From 55f80388b7f3f053dc0fbe5208ffb2632e8f08ca Mon Sep 17 00:00:00 2001
From: Charles Hudson <charles.hudson@contentful.com>
Date: Tue, 2 Jun 2026 19:59:07 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=89=20feat(consent):=20Add=20cross-SDK?=
 =?UTF-8?q?=20consent=20and=20profile-continuity=20controls=20**Summary**?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds consent-management support across the Optimization SDK Suite and documents how applications should map privacy policy decisions into SDK behavior.

- Adds split consent handling for event emission vs durable profile continuity with `consent({ events, persistence })`, while preserving boolean `consent(true | false)` as a shorthand for both.
- Exposes `states.persistenceConsent`, adds `PERSISTENCE_CONSENT_KEY`, and gates profile, anonymous ID, selected optimization, and changes persistence behind persistence consent.
- Refactors stateless Core/Node event calls behind `forRequest(...)`, so each request binds consent, profile, shared event context, and Experience options before calling `page`, `identify`, `trackView`, etc.
- Updates Web, React Web, React Native, iOS, Android, and the native JS bridge to restore profile continuity only when permitted, clear durable continuity when denied, and support split consent APIs.
- Updates hybrid Node/Web and Next.js reference implementations to use application-owned consent cookies, render baselines before consent, and persist shared anonymous IDs only when continuity consent allows it.
- Adds a cross-SDK consent concept guide and refreshes package READMEs/guides with default-on, strict opt-in, split-consent, revocation, and server/browser alignment guidance.
- Expands test coverage for consent gating, storage restore/clear behavior, request-bound stateless calls, native storage, and baseline-before-consent flows.

**Notable API/behavior changes**

- New/updated exports include `ConsentInput`, `CoreStatelessRequest`, request-scoped stateless types, `EventType`, `PERSISTENCE_CONSENT_KEY`, and `states.persistenceConsent`.
- Node/stateless direct event methods now use `forRequest(...).page()/identify()/...`.
- Core now fails closed by default; platform SDKs provide their runtime-specific pre-consent allowlists.

[[NT-3282](https://contentful.atlassian.net/browse/NT-3282)]
---
 .github/workflows/main-pipeline.yaml          |   2 +
 AGENTS.md                                     | 413 +++++++-----------
 documentation/AGENTS.md                       |  86 ++--
 documentation/concepts/README.md              |   4 +
 ...d-sdk-runtime-and-interaction-mechanics.md |  12 +-
 ...anagement-in-the-optimization-sdk-suite.md | 370 ++++++++++++++++
 .../concepts/core-state-management.md         |  49 ++-
 ...-personalization-and-variant-resolution.md |   9 +-
 ...king-in-node-and-stateless-environments.md |  94 ++--
 .../interaction-tracking-in-web-sdks.md       |  25 +-
 ...s-sdk-runtime-and-interaction-mechanics.md |  24 +-
 ...-handling-in-the-optimization-sdk-suite.md |  18 +-
 ...nchronization-between-client-and-server.md |  88 ++--
 ...tive-sdk-interaction-tracking-mechanics.md |  71 ++-
 documentation/guides/AGENTS.md                | 119 ++---
 ...t-to-analytics-and-tag-management-tools.md |   6 +-
 .../integrating-the-node-sdk-in-a-node-app.md | 175 +++++---
 ...timization-android-sdk-in-a-compose-app.md |  44 +-
 ...optimization-android-sdk-in-a-views-app.md |  40 +-
 ...e-optimization-ios-sdk-in-a-swiftui-app.md |  36 +-
 ...the-optimization-ios-sdk-in-a-uikit-app.md |  40 +-
 ...ptimization-sdk-in-a-nextjs-app-ssr-csr.md | 127 ++++--
 ...he-optimization-sdk-in-a-nextjs-app-ssr.md | 123 ++++--
 ...-react-native-sdk-in-a-react-native-app.md |  62 ++-
 ...rating-the-react-web-sdk-in-a-react-app.md | 112 +++--
 .../integrating-the-web-sdk-in-a-web-app.md   |  38 +-
 implementations/AGENTS.md                     | 133 +++---
 implementations/android-sdk/AGENTS.md         | 152 ++-----
