Does Firebase Cloud Messaging require disclosure in a privacy policy?

Yes. Firebase Cloud Messaging collects and processes personal data including device tokens and device identifiers, making privacy policy disclosure a legal requirement under GDPR, CCPA, and similar regulations. You must inform users that their device information is collected and explain how notifications are delivered. Failure to disclose constitutes a privacy violation.

What specific data does Firebase Cloud Messaging collect?

Firebase Cloud Messaging collects device tokens (unique identifiers for push delivery), notification delivery status and engagement metrics, device model and operating system information, and app version details. This data enables Google to route notifications to the correct device and measure delivery success rates.

Does Firebase Cloud Messaging require a cookie consent banner?

No. Firebase Cloud Messaging does not use cookies. However, you still need explicit user consent before collecting their device token and sending push notifications, which typically occurs when users opt in to notifications in your app settings. This consent should be documented in your privacy policy.

Who processes Firebase Cloud Messaging data and where is it transferred?

Google LLC, headquartered in the United States, operates Firebase Cloud Messaging as a data processor. Data is transferred to and stored on Google's servers in the US. Under GDPR, you must have a lawful mechanism (like Standard Contractual Clauses) in place to justify this US data transfer, and users must be informed of international processing.

Push Notifications

Privacy policy clauses for Firebase Cloud Messaging

Firebase Cloud Messaging is Google's push notification service that delivers targeted messages to mobile and web app users. Websites use it to send real-time notifications, alerts, and updates directly to user devices to increase engagement and communication.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Firebase Cloud Messaging collects

Your privacy policy must disclose each of the following data types when you use Firebase Cloud Messaging.

Device token

Notification delivery data

Device info

When does Firebase Cloud Messaging trigger privacy obligations?

Firebase Cloud Messaging (FCM) begins collecting data the moment you integrate its SDK into your mobile app or web application. The immediate data flows are: (1) device tokens—unique identifiers that FCM generates and stores to route notifications to specific devices; (2) device information including OS version, app version, and device model; and (3) delivery and engagement metrics showing whether notifications were delivered, opened, or dismissed.

These flows trigger GDPR Article 6 (lawful basis) and Article 13/14 (transparency) obligations if your app users are in the EU—you must establish legal grounds (typically user consent under Article 7) and provide privacy notices disclosing FCM and Google LLC as a processor. Device tokens and delivery data constitute personal data under GDPR recital 26 because they identify or relate to an identifiable person.

CCPA Section 1798.100 applies if users are California residents; device tokens and engagement data are 'personal information' triggering disclosure, opt-out, and deletion rights.

Privacy policy clauses for Firebase Cloud Messaging

What data Firebase Cloud Messaging collects

When does Firebase Cloud Messaging trigger privacy obligations?

Where data goes

Common compliance pitfalls

Failing to disclose Google LLC as a data processor

Mixing 'functional' and 'marketing' consent categories

Lacking a Data Processing Agreement (DPA) with Google

Sample privacy policy clause

What regulators look for

Frequently asked questions

Does Firebase Cloud Messaging require disclosure in a privacy policy?

What specific data does Firebase Cloud Messaging collect?

Does Firebase Cloud Messaging require a cookie consent banner?

Who processes Firebase Cloud Messaging data and where is it transferred?

Don't ship without Bandit.