Keep-customer swarm · Push-notification-marketing agent · Build pillar · Published July 12, 2026

How to build push notification marketing for multi-brand DTC subscription operators

A multi-brand DTC subscription operator running 5-15 brands and 200,000 active mobile-app subscribers wants to send push notifications across iOS APNs + Android FCM + web push VAPID. The exposure is sharp: iOS UNUserNotificationCenter explicit opt-in (since iOS 10) + Android 13+ POST_NOTIFICATIONS runtime permission + Web Push VAPID consent + Apple App Tracking Transparency ATT + App Store Review Guideline 4.5.4 + Google Play Developer Policy + FTC Click-to-Cancel when push attached to save-flow + ROSCA + per-state UDAP. This guide walks the 4-skill bundle (Token + Audience + Compose + Audit) end-to-end.

Start Tier 1 AI Readiness Assessment See Tier 3 Fractional CMO with AI Swarm Take the 3-question fit quiz

The 4-skill bundle on the push-notification-marketing agent

Token

Maintain per-subscriber per-platform push token lifecycle. iOS APNs token with iOS 10+ explicit UNUserNotificationCenter permission state (granted + denied + provisional + ephemeral + revoked). Android FCM token with Android 13+ POST_NOTIFICATIONS runtime permission state. Web Push VAPID token with browser Notification API consent state. Huawei HMS + Amazon ADM + Windows WNS where applicable. Per-token Apple ATT consent state for tracking-based targeting (since iOS 14.5). Per-token registration + refresh + revocation events. Per-token locale + timezone + OS version + app version pointer. Invalid-token cleanup from per -platform feedback channel (APNs feedback + FCM canonical IDs + VAPID 410 Gone responses).

Audience

Resolve per-push eligible token pool from operator -counsel-approved segmentation: subscription state from sibling #526 subscriber-lifecycle cadence + cancellation -reason cluster from sibling #514 + save-flow eligibility from sibling #518 + offer eligibility from sibling #522 + RFM + lifecycle stage. Per-platform consent state checked at every query: iOS ATT denial suppresses tracking-based targeting; Android 13 POST_NOTIFICATIONS denial suppresses regardless of segment match; Web Push VAPID revocation suppresses; invalid-token state suppresses. Per-state quiet hours and per-jurisdiction consent regime applied. Suppression list (CCPA + CPRA + GDPR + CASL DSAR suppression + bankruptcy + deceased + fraud flag).

Compose

Generate per-push content (title + body + deep link + image) via multi-LLM ensemble (OpenAI + Anthropic + Google + Mistral + Cohere) grounded in brand voice spec + claims allowlist (sibling #496) + forbidden -phrase library (sibling #507) + per-vertical compliance overlay (sibling #516) where vertical requires. Per-platform character limits (iOS APNs title 40 + body 178 with truncation; Android FCM title 65 + body 240; Web Push title 50 + body 200) enforced via grammar-constrained decoding. Per-vendor LLM zero -retention verified per call. AI-drafted content routes through sibling #520 borderline routing before send. App Store Review Guideline 4.5.4 + Google Play Developer Policy check (no deceptive title + no misleading content + no required-for-functionality framing).

Audit

Per-push canonical record (push ID + subscriber tokenized + platform + token state pointer + ATT consent pointer for tracking-based + Audience eligible -pool resolution + Compose decision + AI-drafted vs operator-counsel template + per-vendor LLM zero -retention verification + Send delivery receipt + per -platform error code + per-rule citation + sibling -handoff pointer to #514 + #518 + #520 + #522 + #526). WORM storage. Per-push record retains for FTC Click -to-Cancel review + ROSCA review + Endorsement Guides + Fake Review Rule + state-AG enforcement + Apple App Store + Google Play Store review + EU AI Act Article 22 supervisory authority + audit committee + external counsel review.