 .../android-sdk/scripts/run-e2e.sh            |   3 +
 implementations/ios-sdk/AGENTS.md             |  63 +--
 implementations/ios-sdk/package.json          |   2 +-
 implementations/ios-sdk/swiftui/App.swift     |   1 +
 .../ios-sdk/uikit/SceneDelegate.swift         |   1 +
 .../uitests/Tests/PreviewPanelTests.swift     |   4 +-
 implementations/node-sdk+web-sdk/AGENTS.md    |  47 +-
 implementations/node-sdk+web-sdk/README.md    |   9 +-
 ...ys-identified-user-variants-cookie.spec.ts |   8 +
 .../displays-identified-user-variants.spec.ts |  13 +-
 ...isplays-unidentified-user-variants.spec.ts |  22 +-
 .../e2e/entry-click-tracking.spec.ts          |   9 +-
 .../e2e/entry-view-tracking.spec.ts           |  26 +-
 implementations/node-sdk+web-sdk/src/app.ts   | 117 +++--
 .../node-sdk+web-sdk/src/index.ejs            |  27 +-
 implementations/node-sdk/AGENTS.md            |  39 +-
 implementations/node-sdk/README.md            |   4 +-
 implementations/node-sdk/src/app.ts           |  38 +-
 implementations/react-native-sdk/AGENTS.md    |  67 ++-
 implementations/react-native-sdk/App.tsx      |   7 +-
 .../AGENTS.md                                 |  59 +--
 .../README.md                                 |  23 +-
 .../app/layout.tsx                            |  16 +-
 .../app/page.tsx                              |   7 +-
 .../components/InteractiveControls.tsx        |   8 +
 .../lib/optimization-server.ts                |  18 +-
 .../middleware.ts                             |  35 +-
 .../AGENTS.md                                 |  49 +--
 .../README.md                                 |  66 ++-
 .../app/page.tsx                              |  31 +-
 .../components/InteractiveControls.tsx        |   8 +
 .../middleware.ts                             |  37 +-
 implementations/react-web-sdk/AGENTS.md       |  51 +--
 .../displays-identified-user-variants.spec.ts |   3 +
 implementations/web-sdk/AGENTS.md             |  42 +-
 .../displays-identified-user-variants.spec.ts |   3 +
 implementations/web-sdk_react/AGENTS.md       |  42 +-
 .../displays-identified-user-variants.spec.ts |   3 +
 lib/build-tools/AGENTS.md                     |  37 +-
 lib/mocks/AGENTS.md                           |  40 +-
 packages/AGENTS.md                            | 133 ++----
 packages/android/AGENTS.md                    |  47 +-
 .../android/ContentfulOptimization/AGENTS.md  |  85 ++--
 .../bridge/QuickJsContextManager.kt           |   4 +-
 .../optimization/core/OptimizationClient.kt   |  65 ++-
 .../optimization/core/OptimizationConfig.kt   |  16 +-
 .../optimization/core/OptimizationState.kt    |   3 +
 .../optimization/core/PreviewState.kt         |   2 +
 .../optimization/storage/PersistentStore.kt   |   5 +-
 .../storage/SharedPreferencesStore.kt         |  57 ++-
 .../tracking/ViewTrackingController.kt        |   8 +-
 .../optimization/views/OptimizedEntryView.kt  |   5 +-
 .../core/OptimizationConfigTest.kt            |  22 +
 .../storage/SharedPreferencesStoreTest.kt     | 193 ++++++++
 packages/android/README.md                    |  46 +-
 packages/ios/AGENTS.md                        |  38 +-
 packages/ios/ContentfulOptimization/AGENTS.md |  57 +--
 packages/ios/ContentfulOptimization/README.md |  29 ++
 .../Bridge/JSContextManager.swift             |   4 +-
 .../Core/OptimizationClient.swift             |  91 ++--
 .../Core/OptimizationConfig.swift             |  25 +-
 .../Core/OptimizationState.swift              |   3 +
 .../Core/PreviewState.swift                   |   1 +
 .../Storage/PersistentStore.swift             |   5 +-
 .../Storage/UserDefaultsStore.swift           |  42 +-
 .../OptimizationClientTests.swift             | 191 +++++++-
 packages/ios/README.md                        |   2 +
 packages/node/node-sdk/AGENTS.md              |  42 +-
 packages/node/node-sdk/README.md              | 105 +++--
 packages/node/node-sdk/dev/server.ts          |  82 +++-
