Ecommerce Customer Onboarding Checklist

Confirm only essential fields are required at signup — name, email, password. Birthday and phone should be optional or collected post-signup via the preference center. Each extra required field drops conversion. Capture a screenshot of the live form for the audit record.

Confirm the Klaviyo subscriber profile records consent source, IP, and timestamp at signup — required for GDPR/UK GDPR proof and for CCPA opt-out audits. Double opt-in should be on for EU traffic; check that the confirmation email lands in the primary inbox, not Promotions.

Check whether Postscript, Attentive, or Klaviyo SMS is collecting numbers at checkout or via popup. SMS triggers TCPA-specific consent requirements that differ from email — branch into the TCPA review step if enabled.

Express written consent must accompany every marketing-text opt-in: clear disclosure of recurring messages, message frequency, msg & data rates, and STOP/HELP keyword handling. Two-step opt-in (checkbox + confirmation reply) is the safe pattern. Class-action plaintiffs target sloppy SMS consent flows aggressively.

Trigger the welcome flow with a test profile. Check inbox placement (Gmail primary, Outlook), mobile rendering, dark-mode logo visibility, and that the first-purchase discount code is present and not expired. Litmus or Email on Acid will surface client-specific issues.

A post-signup quiz (Octane AI, Typeform, Klaviyo Forms) collects skin type, size, fit, or use-case data that powers segmentation and product recommendations. Confirm whether one is live and whether responses are syncing to Klaviyo profile properties.

Without quiz-driven segmentation, welcome flow personalization defaults to last-product-viewed only. Scope a 4-6 question quiz, identify the Klaviyo profile properties to populate, and assign a launch owner. Reference brands in the same category for question patterns.

Address-validation apps (ShipperHQ, AddressFinder, Shopify's native suggester) reduce undeliverable shipments and address-correction surcharges from carriers. Confirm autocomplete is on at checkout and that PO Box / military address handling matches your fulfillment policy.

Run a test order through Shop Pay, PayPal Express, and a stored card. Confirm the saved payment method appears in the customer's account and shortens repeat checkout. Shop Pay alone lifts repeat-purchase conversion materially when configured correctly.

CAN-SPAM requires opt-out within 10 business days. Confirm preference-center links in the email footer route to a working page, granular preferences (promotional vs. transactional vs. cadence) save correctly, and global unsubscribe propagates from Klaviyo back to Shopify customer tags.

Confirm the welcome code is single-use per customer, has an expiration window (commonly 14-30 days), excludes already-discounted SKUs, and stacks correctly (or doesn't) with cart-level promotions. Test the edge case of a customer signing up twice with different emails — duplicate-discount abuse is common.

Pull last 30-day open rate, click rate, and recovery rate on the abandoned cart sequence. Confirm send delays (1 hr / 24 hr / 48 hr is a common cadence) and that the flow checks current cart status before sending — race conditions where the customer completed checkout but still gets a 'you forgot something' email are an immediate trust breaker.

Recommendation widgets (Rebuy, LimeSpot, Shopify's native, Searchspring) drive AOV and UPT when configured against real category and behavior data. Confirm 'Frequently bought together' and 'You may also like' are not surfacing out-of-stock SKUs or items in restricted ship-to regions.

Verify begin_checkout, add_payment_info, add_shipping_info, and purchase events fire with correct revenue, currency, and item params. GA4 funnel reporting and any downstream Triple Whale or Northbeam attribution depends on these. Server-side tagging via GTM is the durable setup against iOS / browser-cookie restrictions.

Confirmation email is the most-opened email a customer gets — open rates regularly above 60%. Check that order summary, expected ship date, return-window terms, and CX contact are present. Scrub any unsubstantiated claims ('FDA approved', 'clinically proven') from product blurbs to avoid FTC exposure.

Confirm AfterShip, Wonderment, or Shopify's native shipping notifications fire on label-created, in-transit, out-for-delivery, and delivered events. WISMO ('where is my order') tickets are the largest CX volume driver — proactive tracking emails cut Gorgias volume measurably.

Time the request to land 7-14 days after delivery (not after order placement) so the customer has actually used the product. For Amazon orders, use only Amazon's 'Request a Review' button or Vine — off-platform incentivized requests violate Amazon's Buyer-Seller Messaging policy and risk account suspension.

Time cross-sell sends to the consumable's typical replenish window (e.g., 30 days for a monthly skincare SKU, 60 for a quarterly one). Suppress recipients already on an active subscription via Recharge or Smartrr to avoid pitching what they already get auto-shipped.

The CRM lead reviews findings, attaches the audit document with screenshots and metric snapshots, and logs follow-up tasks for any failed checks. File the result; the next quarterly audit will diff against this baseline.