The real ecosystem this sits above

Push providers + native APIs

OneSignal, Airship, Braze, Iterable, CleverTap, MoEngage, WonderPush, PushEngage, Pushwoosh, Notix, Aimtell, Truepush, Twilio Notify push platforms. Apple Push Notification Service (APNs), Google Firebase Cloud Messaging (FCM), Web Push API (VAPID), Huawei HMS, Amazon Device Messaging (ADM), Windows Notification Service (WNS) native APIs.

Subscription billing + lifecycle

Recharge, Bold Subscriptions, Loop Subscriptions, Skio, OrderGroove, Smartrr, Stay AI, Chargebee, Stripe Billing, Recurly, Zuora, Maxio subscription billing. Sibling #526 subscriber-lifecycle cadence + #514 cancellation-reason cluster + #518 save-flow propensity + #522 save-offer library feed Audience resolution.

LLM + policy + WORM

OpenAI, Anthropic, Google, Mistral, Cohere LLM under per-vendor zero-retention. Sibling #496 + #507 + #516 + #520. OPA Rego + AWS Cedar + Casbin + Cerbos + Oso + Styra DAS + Permit.io policy-as-code for per -platform consent + per-jurisdiction regime enforcement. AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM for Audit.

The 5-anchor compliance overlay

Anchor 1 — Per-platform consent posture (iOS UNUserNotificationCenter + Android 13 POST_NOTIFICATIONS + Web Push VAPID + Apple ATT) + App Store + Google Play policy (operationally distinctive)

iOS UNUserNotificationCenter explicit opt-in (since iOS 10, 2016). Android 13+ POST_NOTIFICATIONS runtime permission (since API 33, August 2022). Web Push API VAPID consent. Apple App Tracking Transparency ATT (since iOS 14.5, April 2021) for tracking-based targeting. Apple App Store Review Guideline 4.5.4 push notifications (must not be required for app functionality, must be opt-in, abuse for promotional content unrelated to app value is prohibited). Google Play Developer Policy push notifications (deceptive notifications + ad-format misuse prohibited). Per -platform editorial enforcement is App Store + Play Store removal. Operationally distinctive frame: Token resolves consent state per platform per subscriber + Audience suppresses tokens with denied/revoked/invalid state at query time + Compose respects per-platform character limits + content policy.

Anchor 2 — FTC Click-to-Cancel + multi-state ARL + Massachusetts AG v Sirius XM + ROSCA (push attached to save-flow)

FTC Click-to-Cancel Rule 16 CFR Part 425 + multi-state Automatic Renewal Laws (California Bus and Prof Code 17600-17606 + NY GBL 527-a + Vermont Act 110 + Colorado HB 21-1239 + Illinois ARL HB 4422 + Hawaii Act 218 + 6 additional state ARL statutes) + Massachusetts AG v Sirius XM 2017 $3.8M settlement + FTC negative-option ROSCA enforcement. Push attached to save-flow (sibling #518) directly intersects ROSCA scope. Per-push ROSCA review at Compose where push surfaces save-flow CTA.

Anchor 3 — FTC Section 5 + substantiation + Endorsement Guides + Fake Review Rule + per-state UDAP + pricing disclosure + TILA

FTC Section 5 + FTC substantiation doctrine (Pfizer 1972 reasonable-basis) when push attaches claims + FTC Endorsement Guides 16 CFR Part 255 (2023 AI -content) when push uses testimonial + FTC Fake Review Rule 16 CFR Part 465 (October 2024) when push surfaces with social proof + per-state UDAP + per-state pricing -and-discount disclosure when push contains offer (regular price vs sale price + duration + auto-renewal disclosure) + Truth in Lending Act when push reframes payment terms (BNPL integration).

Anchor 4 — CAN-SPAM + CASL + GDPR + CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + COPPA

CAN-SPAM 15 USC 7701 when push includes commercial content. CASL 2013 when sending to Canadian recipients. GDPR Article 6(1)(a) consent legal basis + Article 7 conditions for consent + Article 21 right to object + Recital 47 legitimate-interest balancing. CCPA + CPRA + 17-state-comprehensive-privacy + Washington My Health My Data Act 2024 when push scope intersects health + COPPA 15 USC 6501 when minors-scope + DSAR overlay across per-push substrate.