 packages/node/node-sdk/package.json           |   6 +-
 .../src/ContentfulOptimization.test.ts        | 202 +++++++--
 .../node-sdk/src/ContentfulOptimization.ts    |  26 +-
 packages/react-native-sdk/AGENTS.md           |  50 +--
 packages/react-native-sdk/README.md           |  46 +-
 .../react-native-sdk/dev/utils/sdkHelpers.ts  |   2 +-
 packages/react-native-sdk/package.json        |   2 +-
 .../src/ContentfulOptimization.test.ts        | 406 ++++++++++++++++-
 .../src/ContentfulOptimization.ts             | 182 +++++---
 .../src/storage/AsyncStorageStore.test.ts     | 182 +++++++-
 .../src/storage/AsyncStorageStore.ts          | 261 ++++++++---
 packages/universal/AGENTS.md                  |  34 +-
 packages/universal/api-client/AGENTS.md       |  21 +-
 packages/universal/api-client/package.json    |   2 +-
 packages/universal/api-schemas/AGENTS.md      |  22 +-
 packages/universal/api-schemas/package.json   |   2 +-
 packages/universal/core-sdk/AGENTS.md         |  27 +-
 packages/universal/core-sdk/README.md         |  52 ++-
 packages/universal/core-sdk/package.json      |   6 +-
 packages/universal/core-sdk/src/Consent.ts    |  16 +-
 .../src/CoreStateful.detached-states.test.ts  |   1 +
 .../core-sdk/src/CoreStateful.locale.test.ts  |   1 +
 .../core-sdk/src/CoreStateful.test.ts         | 124 +++++-
 .../universal/core-sdk/src/CoreStateful.ts    |  58 ++-
 .../core-sdk/src/CoreStatefulEventEmitter.ts  |  22 +-
 .../core-sdk/src/CoreStateless.test.ts        | 372 ++++++++++------
 .../universal/core-sdk/src/CoreStateless.ts   | 262 ++---------
 .../core-sdk/src/CoreStatelessRequest.ts      | 336 ++++++++++++++
 packages/universal/core-sdk/src/EventType.ts  |  22 +
 packages/universal/core-sdk/src/constants.ts  |   7 +
 .../core-sdk/src/events/EventBuilder.test.ts  |  16 +
 .../core-sdk/src/events/EventBuilder.ts       |  19 +-
 packages/universal/core-sdk/src/index.ts      |   4 +-
 .../core-sdk/src/preview-support/AGENTS.md    |  25 +-
 .../core-sdk/src/queues/ExperienceQueue.ts    |   5 +
 .../core-sdk/src/queues/InsightsQueue.ts      |   6 +
 .../universal/core-sdk/src/signals/signals.ts |  10 +
 .../optimization-js-bridge/AGENTS.md          |  57 +--
 .../optimization-js-bridge/package.json       |   2 +-
 .../optimization-js-bridge/src/index.ts       |  39 +-
 packages/web/AGENTS.md                        |  31 +-
 .../web/frameworks/react-web-sdk/AGENTS.md    |  44 +-
 .../web/frameworks/react-web-sdk/README.md    |  35 +-
 .../web/frameworks/react-web-sdk/package.json |   2 +-
 .../react-web-sdk/src/test/sdkTestUtils.tsx   |   1 +
 packages/web/preview-panel/AGENTS.md          |  35 +-
 packages/web/preview-panel/package.json       |   2 +-
 packages/web/web-sdk/AGENTS.md                |  36 +-
 packages/web/web-sdk/README.md                |  63 ++-
 packages/web/web-sdk/package.json             |   2 +-
 .../src/ContentfulOptimization.test.ts        |  92 +++-
 .../web/web-sdk/src/ContentfulOptimization.ts |  87 +++-
 .../web-sdk/src/storage/LocalStore.test.ts    |  19 +
 .../web/web-sdk/src/storage/LocalStore.ts     |  26 ++
 152 files changed, 5516 insertions(+), 2859 deletions(-)
 create mode 100644 documentation/concepts/consent-management-in-the-optimization-sdk-suite.md
 create mode 100644 packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/storage/SharedPreferencesStoreTest.kt
 create mode 100644 packages/universal/core-sdk/src/CoreStatelessRequest.ts
 create mode 100644 packages/universal/core-sdk/src/EventType.ts

diff --git a/.github/workflows/main-pipeline.yaml b/.github/workflows/main-pipeline.yaml
index 047d32d9..49d56886 100644
--- a/.github/workflows/main-pipeline.yaml
+++ b/.github/workflows/main-pipeline.yaml
@@ -950,6 +950,8 @@ jobs:
             echo "Installing Maestro CLI ($MAESTRO_VERSION)..."
             curl -Ls "https://get.maestro.mobile.dev" | bash
             echo "Installing ${{ matrix.app }} APK (${{ matrix.apk }})..."
