Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
MoEngage is a global cross channel marketing automation platform (web, mobile, push, email, SMS) that profiles users across journeys and requires GDPR consent before any non essential cookie or push registration.
MoEngage is a global customer engagement and marketing automation platform headquartered in San Francisco with major engineering presence in India. It combines a customer data platform with cross channel orchestration across web push, mobile push, in app messaging, email, SMS and WhatsApp. Brands use MoEngage to build segments, score behaviour, predict churn and trigger journeys. Because the platform writes identifiers in the browser and on mobile devices, and processes a large surface of personal data, it is squarely within the scope of GDPR and ePrivacy.
The MoEngage Web SDK stores cookies and local storage entries such as moe_uuid (cross session visitor identifier), moe_visit (current visit identifier) and moe_subscription (push subscription state). On mobile, the SDK collects the device advertising ID, push token, app install events, screen views and custom attributes. Server side APIs accept events with declared identity attributes (email, phone, customer ID), revenue and lifecycle data. The platform aggregates these signals into 360 degree profiles used for segmentation and predictive models.
MoEngage is a marketing automation tool, so its identifiers are not strictly necessary. Article 5(3) of the ePrivacy Directive requires prior, freely given, specific and informed consent before any cookie, local storage entry or push registration is created. The CNIL, BfDI, AEPD and ICO are explicit on push notifications: they require an opt in distinct from the cookie consent. The legal basis under Article 6(1)(a) GDPR is consent. Profiling for behavioural marketing also calls for a DPIA.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
MoEngage offers regional clusters. European customers should select the EU (Frankfurt) cluster, which keeps primary processing in the EEA. Support and engineering access from India, Singapore and the United States is governed by Standard Contractual Clauses and a transfer impact assessment. Verify the configuration of your account, the list of authorised sub processors and the contractual residency commitment before launch.
Provision the EU cluster, block the MoEngage Web SDK in your CMP until consent is captured, and request a separate explicit opt in for push notifications. Map the service under personalisation, marketing or advertising purposes. Run a DPIA, sign SCCs covering the operational support flows from India and the US, document MoEngage in your record of processing activities and ensure the right to erasure is wired through the deletion API to all clusters and sub processors.
Websites using MoEngage must obtain user consent under GDPR regulations.
DPIA considerations
High risk DPIA recommended due to systematic cross channel profiling, push and email orchestration at scale, behavioural scoring and potential international transfers to India and the US even when the EU cluster is selected.
Sample consent text
We use MoEngage (cross channel marketing automation, global vendor with optional EU residency) which sets identifiers on your device and processes browsing and app events to personalise messages. Without your consent these identifiers are not set or read.
Third-party domains contacted
moengage.comcdn.moengage.comsdk-01.moengage.comsdk-eu-01.moengage.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| moe_uuid | first_party | 12 months | Cross session visitor identifier used to recognise returning users and link sessions to a unified profile. |
| moe_visit | first_party | session | Identifies the current visit and groups events for journey orchestration. |
| moe_subscription | first_party | 12 months | Stores the web push subscription state to manage opt in and unsubscribe events. |
| moe_attributes | first_party | 12 months | Caches custom user attributes pushed via the SDK to drive on site personalisation. |
MoEngage places tracking cookies for advertising — comply with GDPR using FlowConsent.
The MoEngage Web SDK stores cookies and localStorage entries such as moe_uuid (cross session visitor identifier), moe_visit (current visit), and moe_subscription (push subscription state). Mobile SDKs additionally collect the device advertising ID and the push token.
Yes. The MoEngage Web SDK and push registration are not strictly necessary, so Article 5(3) of the ePrivacy Directive requires prior consent. Push notifications need a separate opt in distinct from the cookie consent banner.
Article 6(1)(a) GDPR (consent) is the appropriate basis for cookies, push subscriptions, behavioural profiling and direct marketing. Legitimate interest cannot bypass the ePrivacy consent requirement, but may support purely back office analytics once consent is collected.
When the EU (Frankfurt) cluster is selected, primary processing remains in the EEA. Operational support and engineering access from India, Singapore and the US is governed by Standard Contractual Clauses and a transfer impact assessment, which must be documented in your record of processing activities.
A DPIA is strongly recommended. The processing involves systematic cross channel profiling, push and email orchestration at scale, behavioural scoring and potential international transfers, all of which trigger high risk indicators in WP29 and EDPB guidelines.
Provision the EU cluster, block the Web SDK in your CMP until consent, collect a separate explicit opt in for push notifications, classify under marketing or personalisation, run a DPIA, sign SCCs covering support flows, document MoEngage in your record of processing activities and align retention rules between the SDK, the CRM and downstream systems.
European customer engagement and marketing automation platforms include Klaviyo (US, with EU residency option), Bloomreach (Czech Republic), Brevo (France), Iterable (US), Selligent (Marigold) and Insider (Turkey, with EU cluster). For a privacy first approach, look at French publishers like Brevo or Splio.
List the MoEngage cookies (moe_uuid, moe_visit, moe_subscription), state the cross channel marketing automation purpose, mention the data processed (browsing events, app events, push tokens, declared identity), name MoEngage as processor, disclose the EU residency choice, list the SCCs for India, Singapore and US support flows, and link to the consent withdrawal mechanism.