Checklist: Deploy Attribuly Retargeting Stack (30–90 Days)
Practical 30/60/90-day checklist to deploy the Attribuly retargeting stack on Shopify—tracking, Consent Mode v2, Meta & TikTok dedup, Klaviyo flows, SLAs & KPIs.
If you run a Shopify brand and need server-side tracking, consented data collection, and fast retargeting activation, this checklist gives you a pragmatic path to go live in 30–90 days with clear acceptance criteria. We assume Stack A: Shopify + GTM server-side (sGTM) + Meta + TikTok + Klaviyo + GDPR/CCPA via Cookiebot or OneTrust. All milestones map to non‑negotiable 30/60/90 KPIs, and each item includes inputs, expected output, a test method, and an owner.
Assumptions and 30/60/90 acceptance KPIs for the Attribuly retargeting stack
Stack A: Shopify + sGTM + Meta + TikTok + Klaviyo + CMP (Cookiebot/OneTrust) respecting GDPR/CCPA.
Default onboarding model and SLA: Standard — 30‑day go‑live, business‑hours support, weekly check‑ins.
Milestone | Target KPI | Acceptance Criteria |
|---|---|---|
Day 30 | Purchase event match rate 85–90% | Meta EMQ ~8/10 for Purchase; TikTok Events API + Pixel dedup working; hashed identifiers present |
Consent opt‑in >70% | CMP banner live; Consent Mode v2 signals visible (gcs/gcd); consent-based tag firing verified | |
Day 60 | First retargeting ROAS ≥1.5 | DPA audiences live; complete server Purchase payloads (value/currency/order_id); ROAS validated in Ads Managers |
Cart abandoner list ≥2,000 | Klaviyo abandoned cart/browse flows live; list growth tracked; dynamic product blocks enabled | |
Day 90 | Blended retargeting ROAS ≥2.0 | Retargeting scaled; diagnostics clean; attribution windows aligned |
CAC ↓15% | Acquisition efficiency tracked month-over-month; redundant spend trimmed | |
Email revenue from abandoners +25% | Lift measured against pre‑onboarding baseline; flow optimization documented |
Quick prerequisites and access
Shopify: Admin access; theme or Customer Events permissions; Checkout Extensibility as applicable.
GTM: Web and Server containers created; server endpoint on verified custom subdomain (first‑party cookies); Preview access.
Platforms: Meta Business Manager + Events Manager; TikTok Ads Manager + Events; Klaviyo account with Shopify integration.
CMP: Cookiebot or OneTrust configured; categories mapped to Google Consent Mode v2; banner deployed.
Governance: Owners assigned (Marketing Ops, Engineer, Agency); weekly check‑ins scheduled; rollback plan outlined.
For server-side container setup and custom domain verification, follow trusted resources such as the Stape guides on Shopify server-side tagging and the Analytics Mania introduction to server-side tagging.
Day 0–30: Tracking, identity, and consent go-live (target: match rate 85–90%; consent opt‑in >70%)
Tracking & identity
Item | Inputs | Expected Output | Test Method | Owner | Acceptance |
|---|---|---|---|---|---|
sGTM endpoint on custom subdomain | DNS, SSL, GTM server container | First‑party cookies and stable identifier routing | sGTM Preview; DNS verification; cookie inspection | Engineer | Endpoint verified; cookies set |
Meta Pixel + CAPI hybrid with dedup | Pixel installed; CAPI via sGTM; event_id generated once | Browser + server Purchase merged (no double count) | Meta Events Manager “Received Events”; dedup flag; timing window | Engineer | Dedup confirmed on Purchase — see Meta’s guidance on the Conversions API and dataset quality |
Advanced Matching (hashed PII) | Email/phone capture; SHA‑256 hashing | Higher EMQ for Purchase (~8/10) | EMQ Diagnostics score; warnings resolved | Marketing Ops | EMQ trend ≥8/10 — according to Meta’s dataset quality scoring, hashed identifiers lift match quality |
TikTok Pixel + Events API | Pixel + server payloads with event_id | Deduped Purchase; DPA‑ready params | TikTok diagnostics; dedup warnings cleared | Engineer | Dedup stable; payload complete — TikTok’s Events API docs describe required identifiers and parameters |
Preserve click IDs (fbc/fbp; ttclid) | First‑party cookies; checkout propagation | Better match and attribution continuity | Network log checks during checkout | Engineer | IDs captured end‑to‑end |
Revenue payload completeness | value, currency, order_id on Purchase | ROAS calculable in Ads | Ads Manager validates revenue on server events | Marketing Ops | Payload fields present |
Practical primer: see the “validate multi‑touch in 30 days” process to dual‑run browser+server events and verify dedup and diagnostics using daily checks.