+            echo "Removing any cached install of ${{ matrix.package }} to avoid signature mismatches from the cached AVD..."
+            adb uninstall ${{ matrix.package }} >/dev/null 2>&1 || true
             adb install -r android-apks/${{ matrix.apk }}
             echo "Setting up adb reverse (harmless localhost fallback; the apps use 10.0.2.2)..."
             adb reverse tcp:8000 tcp:8000 || echo "::warning::adb reverse failed; apps use 10.0.2.2 so continuing"
diff --git a/AGENTS.md b/AGENTS.md
index 5833975c..c3c528aa 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,286 +1,179 @@
 # AGENTS.md
 
-This file defines repository-wide rules only. For any change, read this file first, then read each
-applicable child `AGENTS.md` from outermost to nearest in the subtree you are editing.
+Repository-wide baseline. Child files add local constraints; the nearest child file wins.
 
 ## Hierarchy
 
-- The root `AGENTS.md` owns stable repo-wide policy.
-- `packages/AGENTS.md` and `implementations/AGENTS.md` own shared policy for all packages and
-  reference implementations.
-- `lib/*/AGENTS.md`, `packages/**/AGENTS.md`, and `implementations/*/AGENTS.md` own more specific
-  local instructions, commands, and gotchas.
-- If local guidance conflicts with this file, follow the more specific `AGENTS.md` for that subtree.
-- When adding a new workspace package or implementation, add a sibling `AGENTS.md` in the same
-  change.
-- Keep child `AGENTS.md` files focused on local behavior. Do not duplicate root policy unless the
-  subtree has a local exception.
+- Read this file, then each child `AGENTS.md` from the repository root to the edited path.
+- Root owns stable repo policy. `packages/AGENTS.md` and `implementations/AGENTS.md` own shared
+  package or implementation policy. Deeper files own local boundaries, commands, and gotchas.
+- Add a sibling `AGENTS.md` when adding a workspace package or reference implementation.
+- Do not repeat parent policy in child files unless the subtree has a real exception.
 
-## Environment and tooling
+## Tools and source files
 
-- Use the Node version from [`.nvmrc`](./.nvmrc) when possible. Repository engine constraints live
-  in the root [`package.json`](./package.json).
-- Use `pnpm` only. The pinned package-manager version lives in the root
+- Use the Node version in [`.nvmrc`](./.nvmrc) and the pnpm version pinned in
   [`package.json`](./package.json).
-- Prefer `pnpm <script>` over `pnpm run <script>` when both forms are equivalent.
-- Prefer `rg` and `rg --files` for code search.
-- `.env` files are ignored. Start from the checked-in `.env.example` where applicable, and do not
-  overwrite an existing `.env` without a clear reason.
-- Some implementations have additional runtime prerequisites or process-management expectations. See
-  the relevant implementation `AGENTS.md` before running local app or E2E flows.
-
-## Repository layout
-
-- Shared libraries and published SDK packages live under `lib/` and `packages/`.
-- Reference implementations live under `implementations/`.
-- Implementations consume local package tarballs from `pkgs/` after `pnpm build:pkgs` and
-  implementation install steps.
-- Generated outputs such as `dist/`, `coverage/`, `docs/`, `pkgs/`, `playwright-report/`, and
-  `test-results/` are not the source of truth.
-
-## Source of truth
-
-Prefer editing source files and configuration:
-
-- `src/**`
-- `e2e/**`
-- `__tests__/**`
-- `scripts/**`
-- `documentation/**`
-- `README.md`
-- `package.json`
-- `tsconfig*.json`
-- `rstest.config.ts`
-- `playwright.config.mjs`
-- `eslint.config.ts`
-- `.prettierrc`
-- `.github/workflows/**`
-
-Do not hand-edit generated or local-only artifacts unless the task is explicitly about them:
-
-- `dist/**`
-- `coverage/**`
-- `docs/**`
-- `pkgs/**`
-- `.rslib/**`
-- `.rsdoctor/**`
-- `node_modules/**`
-- local `.env` files
-
-## ESLint discipline
-
-- Treat [`eslint.config.ts`](./eslint.config.ts) as an upfront design constraint, not a cleanup step
-  after coding.
