Consents & GDPR compliance
Mobile Wallet notifications: transactional, marketing, and GDPR consent.
Mobile wallets have become powerful tools for delivering loyalty cards, tickets, coupons, and offers to smartphones. They offers lot of functionality, one of these is the capacity to surface notifications. Some notifications are contextual for example a time-based reminders or location-based “suggestions” to show a pass. Others are campaign-driven for example a promotional message to drive store traffic.
Apple Wallet come pre-installed in all iPhone, Google Wallet on Android depends on the device manufacturer: it may come pre-installed or be downloaded from the Play Store. During initial setup, just like with Apple Wallet, users must accept or decline notifications.
Because notifications can be marketing, you must manage consent. This page explains the difference between transactional and marketing notifications, and how to stay GDPR-compliant.
If you want the general feature overview (use cases, setup, and delivery mechanics), read Push notifications.
Transactional vs marketing notifications
They stem directly from a contract or membership in a loyalty program. They should be necessary to deliver the service. They are usually covered by contract performance (Terms & Conditions). No marketing opt-in is required.
Their purpose is to promote a product or service without a direct link to an existing contract. They are commercial prospecting. They typically require an explicit marketing opt-in.
A prospect who downloads a pass without subscribing is not covered by “contract execution”. Any notification received in this case is marketing outreach.
Legal basis
You need a lawful basis to send wallet notifications.
Transactional notifications typically rely on contract performance (GDPR Art. 6(1)(b)). They must be necessary to deliver the service.
Marketing notifications typically rely on consent (GDPR Art. 6(1)(a) and Art. 7). Treat them as commercial prospecting under CNIL and ePrivacy guidance. Consent must be free, specific, informed, and unambiguous. Keep proof of consent and make withdrawal easy.
Collecting consent
Collect marketing consent before you send any promotional notification. Do it at a moment that makes sense in the journey. Most teams collect it during registration via our Enrolment form. You can also collect it on the pass download landing page on your website or app.
Keep two separate choices and store them as two separate flags. One flag covers service-related messages (transactional). The other flag covers marketing messages (promotional). Do not bundle them into a single “Wallet notifications” checkbox.
In the EU, renew marketing consent at least every 3 years. You can often keep it valid if the user remains actively engaged. Examples are opening emails or making purchases.
Privacy policy and legal notices
Before you send notifications through a wallet pass, update your privacy policy and legal notices. Users should understand what will happen once they add a pass.
Make the section easy to scan:
A wallet pass can generate notifications.
What triggers notifications.
The difference between service notifications and promotional notifications.
The purposes of data processing and the use of marketing consent
How users can control notifications (global settings and per-pass).
Be explicit about how notifications work. Mention the main triggers, and how often users may receive messages.
Best practices
Use this checklist before you start sending wallet notifications at scale.
Classify every notification. Decide upfront if each use case is transactional or marketing.
Separate consent flags. Keep service notifications and marketing notifications as two independent choices.
Gate marketing sends. Send promotional notifications only when customer is opt-in.
Keep proof of consent. Store timestamp, source (web/POS/app), and privacy notice version.
Make opt-out easy. Add a “Manage preferences” link. Prefer “marketing off / service on”.
Update legal docs. Align privacy policy, legal notices, and T&Cs with your actual implementation.
Test the full journey. Validate consent capture, pass update behavior, notifications, and opt-out sync.
Wallet notifications settings
Users control notifications at two levels. They can set them globally in the global settings. They can also set them per pass. Per pass, they can toggle automatic updates and push notifications. They can also control contextual presentation. Example: auto-showing the pass on the lock screen when entering a store.
Apple Wallet notifications are triggered by pass updates. Your system updates the pass data. iOS then refreshes the pass on-device. If notifications are allowed, iOS can surface a notification.
In practice, any visible field change can trigger a notification. Typical examples are points balance changes, tier changes, or event reminders. Some brands therefore reserve a dedicated “promo” field on the pass. They update it only for marketing copy. The pass is updated, and Apple Wallet decides notification delivery.
TODO : add screenshot for single pass and replace screenshot with english version
How The Wallet Crew helps
The Wallet Crew platform is designed to support GDPR-compliant wallet notification strategies by enabling clear purpose separation, consent-aware communication, and privacy-by-design principles.
Use the Enrolment form to collect marketing consent during registration. Keep marketing and service consent as separate choices, and store proof (timestamp and privacy notice version).
