Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Pushnami is a US based web push notification SaaS. Its JavaScript SDK registers visitors via a service worker, sets first-party tracking cookies and transmits event data to Pushnami servers.
Pushnami is a US based marketing platform specialised in web and mobile push notifications and email. Its JavaScript SDK installs a service worker on the visitor''s browser, requests permission to send push notifications and links each subscription to a Pushnami subscriber profile.
Pushnami sets first-party cookies to identify subscribers and correlate event data, plus a service worker that runs in the background to receive push messages. The SDK sends subscription tokens, IP addresses, device fingerprints and click events to Pushnami servers.
Subscription data, IP addresses and events are stored on Pushnami infrastructure hosted on AWS in the United States. Push messages are delivered through Google FCM, Apple APNs and Mozilla autopush, each governed by its own privacy policy.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Two layers of consent apply. The first is the cookie and tracking consent under the ePrivacy Directive before the SDK is loaded. The second is the explicit browser permission required to send push notifications under Article 6(1)(a) GDPR.
Block the Pushnami SDK before CMP consent, only prompt for push permission after the user shows clear interest, sign a DPA with Pushnami, document Standard Contractual Clauses, and provide an easy unsubscribe path that revokes both the cookie and the browser permission.
Websites using Pushnami must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended because Pushnami combines persistent identification of subscribers, behavioural tracking through push events and transfer of personal data to the United States. Document the lawful basis, retention and revocation procedures.
Sample consent text
We would like to send you push notifications using Pushnami, a US provider that will store your subscription token, IP address and interaction events. Do you consent to receive notifications and to this data transfer?
Third-party domains contacted
pushnami.comapi.pushnami.comcdn.pushnami.comwebpush.pushnami.comfcm.googleapis.comupdates.push.services.mozilla.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| pnm_subscriber_id | marketing | 1 year | Persistent identifier that links the visitor to a Pushnami subscriber profile for targeting and event attribution |
| pnm_session | marketing | Session | Session identifier used to correlate page views, prompt impressions and subscription events within a single visit |
| pnm_prompt_state | functional | 30 days | Stores whether the visitor has already been shown the push opt in prompt to avoid prompting again too soon |
| pnm_uid | marketing | 1 year | Pushnami cross site identifier used for audience segmentation and analytics across publishers |
| pnm_consent | necessary | 6 months | Stores the user choice on the Pushnami opt in prompt so the SDK respects the decision on later visits |
Pushnami places tracking cookies for advertising — comply with GDPR using FlowConsent.
Pushnami sets first-party cookies that contain a subscriber identifier, a session identifier and attribution information. The SDK also installs a service worker that runs in the background, plus IndexedDB and localStorage entries used to manage the push subscription state.
Yes. Prior consent is required under the ePrivacy Directive before placing the Pushnami cookies and SDK, and the browser push permission is a separate explicit opt-in. Loading the SDK without consent has been sanctioned by several EU regulators.
Consent under Article 6(1)(a) GDPR is the appropriate basis because Pushnami stores a persistent identifier and sends marketing communications. Legitimate interest is not a valid basis for the cookies or for sending push notifications.
Yes. Subscription tokens, IP addresses and click events are stored in the United States on AWS. Pushnami relies on Standard Contractual Clauses and, where applicable, on the EU US Data Privacy Framework to legitimise the transfer.
A DPIA is recommended because Pushnami combines persistent identification of subscribers, behavioural tracking through push interactions and transfer to the United States. Many EU authorities consider these criteria sufficient to require an assessment.
Block the SDK until the user gives CMP consent, trigger the browser push prompt only after a clear interaction, sign the Pushnami DPA, document SCCs, retain subscriber data only as long as needed and provide a simple unsubscribe path.
Self-hosted web push solutions such as web-push-php, Gauntface web push or Wonderpush (France) and Notifia (EU) provide push functionality with EU data residency. Native browser push without a third party SaaS is also a strong privacy first option.
List the Pushnami cookies and the service worker, explain that subscription data and click events are processed in the United States, name the SCCs as transfer safeguard and provide instructions for revoking push permission in the browser.