Anchor 5 — EU AI Act Article 50 + 13 + 14 + 15 + 22 + NIST AI RMF + ISO 42001 + per-vendor LLM zero-retention

EU AI Act Article 50 transparency for AI-generated content when push content is AI-drafted + Article 13 transparency + Article 14 human oversight + Article 15 accuracy + Article 22 transparency of automated decision-making when Audience resolution uses ML producing legal or similarly significant effects + Article 26 deployer obligations. NIST AI RMF Govern + Map + Measure + Manage. ISO 42001 AI Management System. Per-vendor LLM zero-retention posture verified per call.

The 6-workstream pre-engagement-baseline reporting cycle

Completions does not commit to numeric open-rate or engagement-rate targets before engagement scope is documented. The Q6 pre-engagement-baseline reporting cycle covers the six workstreams that ship in every engagement.

Token coverage. Per-platform token lifecycle (iOS APNs + Android FCM + Web Push VAPID + Huawei HMS + Amazon ADM + Windows WNS) + per-token permission state freshness + per-token ATT consent state + invalid-token cleanup cadence.
Audience quality. Per-segment eligibility rule + sibling-handoff freshness (#514 + #518 + #522 + #526) + per-platform consent suppression + per-state quiet-hours + per-jurisdiction regime + suppression list freshness.
Compose quality. Multi-LLM ensemble freshness + per-vendor LLM zero-retention verification + brand voice spec + claims allowlist (#496) + forbidden -phrase library (#507) + per-platform character limit enforcement + App Store + Google Play policy check + sibling #520 borderline routing integration.
Audit quality. Per-push canonical record completeness + WORM storage posture + sibling-handoff pointer freshness.
Compliance posture. Per-platform consent posture (iOS + Android 13 + Web Push VAPID + Apple ATT) + App Store Review Guidelines 4.5.4 + Google Play Developer Policy + FTC Click-to-Cancel + multi-state ARL + Massachusetts AG v Sirius XM + ROSCA + FTC Section 5 + substantiation + Endorsement Guides + Fake Review Rule + per-state UDAP + pricing disclosure + TILA + CAN-SPAM + CASL + GDPR Article 6(1)(a) + 7 + 21 + Recital 47 + CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + COPPA + EU AI Act Article 50 + 13 + 14 + 15 + 22 + 26 + NIST AI RMF + ISO 42001 + per-vendor LLM zero-retention freshness.
Audit-trail completeness. Per-Token + per-Audience + per-Compose + per-Audit canonical record retention in versioned-history substrate readable by FTC Click-to-Cancel review + ROSCA review + state-AG enforcement + Apple App Store + Google Play Store review + EU supervisory authority + audit committee.

Frequently asked questions

What problem does push notification marketing solve for a multi-brand DTC subscription operator?

A multi-brand DTC subscription operator running 5-15 brands and 200,000 active mobile-app subscribers sends push notifications across iOS APNs, Android FCM, web push VAPID, and the smaller platforms (Huawei HMS for HMS markets, Amazon ADM for Fire devices, Windows WNS where applicable) to drive re-engagement, surface offers, recover at-risk subscribers, and signal lifecycle transitions. Naive push tooling treats push as a free broadcast and triggers Apple App Store Review Guideline 4.5.4 issues (push must not be required for app functionality and must be opt-in), Google Play Developer Policy violations (deceptive notifications + ad-format misuse), Apple App Tracking Transparency (ATT) failures when push targeting uses tracked identifiers without ATT consent, and FTC Click-to-Cancel + ROSCA exposure when push is part of a save-flow on a subscription. The skill ships the substrate that resolves per-platform consent posture, threads per-subscriber lifecycle state (sibling #526), and routes per-push send through operator-counsel-approved policy-as-code.

What is the 4-skill bundle and what does each skill do?

