefront/gdpr/export
Authorization: Bearer <token>

Returns a JSON file containing all personal data: profile, orders, addresses, consent records.

Data Deletion

Users can request deletion of their account and associated data:

POST /api/storefront/gdpr/delete
Authorization: Bearer <token>
warning

Data deletion is irreversible. The API anonymizes personal data while preserving order records for legal/accounting requirements.

During registration or checkout, record user consent for legal documents:

POST /api/storefront/gdpr/consent
Authorization: Bearer <token>
Content-Type: application/json

{
  "documentId": "guid",
  "documentVersion": "1.2",
  "accepted": true
}
Implementation
  • Show legal document links during registration and checkout
  • Track consent with document version (so you can re-ask consent when documents are updated)
  • Provide a "My Data" page with export and deletion options