-- Before editing TypeScript or TSX in an unfamiliar area, skim
-  [`eslint.config.ts`](./eslint.config.ts) and nearby files to match existing idioms.
-- Prefer code that naturally satisfies the rules over later suppression or churn.
-- For isolated lint findings, start with the smallest AST-local fix possible. Prefer changing the
-  flagged expression, declaration, or statement before considering any surrounding refactor.
-- If the first local rewrite fails, inspect the exact rule configuration and error location before
-  trying broader changes.
-- Do not broaden a one-line lint fix into helper rewrites, data-flow changes, or nearby refactors
-  unless the minimal local options are exhausted and there is a clear semantic reason to do so.
-- Match existing local patterns before introducing new ones. In this repo, that usually means:
-  - prefix intentionally unused variables, parameters, caught errors, and array slots with `_`
-  - avoid introducing unexplained magic numbers in production code; extract named constants when the
-    value is not obviously one of the common allowed literals
-  - keep strict typed-code hygiene and avoid broad `any`-style shortcuts
-  - rely on Prettier and `prettier-plugin-organize-imports` for formatting and import order rather
-    than manual styling
-- Never add `eslint-disable`, `eslint-disable-next-line`, or `eslint-disable-line` comments unless
-  the user explicitly instructs you to do so.
-- If a lint fix stops being small and local, stop and reassess instead of escalating into trial-and-
-  error rewrites.
-- Do not copy test-only patterns into production code. Test and E2E files have targeted rule
-  relaxations that do not apply elsewhere.
-- If code keeps fighting the linter, stop and rewrite the approach to match repository patterns
-  rather than stacking fixes.
-
-## Validation policy
-
-- Run the smallest meaningful validation that matches the change.
-- When linting or formatting is likely needed, prefer the smallest fix-enabled command that matches
-  the edited area first, then confirm with a check-only command if needed. Avoid the pattern of
-  running a pure check, then rerunning the same tool again only to apply obvious auto-fixes.
-- For TypeScript or TSX edits, run the relevant lint command early enough to influence the shape of
-  the implementation, not only at the end.
-- For `lib/` or `packages/` edits, prefer `pnpm lint` after the first meaningful patch and again
-  before finishing if the change grew.
-- For `implementations/` edits, prefer `pnpm implementation:lint` after the first meaningful patch
-  and again before finishing if the change grew.
-- For cross-cutting changes, broaden validation to affected downstream packages or implementations.
-- If you skip a relevant check because of time or environment constraints, say exactly what was not
-  run and why.
-
-High-signal repo-wide commands:
+- Use `pnpm` only; prefer `pnpm <script>` when equivalent. Prefer `rg`/`rg --files` for search.
+- Edit source of truth: `src/**`, `e2e/**`, `__tests__/**`, `scripts/**`, `documentation/**`,
+  `README.md`, `package.json`, `tsconfig*.json`, `rstest.config.ts`, `playwright.config.mjs`,
+  `eslint.config.ts`, `.prettierrc`, and `.github/workflows/**`.
+- Treat `dist/**`, `coverage/**`, `docs/**`, `pkgs/**`, `.rslib/**`, `.rsdoctor/**`,
+  `node_modules/**`, and local `.env` files as generated or local-only unless the task explicitly
+  targets them.
+- Start env setup from `.env.example`; do not overwrite an existing `.env` casually.
+- Implementations consume local package tarballs from `pkgs/` after `pnpm build:pkgs` plus the
+  implementation install step.
+
+## Code discipline
+
+- Treat [`eslint.config.ts`](./eslint.config.ts) as an upfront design constraint.
+- Match nearby idioms before adding abstractions. Common repo idioms: `_` for intentional unused
+  bindings, named constants for non-obvious magic values, strict typed code, and Prettier-organized
+  imports.
+- Make lint fixes AST-local where possible. If a local rewrite keeps failing, inspect the exact rule
+  and choose a pattern the repo already uses.
+- Never add `eslint-disable`, `eslint-disable-next-line`, or `eslint-disable-line` unless the user
+  explicitly asks.
+- Do not copy test-only lint relaxations into production code.
+
+## Validation
+
+- Run the smallest meaningful validation for the change. For TypeScript, TSX, JavaScript, package,
+  implementation, or shared tooling edits, include lint before claiming validation is complete.