Consent playbook and privacy signals
Item | Inputs | Expected Output | Test Method | Owner | Acceptance |
|---|---|---|---|---|---|
CMP banner (Cookiebot/OneTrust) | CMP installed; categories defined | Visible banner; logs of consent decisions | UI check; CMP logs | Marketing Ops | Banner live, localized |
Google Consent Mode v2 wiring | Map CMP categories to ad_storage, analytics_storage, ad_user_data, ad_personalization | Consent signals propagate (gcs/gcd) to sGTM | Inspect requests; GA4 DebugView; sGTM client logs | Engineer | gcs/gcd present and respected — see Google’s Consent Mode overview and server-side implementation guidance |
Shopify Customer Privacy API sync | Read/set consent per region | Shopify scripts honor consent defaults | Theme/Customer Events test; consent states reflected | Engineer | Region logic validated — per Shopify’s Customer Privacy API documentation |
Consent-based tag firing | Suppress ad tags on deny; enable on allow | Privacy-respecting behavior | GTM Preview with varied consent states | Engineer | Tags obey consent |
Opt‑in rate tuning | Copy/UX variants; regional rules | >70% opt‑in without dark patterns | A/B CMP banner; weekly rate review | Marketing Ops | ≥70% by Day 30 |
Orientation for beginners: review the consent and identifiers starter to understand Consent Mode v2 and Shopify Customer Privacy basics.
Day 31–60: Retargeting activation and Klaviyo orchestration (target: ROAS ≥1.5; ≥2,000 abandoners)
Item | Inputs | Expected Output | Test Method | Owner | Acceptance |
|---|---|---|---|---|---|
DPA setup (Meta/TikTok) | content_ids, contents, catalog feed | Dynamic product retargeting audiences | Catalog diagnostics; audience population | Marketing Ops | Audiences populated |
High‑intent segments | ViewContent, AddToCart, InitiateCheckout | Warm audiences in Ads Managers | Events diagnostics; audience size trends | Marketing Ops | Segments > minimums |
Attribution lookback harmonization | Align windows across platforms | Consistent performance readouts | Compare attribution windows; document | Marketing Ops | Windows aligned |
Klaviyo abandoned cart flow | Shopify events; 2–4h first touch; dynamic blocks | Growing abandoner list; revenue attribution | Flow analytics; benchmarks | Marketing Ops | ≥2,000 abandoners — Klaviyo’s best practices recommend 2–4 hour first touch and subsequent sends at 24–48 hours and 3–7 days |
Dedup health checks | event_id across pixel+server | Clean diagnostics; no double counts | Weekly Events Manager review | Engineer | Dedup warnings resolved |
ROAS validation | Complete Purchase payloads | Ads ROAS ≥1.5 by Week 8 | Ads dashboards vs. Shopify revenue | Marketing Ops | ROAS threshold met |
Day 61–90: Scale, optimize, and govern (target: blended ROAS ≥2.0; CAC ↓15%; email revenue +25%)
Item | Inputs | Expected Output | Test Method | Owner | Acceptance |
|---|---|---|---|---|---|
Creative iteration & audience scaling | New creatives; broadened lookbacks | Sustained ROAS and audience growth | Creative tests; audience overlap checks | Marketing Ops | Blended ROAS ≥2.0 |
CAC reduction plan | Budget reallocation; exclude waste | Lower CAC vs. baseline | CAC trend analysis month‑over‑month | Marketing Ops | CAC ↓15% |
Email/SMS optimization | Subject lines; offers; channel mix | Higher abandoner flow revenue | Flow A/B tests; revenue lift vs. baseline | Marketing Ops | +25% revenue |
Monthly QA cadence | Diagnostics review; payload audits | Early detection of drift | EMQ, dedup, consent, payload scorecard | Engineer | KPI stability documented |
Governance & SLA adherence | Weekly check‑ins; change windows | Fewer incidents; faster recovery | Incident logs; rollback drills | Ops Lead | SLA compliance recorded |
Documentation & handoff | Playbook, owners, versions | Operable stack post‑onboarding | Repo/wiki updates; sign‑off meeting | Ops Lead | Handover complete |
Troubleshooting matrix (symptom → test → fix)
Duplicate Purchase events: Check event_id parity and time windows in Meta/TikTok diagnostics; fix by generating event_id once client‑side and passing to both pixel and server.
