What does privacy look like when your site wants to remember people but your visitors just saw Apple talk about content blockers at WWDC and every EU site flashes a consent banner the second you land on it. Is there a way to keep personalization alive without sneaking around behind third party pixels. That is the question that keeps popping up in product chats and late night Slack threads.
Apache Unomi is my current answer when someone asks for a plan that does not feel shady.
What is Apache Unomi in plain words
Unomi is an open source customer data server incubating at Apache. Picture a central brain that lives on your side and keeps track of profiles, sessions, and events. It sits behind your domain, speaks a simple REST API, and stores data you collected with consent from your visitors and customers. No mystery beacons. No rented graphs. Your data stays yours. For teams fighting with a messy stack of tags and third party cookies, Unomi points the way back to a first party data model that is both useful and respectful.
That matters for consent, and not just for banner checkboxes.
Consent that travels with the profile
Consent is often handled like a sticky note on the frontend. Someone clicks Accept and your scripts unlock a bunch of tags. Then the trail goes cold. With Unomi, consent becomes part of the profile. You can store that this person said yes to analytics but no to email, at a given time, on a given site or app. Unomi uses the idea of scopes and properties so you can represent purposes and statuses in a way that is queryable. Your consent banner can simply call the API to record the choice, and every rule or personalization can check that choice before it runs.
No tricks. Just a clear record that you can explain to a real person.
Profiles, sessions, and events you can reason about
At the core you have a profile which represents a person, a session which represents a visit, and events like page views, form submits, product views, or purchases. Unomi gives you a first party identifier that lives under your domain. When someone logs in or confirms an email, you can merge the anonymous profile with the known one. Same person on mobile and desktop. Same person before and after the newsletter signup. You keep the story straight without shipping data off to a sketchy clearinghouse.
No creepy third party hops required.
Segments and rules that respect the line
Unomi lets you build segments using conditions like visited product page X, returning visitor, consented to personalization, country equals FR. Then you can attach rules that respond to events. A rule might add someone to a segment, send a signal to your CMS to swap a block, or push an event to your email service. The key idea is that every decision can check consent and scope first. It is not only smarter marketing. It makes your team sleep better.
Privacy by default beats apology later.
How to start without boiling the ocean
- Pick your first party data goals. Decide what you actually need to remember to help your visitor. Think product affinity, last category viewed, or newsletter topics. Skip the rest.
- Define consent types. Write down the purposes you will ask for. Analytics, personalization, email, ads. Keep the wording human and map each purpose to a property in Unomi.
- Wire your consent banner to Unomi. When someone answers, call the API to store the choice on the profile. Read from it before you run any rule.
- Send only the events you need. Start with page view and form submit. Add product view or purchase if you run commerce. Keep events small and meaningful.
- Use scopes. If you operate many sites or apps, keep data organized by scope so teams only see what they should see.
- Keep an audit trail. Store when consent changed and what triggered it. You will thank yourself during a review or a support ticket.
You can get value with two or three conditions and one segment.
Governance that is not just a policy doc
First party does not mean all you can eat. Set retention rules for events you do not need forever. Keep personal fields separate from behavioral fields. Do not store sensitive stuff that your team does not actually use. Give marketing read access to segments and traits, and keep raw data limited to the people who work on data. When you connect Unomi to other tools, prefer server side calls so you stay in control of what leaves the house. This is the boring work that makes the fun work possible.
Simple beats clever. Every time.
Why this helps SEO and content teams too
Good content wins links and shares, but it also wins when your site remembers the right things. With first party data you can keep a light touch personalization that supports your content plan. Show a different intro to a returning reader. Promote a guide related to the last category they browsed. Keep search traffic happy by loading fast and keeping third party cruft out. This week brought a lot of chatter about blockers coming to mobile Safari. Running your own profile store reduces your risk because you are not relying on a bunch of outside scripts that might get blocked or slow things down.
Trust is an SEO signal that people actually feel.
Making the case inside your company
Legal wants clarity. Show them that with Unomi you can point to a field that says this person said yes to analytics on this date and from this banner. Product wants speed. Show them a rule that swaps a block in the CMS in under a second when someone joins a segment. Marketing wants reach. Show them how segments sync to their email tool only after consent. Everyone wants fewer scripts on the page. A first party server cuts bloat by moving logic to the backend where it belongs.
Less code in the template. More control in your hands.
Where Unomi fits in your stack
Think of Unomi as the profile and consent layer. Your CMS renders content and asks Unomi for traits and segments. Your analytics tool tracks sessions but does not need to know names. Your email service receives events that already respect consent. Your data warehouse can pull from Unomi on a schedule to run deeper analysis. Unomi is not a page builder or an email designer. It is the memory that helps all of those tools act in sync without breaking trust.
Open source also means you can read the code and contribute when you hit a wall.
Reality check from the week
Between the EU cookie popups and the buzz around mobile content blockers, a lot of teams are feeling cornered. It is tempting to double down on tricks or buy one more black box. I think the smarter move is to pull closer to your visitor. Ask clearly. Store cleanly. Act only inside the choices they gave you. Apache Unomi gives a practical way to do exactly that with a model that can grow as you grow. You do not have to bet your business on someone else’s graph to show a better homepage.
Respect beats retargeting every time.