DEVDOCS-6540 - Add consent management to catalyst docs

docs/storefront/catalyst/reference/security.mdx

@@ -1,6 +1,6 @@
-# Security
+# Privacy and Security
 
-Since Catalyst is optimized for production ecommerce sites utilizing BigCommerce, it benefits from the security standards of BigCommerce's platform in addition to the implementation of strong best practices for the Next.js framework.
+Since Catalyst is optimized for production ecommerce sites utilizing BigCommerce, it benefits from the privacy and security standards of BigCommerce's platform in addition to the implementation of strong best practices for the Next.js framework.
 
 ## BigCommerce certifications
 
@@ -42,13 +42,54 @@ Catalyst implements a default Content Security Policy (CSP), which can be extend
 
 You can customize your CSP policy in the codebase [here](https://github.com/bigcommerce/catalyst/blob/main/core/lib/content-security-policy.ts#L10).
 
+## Consent Management
+
+<Callout type='info'>
+	Cookie consent tracking is available in Catalyst v1.3.0+. To upgrade, follow
+	the instructions in our [Getting
+	Started](/docs/storefront/catalyst/getting-started/versioning#how-to-handle-updates)
+	guide.
+</Callout>
+
+<Callout type='warning'>
+	Catalyst does not store shopper preferences for cookie consent tracking. In
+	the chance that cookies are cleared on the shopper's browser, the consent
+	banner will be displayed again.
+</Callout>
+
+Catalyst utilizes the [c15t.com](https://c15t.com) consent management library under the hood to manage shopper privacy preferences when it comes to cookies and data collection. This provides a comprehensive solution for General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other privacy regulation compliance.
+
+The consent manager is fully integrated with BigCommerce's Script Manager, ensuring that all analytics and marketing scripts respect shopper consent preferences. When cookie consent is enabled in your channel storefront settings, Catalyst will automatically manage which scripts load based on the shopper's selections—essential and unknown scripts always load, while analytics, functional, and targeting scripts only run once consent is granted.
+This integration ensures a consistent privacy experience across Catalyst and Stencil storefronts, maintaining feature parity in how consent-aware scripts are loaded and categorized.
+
+BigCommerce's consent categories are automatically mapped to c15t's standardized ones, so existing Storefront Script configurations continue to work without modification.
+
+<Callout type='info'>
+	At this time, the `scriptLoader` feature of c15t does not support script
+	location (e.g., explicitly indicating whether scripts should be placed in
+	&lt;head&gt;/&lt;body&gt;). We're collaborating closely with the c15t team to
+	extend support; if your storefront relies on specific script placement or
+	privacy handling use cases, we'd love to hear your feedback as we refine this
+	integration further.
+</Callout>
+
+### Enabling Cookie Consent Tracking
+
+To enable cookie consent tracking in your Catalyst storefront:
+
+1. Navigate to your BigCommerce Store [Security Settings](https://login.bigcommerce.com/deep-links/manage/settings/security).
+2. Scroll down to **Your customers' privacy** and enable **Cookie consent tracking**.
+
+Once enabled, shoppers will see a consent banner that allows them to manage their privacy preferences for different types of cookies and data collection activities. You can learn more about how BigCommerce handles consent tracking [here](https://support.bigcommerce.com/s/article/Implementing-CCPA-with-BigCommerce?language=en_US#settings).
+
+![Consent Banner](https://storage.googleapis.com/bigcommerce-production-dev-center/images/catalyst/reference/consent-manager.png)
+
 ## Framework benefits
 
 ### Next.js security record
 
 The Next.js framework used by Catalyst has a solid track record of security, aided by hundreds of active contributors, including a consistently high [package health score](https://snyk.io/advisor/npm-package/next) as reported by Snyk.
 
-
 ### Industry adoption
 
 You're in good company! Next.js is trusted by many companies handling millions of users and sensitive data across various sectors, including commerce, ticketing, and media. Explore some of these use cases [here](https://nextjs.org/showcase).