Low EMQ on Purchase: Confirm hashed email/phone in Pixel/CAPI; ensure Advanced Matching enabled; verify consent allows ad_user_data; see Meta’s dataset quality guidance for scoring.
Missing revenue in server events: Ensure value, currency, order_id in Purchase payloads; test via sGTM Preview and Ads Manager logs.
Lost click IDs (fbc/fbp; ttclid): Verify custom sGTM domain sets first‑party cookies; inspect checkout redirects retaining IDs; for background on privacy impacts, see the iOS 17 attribution accuracy guide.
Blocked tags under GDPR: Inspect gcs/gcd signals; confirm CMP fires before tags; map CMP categories correctly to Consent Mode v2; reference Google’s Consent Mode documentation.
Small retargeting audiences: Validate event coverage (ViewContent/AddToCart/InitiateCheckout); check DPA catalog integrity; confirm consent allows marketing.
ROAS below threshold: Diagnose audience quality, creative fatigue, missing revenue parameters; iterate creatives and ensure payload completeness.
Klaviyo list growth stalls: Confirm triggers (Added to Cart/Browse Abandon); review send‑times and dynamic product blocks; test opt‑in capture; consult Klaviyo benchmarks.
Practical example: unifying identifiers during Day‑30 onboarding
Disclosure: Attribuly is our product.
During Day‑30 onboarding, you can use Attribuly to unify Shopify, Meta, TikTok, and Klaviyo identifiers without changing your growth playbook. For instance, generate and persist a single event_id client‑side, pass it to both browser and server streams, and ensure hashed email/phone are captured where consent allows. Then validate in diagnostics: Meta’s Events Manager should show Purchase deduped with EMQ trending toward ~8/10, while TikTok’s logs confirm overlapping events are deduped. This practical workflow helps teams reach the Day‑30 targets (85–90% purchase match rate; >70% consent opt‑in) by making identity and payload checks part of daily QA rather than a one‑off task. For a pilot outline, see the multi‑touch validation guide: Validate multi‑touch attribution in 30 days.
Next steps and resources
Consent Mode v2 fundamentals and server-side implementation: review Google’s official overviews: Consent mode overview and Implement consent mode with server-side Tag Manager.
Meta match quality and dedup basics: read Meta’s dataset quality scoring and Conversions API guidance.
TikTok Events API parameters and deduplication: see TikTok’s Events API overview and Event deduplication.
Abandoned cart timing and benchmarks: check Klaviyo’s best practices.
If you’re new to consent signals and identifiers, see the platform comparison: Consent and identifiers starter for Shopify.
For getting started and self‑serve setup, visit Attribuly’s help center: Attribuly Getting Started.
Owner cadence reminder: Maintain weekly check‑ins (Standard SLA), run a monthly QA scorecard across EMQ, dedup, consent, and payload completeness, and document changes with versioned releases.