Token maintains per-subscriber per-platform push token lifecycle: iOS APNs token (with iOS 10+ explicit UNUserNotificationCenter permission), Android FCM token (with Android 13+ POST_NOTIFICATIONS runtime permission), web push VAPID token, Huawei HMS, Amazon ADM, Windows WNS. Per-token registration + refresh + revocation events. Per-token notification permission state (granted + denied + provisional + ephemeral + revoked). Per-token Apple ATT consent state for tracking-based targeting. Per-token locale + timezone + OS version + app version pointer. Audience resolves per-push eligible token pool from operator-counsel-approved segmentation (subscription state from sibling #526 + cancellation-reason cluster from sibling #514 + save-flow eligibility from sibling #518 + offer eligibility from sibling #522 + RFM + lifecycle stage). Per-platform consent state and per-state quiet hours respected. Suppression list applied (CCPA + CPRA + GDPR + CASL DSAR suppression + bankruptcy + deceased + fraud flag). Compose generates per-push content (title + body + deep link + image) via multi-LLM ensemble grounded in brand voice + claims allowlist (sibling #496) + forbidden-phrase library (sibling #507). Per-vendor LLM zero-retention verified. AI-drafted content routes through sibling #520 borderline routing before send. Audit retains per-push canonical record for FTC Click-to-Cancel + ROSCA + Endorsement Guides + state-AG enforcement + Apple App Store + Google Play Store review + EU AI Act Article 22 supervisory authority.

Why is per-platform consent posture (iOS UNUserNotificationCenter + Android 13 POST_NOTIFICATIONS + Web Push VAPID + Apple ATT) the operationally distinctive anchor for this skill?

Mobile push consent posture is platform-specific and the rules differ. iOS has required explicit UNUserNotificationCenter permission since iOS 10 (2016); the OS denies the app the ability to send notifications without granted permission, and Apple App Store Review Guideline 4.5.4 prohibits push that is required for app functionality + prohibits push abuse for promotional content unrelated to the app value. Android 13 (API 33, released August 2022) introduced runtime POST_NOTIFICATIONS permission; previously notifications were granted by default but the new requirement broke many apps that did not request the permission. Web Push API requires explicit Notification API + Push API consent backed by VAPID (Voluntary Application Server Identification). Apple App Tracking Transparency (ATT) was introduced iOS 14.5 (April 2021) and requires explicit user consent for tracking-based targeting, including push targeting that uses cross-app identifiers. Operationally distinctive frame: Token resolves the consent state per platform per subscriber at every Audience query so a push that is eligible on iOS is suppressed on Android when POST_NOTIFICATIONS is not granted, web push is suppressed when VAPID consent has been revoked, and ATT-tracked targeting is suppressed when ATT consent is denied. A push engine that does not encode per-platform consent posture triggers App Store + Google Play removals and downstream Apple ATT enforcement.

What real regulatory and standards-body hooks does the compliance overlay anchor on?