+- If no local lint script exists, use the nearest aggregate command: `pnpm lint` for `lib/` or
+  `packages/`; `pnpm implementation:lint` for `implementations/`.
+- Run Prettier on touched Markdown or expected-format files, then run `git diff --check`.
+- Validate package and implementation changes in dependency order: source package typecheck/tests,
+  source package build, `pnpm build:pkgs` when implementations consume it, implementation install,
+  then downstream checks.
+- For native, React Native, or E2E validation, use the implementation-specific runner documented in
+  the nearest `AGENTS.md`, package scripts, or README before deciding the test cannot run locally.
+  Missing attached devices, simulators, emulators, mock servers, or Metro are setup states; many
+  local runners start or resolve them themselves.
+- Do not substitute a generic `test` script for Playwright, Detox, Maestro, or XCUITest E2E. If a
+  generic test command fails before reaching the intended E2E runner, classify it as that command's
+  failure and try the documented E2E command instead.
+- When an upstream package changes, run bundle-size validation for every downstream published
+  package that can bundle or re-export it, not only the package edited directly. If the affected
+  downstream set is uncertain, run the aggregate `pnpm size:check`.
+- Stop downstream validation when an upstream package build fails; stale downstream artifacts are
+  not evidence.
+- After public exports, entry graphs, shared types, or bundled runtime paths change in an Rslib
+  package, run its `clean` script before trusting output. Rslib `clean` scripts must remove
+  package-local `./node_modules/.cache/rspack`.
+- Broaden checks for exported APIs, shared runtime behavior, generated artifacts, mocks, or behavior
+  used by multiple SDKs or implementations.
+- If you skip a relevant check, state exactly what was skipped and why.
+
+High-signal commands:
 
 - `pnpm lint`
+- `pnpm implementation:lint`
 - `pnpm typecheck`
 - `pnpm test:unit`
 - `pnpm build`
+- `pnpm build:pkgs`
 - `pnpm size:check`
 - `pnpm size:report`
-- `pnpm build:pkgs`
 - `pnpm format:check`
 - `pnpm docs:generate`
 
-## Bundle budget failures
-
-- When `pnpm size:check` or a package `size:check` fails, do not add package exports, new bundle
-  entries, new chunks, budget config changes, aliases, or separate build outputs to move bytes
-  outside the failing budget unless the user explicitly asks for that approach.
-- `size:check` can stop at the first failing package or bundle. After a `size:check` failure, run
-  `pnpm size:report` or the relevant package `size:report` before drawing conclusions about the full
-  set of bundle-budget failures.
-- For bundle-budget failures, the only source changes allowed without user direction are concise,
-  behavior-preserving reductions to code you added or changed for the task.
-- Before attempting any bundle-budget fix, report:
-  - the exact command
-  - the failing package or bundle
-  - the budget, actual size, and delta
-  - the task-related files changed since the last known passing baseline
-  - the smallest behavior-preserving concision option, if one is clear
-  - the specific human direction needed if concision is not obvious
-
-## Failure handling and recovery
-
-- Do not rerun the same failing command unchanged more than once.
-- Treat validation failures as diagnostic evidence before treating them as code defects. Do not edit
-  source, add compatibility shims, or change reference implementation code until you have classified
-  whether the failure is caused by source behavior, stale generated artifacts, install state,
-  package packaging, environment setup, or tooling.
-- Before retrying, classify the failure into one of these buckets:
-  - command resolution or PATH
-  - missing prerequisite or setup
-  - permission or sandbox
-  - expected long-running process
-  - transient network or external-service failure
-  - stale local state, artifact, or process conflict
-  - unknown
-- Prefer a small probe before a full rerun. Check the nearest `AGENTS.md`, the target
-  `package.json`, and any relevant `README.md` or `CONTRIBUTING.md` section before guessing.
-- If the classified failure is not in source code, stop making source changes. Use the documented
-  package or implementation script for that failure class, or report the root cause and smallest
-  next action if cleanup, approval, or environment repair is needed.
-- If a lint or format command fails with findings that the tool can auto-fix, prefer a targeted
-  fix-enabled rerun over repeated check-only runs, then revalidate once.