The Wallet Crew acts as a data processor for wallet notification services. The brand remains responsible for determining the legal basis for processing, collecting and storing consent where required, updating privacy documentation, and handling data subject rights.
Consent-Aware Campaign Activation
Marketing notifications can be configured and triggered only for users who have provided valid consent through your own consent collection mechanisms.
The Wallet Crew does not collect consent on your behalf but enables you to:
Segment audiences based on consent status
Activate campaigns conditionally
Avoid sending promotional content to users without consent
This supports lawful processing and purpose limitation requirements.
User Control at Device Level
Wallet notifications rely on native Apple Wallet and Google Wallet mechanisms. End users can:
Disable notifications for a specific pass at any time
Remove the pass entirely from their wallet
This provides an additional layer of user control and aligns with GDPR principles around user autonomy and withdrawal of consent.
Data minimization and secure notifications
Wallet notifications work best when they reduce the amount of personal data involved, and when the delivery chain is protected end-to-end.
Wallet push notifications can operate without email addresses or phone numbers. Pass updates are linked to wallet identifiers rather than direct contact information. This supports data minimization and reduces exposure of unnecessary personal data.
The Wallet Crew also provides secure pass generation and update delivery infrastructure. It is designed to protect pass identifiers, update payloads, and notification triggers. This supports GDPR expectations around integrity and confidentiality of personal data.
Conclusion
Apple and Google both surface wallet notifications, but they don’t work the same way. They use different mechanisms, and they impose different constraints. Design your notification strategy around those constraints and your consent model.
Apple Wallet: notifications are triggered by pass updates only. There is no standalone push API, so “marketing” usually means updating a dedicated promo field.
Google Wallet: notifications can be triggered by pass updates or by Google’s notifications API. This is more flexible, but it also makes it easier to over-message, so keep pressure under control.
In both cases, treat promotional messaging as marketing. Send it only to users with an explicit opt-in, keep proof of consent, and make opt-out easy.
Wallet notifications are not only technical. They also impact legal, privacy, and operations.
Adapt contractual and privacy documents.
Define a clear strategy for collecting and managing consents and opt-outs.
Ensure users have full control over their preferences.
Verify wallet behavior end to end (updates, notifications, opt-out).
Keep the customer journey coherent across email, web, POS, and wallet.
FAQ
Do I need a marketing opt-in to send points or balance updates?
Points, balance, tier, and similar status updates are usually transactional. They are part of the service the customer joined. You usually don’t need marketing opt-in when the update is necessary.
Keep two separate choices in your systems. One covers service messages. One covers marketing messages. Never block service updates behind marketing consent.
Can I send “pure marketing” messages on Apple Wallet?
Yes, but treat it as marketing. Collect explicit opt-in first. Make opt-out easy and visible. The safest pattern is “marketing off / service on”.
Apple Wallet has no standalone push API. A notification can only happen after a pass update. Reserve a dedicated promo field. Update only that field for marketing copy.
How do I let users opt out without deleting the pass?
Add a clear “Manage preferences” link on the pass back. Point it to your preference center. Customers should be able to disable marketing and keep the pass.
Store the opt-out in your source of truth. This is usually your CRM or consent store. Stop marketing notifications after that point. Keep service updates running when they are still necessary.
What if the user installed the pass but never joined the program?
Treat them like a prospect until they complete enrolment. Installing a pass alone does not create a “contract performance” basis. Proactive promos at this stage are marketing.
Track “installed” and “enrolled” as two different states. Gate marketing sends on enrolment and opt-in. Use onboarding screens and emails instead of wallet pushes.
Does the Apple/Google notification permission prompt count as marketing consent?
No. That prompt only controls device-level notification delivery. It does not capture legal marketing consent.
Collect marketing consent separately in your own flows. Use registration or account settings. Store proof of what the customer agreed to.
What proof of consent should I store for wallet marketing?
Store evidence that stands up in an audit. Keep the timestamp and capture channel. Keep the wording shown to the customer. Also store the privacy notice version that applied.
Store withdrawal with the same rigor. Keep a timeline for consent and revocation.
Why did a wallet notification not show up on the phone?
Start with device settings. The customer may have disabled notifications globally. They may have disabled them for the pass. Focus modes can also silence alerts. They may also have removed the pass.
Then validate the trigger. On Apple Wallet, you need a pass update. You also need a visible change. On Google Wallet, delivery depends on your trigger method. It can be a pass update or the notifications API.
Last updated