Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Airship is a mobile customer experience platform (formerly Urban Airship) offering push notifications, in app messaging, SMS, email, web push, mobile wallet and journey orchestration via native SDKs and web SDK.
Airship, formerly Urban Airship, is a mobile customer experience platform headquartered in Portland, Oregon and founded in 2009. Brands embed the Airship SDK in their iOS and Android apps and the Airship web SDK in their websites to deliver mobile push notifications, web push, in app messaging, SMS, email, mobile wallet passes for Apple Wallet and Google Wallet, Live Activities and journey orchestration across channels. Server side REST APIs allow audience segmentation, A/B testing and behavioural targeting.
The web SDK sets first party cookies such as ua_browser_id, ua_session, ua_channel_id and a family of _ua_* helpers used to identify browsers, track sessions, store the push subscription state and personalise content. Native SDKs persist a channel ID and a push token, may collect device locale, OS version, app version, install date, last open, behavioural events and optionally Apple IDFA (after App Tracking Transparency consent) or Google Advertising ID, plus precise location when location tracking is enabled.
Web push subscriptions and the cookies set by the Airship web SDK clearly fall under Art. 5(3) ePrivacy (German TDDDG section 25): they are not strictly necessary, so prior, freely given and informed consent is required. The native SDK uses persistent identifiers that, combined with behavioural events, lead to large scale profiling and cross channel tracking under the GDPR. Sensitive elements such as precise location and advertising identifiers require an additional opt in and proper purpose limitation.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Marketing push, web push and behavioural profiling rely on consent (Art. 6(1)(a) GDPR), gathered through your consent management platform before the SDK is initialised or push permission is requested. On iOS, App Tracking Transparency must be obtained before any cross app tracking via IDFA. Transactional service messages tied to a contract can sometimes rely on Art. 6(1)(b), but EDPB guidelines on the use of behavioural data still apply.
By default, Airship is hosted on AWS in the United States, so data is transferred outside the EEA under Standard Contractual Clauses with supplementary measures and the EU US Data Privacy Framework if available. Customers wanting EU only processing must explicitly purchase Airship EU (AWS Frankfurt). Practical steps: gate SDK initialisation behind consent, declare cookies and identifiers in your privacy notice, complete a DPIA, document the chosen tenancy, and align ATT and Play Data Safety declarations with what Airship actually collects.
Websites using Airship must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended. Airship combines persistent device identifiers (channel ID), push tokens, behavioural events, location (if enabled) and cross channel profiling across mobile and web, which constitutes systematic monitoring and large scale profiling under Art. 35 GDPR. Document data flows, retention, EU vs US tenancy, ATT and Play Data Safety declarations, and the lawful basis for each channel.
Sample consent text
We use Airship to send you push notifications, web push messages and personalised in app content. This relies on a persistent device identifier and your interaction data. You can accept, refuse or withdraw consent at any time without losing access to the core service.
Third-party domains contacted
airship.comurbanairship.comaswpsdkus.comaswpsdkeu.comdevice-api.urbanairship.comcombine.urbanairship.comdl.airship.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ua_browser_id | first_party | 1 year | Persistent browser identifier used by the Airship web SDK to recognise the visitor across sessions and tie web push subscriptions to a channel. |
| ua_session | first_party | Session | Session cookie used by the Airship web SDK to track the current browsing session for engagement and analytics events. |
| ua_channel_id | first_party | 1 year | Stores the Airship channel ID associated with the browser, linking the visitor to the Airship audience and message routing. |
| _ua_* | first_party | Up to 1 year | Family of helper cookies set by the Airship web SDK for in browser messaging, personalisation, A/B testing and feature flags. Exact names depend on configuration. |
| Airship channel ID (native SDK) | device_storage | Persistent until uninstall or reset | Persistent identifier stored by the native iOS or Android SDK to address the device for push, in app and audience segmentation. |
| Apple IDFA or Google Advertising ID | device_identifier | Until user resets | Optional advertising identifier collected by the native SDK when enabled and after App Tracking Transparency consent on iOS or user choice on Android, used for cross app analytics and attribution. |
Airship places tracking cookies for advertising — comply with GDPR using FlowConsent.
The Airship web SDK sets first party cookies such as ua_browser_id, ua_session, ua_channel_id and various _ua_* helpers. Native SDKs store a persistent channel ID and push token and may use Apple IDFA (with ATT) or Google Advertising ID, plus device and behavioural data.
Yes. Web push, the web SDK cookies and behavioural profiling are not strictly necessary, so prior consent is required under Art. 5(3) ePrivacy and TDDDG. On mobile, push permission and ATT must be obtained before initialising tracking via Airship.
Consent (Art. 6(1)(a) GDPR) is the lawful basis for marketing push, web push, behavioural profiling and audience segmentation. Strictly transactional service messages tied to a contract may rely on Art. 6(1)(b), but the underlying behavioural data still requires consent.
By default yes. Standard Airship tenants run on AWS in the United States, so data is transferred under SCCs, supplementary measures and the EU US Data Privacy Framework. Customers can avoid US transfers only by purchasing Airship EU, the data residency offering hosted on AWS Frankfurt.
In most cases yes. Airship enables systematic monitoring of mobile and web users, large scale behavioural profiling and potentially location tracking, which trigger the DPIA requirement under Art. 35 GDPR. Document data flows, identifiers, retention, EU vs US tenancy and consent design.
Gate SDK initialisation, web push prompts and push permission requests behind your CMP. Disable behavioural events and location tracking until consent is given. Choose Airship EU if EU data residency is required. Update privacy notice, ATT prompt copy and Play Data Safety form.
Yes. Other mobile engagement platforms include Braze, Iterable, OneSignal (US based), Pushwoosh, Batch (French, EU hosted), NotifyVisitors, MoEngage, CleverTap, Salesforce Marketing Cloud Mobile and Adobe Campaign. Batch and EU options can simplify data residency and SCC paperwork.
List the Airship web SDK cookies (ua_browser_id, ua_session, ua_channel_id, _ua_*), describe purpose (push subscription, session, personalisation), retention and recipient (Airship Inc, plus AWS US or EU). Reference Airship native SDK identifiers and ATT or Play Data Safety declarations.