-- If the shell reports a command as missing:
-  - first prefer `pnpm <script>` or `pnpm exec <tool>` over assuming a global binary
-  - check whether the command is defined in the relevant `package.json`
-  - do not install new global tools to work around a missing PATH entry unless the user explicitly
-    asked for that setup
-  - if the tool is absent and not documented as a prerequisite, stop and report instead of
-    improvising
-- If a documented prerequisite is missing, run that prerequisite once, then retry the original
-  command once. Common repository prerequisites include:
-  - `pnpm install`
-  - `pnpm build:pkgs`
-  - `pnpm implementation:install`
-  - a local `.env` copied from `.env.example`
-  - implementation-specific setup documented in the nearest child `AGENTS.md`
-- If the error suggests a permissions or sandbox problem, such as `EACCES`, `EPERM`, network
-  blocking, or write denial, do not keep retrying. Request approval or escalation on the next
-  attempt rather than searching for workarounds.
-- If a command is supposed to stay alive, such as a dev server, watcher, mock server, preview
-  server, or emulator tooling, treat continued execution as expected behavior. Poll or inspect logs
-  instead of restarting it repeatedly.
-- If a failure looks transient, such as a registry timeout or flaky external network call, retry at
-  most once. If it fails again, stop and report the blocker.
-- Before cleanup, decide whether the issue is stale state. Prefer targeted cleanup of only the
-  artifacts or processes created by the failed flow. Do not delete unrelated outputs, local `.env`
-  files, or use broad cleanup such as `pm2 delete all`.
-- After two failed attempts with the same strategy, stop and summarize:
-  - the exact command
-  - the failure class
-  - the relevant stderr or symptom
-  - what you already tried
-  - the smallest next action, user input, or approval needed
-
-## Docs, specs, and CI
-
-- Authored supporting docs live in `documentation/`; generated TypeDoc output lives in `docs/`.
-- If the repository later adds any replacement design, architecture, or specification artifacts for
-  the changed area, keep them aligned in the same change.
-- `docs/` is generated by TypeDoc and is gitignored.
-- Implementation E2E in `.github/workflows/main-pipeline.yaml` is intentionally path-filtered. If a
-  change needs to alter E2E coverage, update the workflow and keep it aligned with
-  [CONTRIBUTING.md](./CONTRIBUTING.md).
-
-## README and Markdown standards
-
-- Follow [`STYLE_GUIDE.md`](./STYLE_GUIDE.md) for Contentful technical writing conventions in
-  human-authored documentation, including READMEs, authored docs, TSDoc/JSDoc prose, and examples.
-  The nearest `AGENTS.md` still owns document structure, commands, and subtree-specific exceptions.
-- Treat README files as maintained source-of-truth orientation for humans. Keep them aligned with
-  package exports, implementation scripts, local `.env.example` files, and authored documentation in
-  the same change as behavior or workflow updates.
-- Preserve the README family already used by the target directory:
-  - root, published package, and reference implementation READMEs use the centered Contentful logo
-    header, `Contentful Personalization & Analytics` title, subtype `<h3>`, navigation links, and
-    pre-release warning.
-  - `documentation/**/README.md` files are navigation indexes with frontmatter.
-  - placeholder and internal-only README files can use a plain Markdown `#` title plus explicit
-    status or internal-use admonitions.
-- Use sentence case for Markdown headings, preserving official product, package, API, component,
-  hook, and file casing.
-- Lead with reader intent and scope: what to use, when to use it, and what belongs elsewhere. Prefer
-  concrete implementation guidance over marketing language.
-- Keep terminology consistent: "Optimization SDK Suite", "Personalization", "Analytics", "Experience
-  API", "Insights API", "reference implementation", and exact package names such as
-  `@contentful/optimization-web`.
-- Use fenced code blocks with language tags (`sh`, `ts`, `tsx`, `json`, `html`) and prefer `pnpm`
-  commands. Do not introduce npm, yarn, or undocumented global-tool instructions.
-- Use GitHub admonitions intentionally: warning/caution for pre-release, internal, destructive, or
-  unsafe flows; important for required contracts; note for helpful context that is not required.
-- Match README depth to the README category, not to the amount of available detail:
-  - application-facing package READMEs orient the integrator, preserve common setup options, and
-    link to authored guides or generated reference docs for deep workflows and exhaustive API
-    details
-  - lower-level package READMEs orient SDK maintainers and package authors, explain the layer's
-    role, and avoid application-integration tutorial depth
-  - reference implementation READMEs stay procedural and point readers to the code being
-    demonstrated instead of duplicating package API tutorials
-  - internal and placeholder READMEs stay short, explicit, and status-oriented
-- Move step-by-step implementation material into `documentation/guides/` when an existing guide is
-  the right home; create a new guide only when no existing guide covers that reader goal. Use
-  generated TypeDoc reference for exhaustive signatures, method catalogs, callback payload shapes,
-  and exported type details.
