Braze

Braze

Customer engagement platform for mobile-first marketing automation across push, email, SMS, and in-app channels. The Braze SDK tracks user events and attributes for segmentation and campaign targeting. On web, it manages push notification permissions and fires behavioral analytics events.

Back to Vendor Library

Overview

Braze is a customer engagement and marketing automation platform used by mobile-first companies to orchestrate cross-channel messaging across push notifications, email, SMS, in-app messages, and in-browser messaging. Its web SDK instruments user behavior on websites to power segmentation, personalization, and automated campaign delivery.

What This Script Does

SDK Initialization and Identity The Braze Web SDK loads from js.appboycdn.com (Braze's CDN) or from a first-party domain configured by the operator. On initialization, the SDK:

  • Assigns an anonymous device identifier stored in localStorage (ab.device_id) to identify the browser before a user logs in
  • Contacts sdk.iad-01.braze.com (or regional endpoint) to register the device and sync the user profile
  • Receives configuration and feature flags from Braze's servers

Event Tracking and Behavioral Data Collection The SDK instruments user behavior and sends events to Braze's servers for segmentation and campaign triggering:

  • Page view events: URL, referrer, timestamp
  • Custom events: any events the developer fires using braze.logCustomEvent() — e.g., "product_viewed", "checkout_started", "video_played"
  • Purchase events: product ID, price, currency, quantity — logged via braze.logPurchase()
  • User attribute updates: name, email, phone, gender, date of birth, custom attributes — set via braze.getUser().setEmail() etc.
  • Session start and session end events with session duration

In-App Messaging and Content Cards When an in-app message or Content Card campaign is triggered:

  • Braze's servers push message content (text, image URL, CTA URL) to the SDK
  • The SDK renders the message in the browser (modal, slideup, or fullscreen overlay)
  • Impression and click events are sent back to Braze for campaign analytics

Push Notification Management The web SDK can request browser push notification permission and register a service worker for Web Push:

  • The service worker registers with the browser's push notification service (FCM for Chrome, APNS web push for Safari)
  • A push subscription token is stored in Braze's user profile
  • Push notification opt-in/out events are logged as user attributes
  • Contacts sdk.iad-01.braze.com to transmit push subscription tokens

Connected Content and Personalization Braze can trigger real-time API calls to the operator's backend at message send time to personalize content, but this is a server-side feature with no direct client-side privacy impact.

Cookies and Storage:

  • ab.storage.deviceId.{app_id} (localStorage, persistent) — unique device identifier
  • ab.storage.userId.{app_id} (localStorage, persistent) — authenticated user ID once logged in
  • ab.storage.sessionId.{app_id} (localStorage, 30 minutes) — session identifier
  • ab.storage.messagingSessionStart.{app_id} (sessionStorage, session) — messaging session start
  • ab.optOut (localStorage, persistent) — opt-out flag for users who have opted out of Braze tracking

Domains contacted: js.appboycdn.com, sdk.iad-01.braze.com (US cluster), sdk.fra-01.braze.eu (EU cluster), push.api.iad-01.braze.com

Data collected per session: Device ID, session ID, page URL, referrer, custom events with properties, purchase events with revenue data, user attributes (when set by the developer), push subscription status, in-app message impressions and clicks.

Consent & Compliance

GDPR/ePrivacy: Braze performs behavioral profiling for marketing automation — collecting user events, building audience segments, and triggering targeted messaging campaigns. This requires explicit opt-in consent under GDPR Article 7. The persistent device and user identifiers stored in localStorage constitute the setting of non-essential tracking storage under ePrivacy, requiring consent. Push notification permission is a separate consent signal collected via the browser's native permission prompt, but GDPR consent for data processing must be obtained separately before the SDK fires events. Braze offers an EU data residency option (sdk.fra-01.braze.eu) for operators requiring data to remain within the EU.

CCPA/CPRA: Braze's behavioral data collection for marketing segmentation and campaign targeting constitutes personal information. Braze processes data as a service provider under CCPA. Sites must disclose Braze in their privacy policy and honor opt-out requests.

EU-US Data Transfers: Braze Inc. participates in the EU-US Data Privacy Framework (DPF) and offers Standard Contractual Clauses. The EU cluster (fra-01.braze.eu) provides an alternative for operators requiring in-EU processing.

IAB TCF: Braze is a registered IAB TCF vendor (Vendor ID 32). Purposes declared include 1 (store/access information), 3 (create personalized ad profile), 4 (select personalized ads), and 8 (measure content performance).

Consent category: Marketing (behavioral profiling and campaign automation) and Analytics (event tracking and engagement measurement).

Should You Block This Without Consent?

Yes. The Braze Web SDK tracks user behavior for marketing automation and campaign targeting from the moment it initializes. Block the SDK entirely until marketing consent is granted. Once consent is obtained, initialize the SDK and call braze.changeUser() to associate the authenticated user identity. Push notification opt-in should be requested after marketing consent is established, as a separate permission flow.

Visit website

Consent Categories

Marketing
Analytics

Also Known As

Braze SDKBraze push notificationscustomer engagement platformBraze web SDKmobile marketing automation

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (2)

js.appboycdn.comMarketing
sdk.iad-01.braze.comMarketing

Frequently Asked Questions

Do I need consent to use Braze on my website?

Yes. The Braze Web SDK tracks user behavior for marketing automation and campaign targeting from the moment it initializes, requiring explicit opt-in consent under GDPR. It stores persistent device and user identifiers in localStorage and is registered as IAB TCF Vendor ID 32. Block the SDK entirely until marketing consent is granted.

What data does Braze collect?

Braze stores ab.storage.deviceId (persistent) and ab.storage.sessionId (30-min) in localStorage. It collects page views, custom events, purchase events with revenue data, user attributes, and in-app message interactions. Data is sent to sdk.iad-01.braze.com (US) or sdk.fra-01.braze.eu (EU). Scripts load from js.appboycdn.com.

How does ConsentStack manage Braze consent?

ConsentStack classifies Braze as marketing and analytics, blocking SDK initialization until marketing consent is granted. Detected via js.appboycdn.com script loads and sdk.iad-01.braze.com requests. Once consent is obtained, ConsentStack unblocks the SDK and the site should call braze.changeUser() to link the authenticated user.

Related Vendors

Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
LinkedIn Ads
LinkedIn Ads
LinkedIn Ads is LinkedIn's advertising platform for B2B marketing and professional audience targeting. Conversion tracking scripts and pixels fire on advertiser websites to measure sign-ups, downloads, and purchases driven by LinkedIn ad campaigns. Sets cookies for audience matching, retargeting list building, and cross-device attribution reporting.

Manage consent for Braze

ConsentStack automatically detects and manages Braze trackers so your site stays compliant with global privacy regulations.

Get started free