Anchor 1 is per-platform consent posture: iOS UNUserNotificationCenter explicit opt-in (since iOS 10, 2016) + Android 13+ POST_NOTIFICATIONS runtime permission (since API 33, August 2022) + Web Push API VAPID consent + Apple App Tracking Transparency ATT (since iOS 14.5, April 2021) + Apple App Store Review Guideline 4.5.4 push notifications + Google Play Developer Policy push notifications + per-platform editorial policy enforcement (App Store removal + Play Store removal). Anchor 2 is FTC Click-to-Cancel Rule 16 CFR Part 425 + multi-state Automatic Renewal Laws (California Bus and Prof Code 17600-17606 + NY GBL 527-a + VT Act 110 + CO HB 21-1239 + IL HB 4422 + HI Act 218 + 6 additional state ARL statutes) + Massachusetts AG v Sirius XM 2017 + FTC negative-option ROSCA enforcement (push attached to save-flow intersects ROSCA scope) + FTC Section 5 + FTC substantiation (Pfizer 1972 reasonable-basis) when push attaches claims + FTC Endorsement Guides 16 CFR Part 255 (2023 AI-content) when push uses testimonial + FTC Fake Review Rule 16 CFR Part 465 (Oct 2024) when push surfaces with social proof. Anchor 3 is CAN-SPAM 15 USC 7701 when push includes commercial content + CASL 2013 when sending to Canadian recipients + GDPR Article 6(1)(a) consent legal basis + Article 7 conditions for consent + Article 21 right to object + Recital 47 + per-state UDAP + per-state pricing-and-discount disclosure when push contains offer + Truth in Lending Act when push reframes payment terms. Anchor 4 is CCPA + CPRA + state-comprehensive-privacy (17 states enumerated) + GDPR + Washington My Health My Data Act 2024 when push scope intersects health + COPPA 15 USC 6501 when minors-scope + DSAR overlay across per-push substrate. Anchor 5 is EU AI Act Article 50 transparency for AI-generated content when push content is AI-drafted + Article 13 + Article 14 human oversight + Article 15 accuracy + Article 22 transparency of automated decision-making when Audience resolution uses ML producing legal or similarly significant effects + Article 26 deployer obligations + NIST AI RMF + ISO 42001 + per-vendor LLM zero-retention.

How does Audience prevent Apple ATT or Android 13 POST_NOTIFICATIONS surprise suppression?

Audience resolves per-push eligible token pool against the per-platform consent state recorded by Token. A subscriber who registered an iOS token in 2019 but updated to iOS 14.5+ has a separate ATT consent state that must be queried; ATT-denied targeting is suppressed at Audience time so the push never reaches the send pipeline. A subscriber who installed an Android 13+ app build but did not grant POST_NOTIFICATIONS has a denied notification permission state; Audience suppresses regardless of segment match. A subscriber whose web push VAPID consent was revoked via browser settings has a revoked state; Audience suppresses. A subscriber on a device that registered a token but uninstalled the app has an invalid token state surfaced by the per-platform feedback channel (APNs feedback + FCM canonical IDs + VAPID 410 Gone responses); Token cleans these up so Audience does not waste send budget. Per-state quiet hours are applied via sibling #515 multi-location SMS broadcast engine pattern (CTIA defaults plus state-specific overrides such as Florida 8 AM to 8 PM weekend restriction).

What does Completions ship and how does an engagement start?

Completions ships the push-notification-marketing agent + 4-skill bundle (Token + Audience + Compose + Audit) + 5-anchor compliance overlay (per-platform consent posture (iOS + Android 13 + Web Push VAPID + Apple ATT) + App Store Review Guidelines 4.5.4 + Google Play Developer Policy + FTC Click-to-Cancel + multi-state ARL + Massachusetts AG v Sirius XM + ROSCA + FTC Section 5 + substantiation + Endorsement Guides + Fake Review Rule + CAN-SPAM + CASL + GDPR Article 6(1)(a) + 7 + 21 + per-state UDAP + pricing-and-discount disclosure + TILA + CCPA + CPRA + state-comprehensive-privacy + WA MHMDA + COPPA + EU AI Act Article 50 + 13 + 14 + 15 + 22 + 26 + NIST AI RMF + ISO 42001 + per-vendor LLM zero-retention) + the Q6 6-workstream pre-engagement-baseline reporting cycle. Tier 1 AI Readiness Assessment ($10k, 2-3 weeks) audits the current push posture against per-platform consent + App Store + Google Play policy + FTC + state-AG scope. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded) runs the push-notification-marketing agent on the operator subscription-billing + push-provider + lifecycle stack on an ongoing basis.

Engage Completions on the push-notification-marketing agent

Tier 1 AI Readiness Assessment ($10k, 2-3 weeks) audits the current push posture against per-platform consent + App Store + Google Play policy + FTC + state-AG scope. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded) runs the push-notification -marketing agent on the operator subscription-billing + push-provider + lifecycle stack on an ongoing basis.