← Resources
Product March 22, 2026 · 5 min read

Push notification privacy basics for SaaS apps

If you're adding push to a SaaS product, a few privacy decisions up front save a lot of cleanup later.

Separate the subscriber ID from the person

Use an external_id that maps to your user, but don't push PII (names, emails) into tags you don't need. The less you store on the push side, the smaller your exposure.

Make opt-out genuinely one click

Every notification should lead to an easy way to stop receiving them. A frictionless unsubscribe is better for your sender reputation than a buried setting and an annoyed user.

Encrypt credentials and tokens at rest

VAPID private keys, APNs .p8 keys, and FCM service accounts are secrets. A database leak shouldn't hand an attacker the ability to push to your users. Encrypt them.

Be clear about delivery subprocessors

Notifications physically pass through Apple, Google, and browser push endpoints. That's unavoidable for delivery — just disclose it.

Think about retention

Delivery logs are useful for debugging but don't need to live forever. Set a retention window and purge on schedule.

These defaults are baked into OpenPushAPI: encrypted credentials, auto opt-out handling, documented subprocessors, and scheduled log retention.

Ready to ship push notifications?

Create free account →