-- Before changing README navigation or cross-document links, account for every render target that
-  consumes that README: GitHub source browsing, TypeDoc project documents, and npmjs package README
-  rendering for published packages.
-- Keep relative links pointed at source-of-truth files in this repository when the README is only
-  consumed in-repo or by TypeDoc, or when the package README publish rewrite flow is known to
-  rewrite that link for npm. Use stable absolute URLs for links that must work unchanged across
-  GitHub, TypeDoc, and npm.
-- Link to generated reference docs for API reference and shared README header navigation that needs
-  to work in all render targets, not as a replacement for source README guidance.
-- When a README has a collapsible table of contents, preserve the exact `<!-- mtoc-start -->` and
-  `<!-- mtoc-end -->` markers and keep entries synchronized with headings.
-- For Markdown edits, run Prettier on touched files when practical and at least run
-  `git diff --check` before finishing.
-
-## Safety rules
+Native and E2E examples; narrow with test-file, suite, scheme, or flow arguments when possible:
+
+- React Native Android Detox:
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:full -- --test-file <file>`
+- Android Maestro Compose:
+  `pnpm implementation:run -- android-sdk test:e2e:compose -- --flow <suite>`
+- Android Maestro Views: `pnpm implementation:run -- android-sdk test:e2e:views -- --flow <suite>`
+- iOS Swift package: `pnpm ios:test`
+- iOS XCUITest build: `pnpm implementation:run -- ios-sdk test:e2e:ios:build:release`
+- iOS XCUITest run: `IOS_SCHEME=SwiftUI pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`
+
+## Failure handling
+
+- Classify failures before retrying or editing: command/PATH, missing setup, permission/sandbox,
+  long-running process, transient external service, stale local state or process conflict, source
+  defect, or unknown.
+- Retry the same failing command at most once after a targeted fix or probe. For missing commands,
+  prefer repo scripts or `pnpm exec`; do not install globals unless asked.
+- For missing documented prerequisites, run the prerequisite once, then retry once. Common
+  prerequisites include `pnpm install`, `pnpm build:pkgs`, implementation installs, `.env` from
+  `.env.example`, and implementation-specific setup.
+- For native and React Native E2E, a failed preflight or absent device is not enough to say local
+  testing is impossible. Run the local runner that performs setup, or report the exact missing
+  prerequisite and the command that exposed it.
+- For permission, sandbox, or network-blocking symptoms, request escalation on the next attempt
+  instead of working around the sandbox.
+- Treat expected servers, watchers, mock servers, preview servers, emulators, and similar commands
+  as long-running; poll or inspect logs instead of restarting them.
+- For stale state, clean only the artifacts or processes created by the failed flow. Do not delete
+  local `.env` files, ignored outputs, or broad process groups.
+- Own validation failures surfaced by current or recent Codex work. Inspect status, diffs,
+  APIs/artifacts, and skipped checks; then fix the root cause in the right layer or report a
+  concrete blocker.
+- If a downstream implementation reports stale SDK types or runtime behavior, verify upstream build,
+  `pnpm build:pkgs`, and implementation install before adding local shims or casts.
+- If Rslib/Rspack reports an internal dependency-graph panic, classify stale persistent cache first:
+  run the affected package `clean` script once, confirm it removes `node_modules/.cache/rspack`,
+  then retry the build once.
+- After two failed attempts with the same strategy, stop and report the command, failure class,
+  relevant stderr, what was tried, and the smallest next action.
+
+## Bundle size
+
+- Before bundle-size investigation or changes, inspect `git status --short` and run the relevant
+  `size:check` or `size:report` against the actual worktree.
+- For upstream package changes, treat downstream bundle-size checks as required validation. Run the
+  smallest complete downstream set when it is clear, or `pnpm size:check` when the dependency impact
+  crosses package families or is uncertain.
+- On failure, report the command, package or bundle, budget, actual size, and delta.
+- Do not change budgets, bundle entries, aliases, chunks, exports, or source shape solely for bundle
+  size unless the user approves that work.
+- Unapplied proposals must be labeled `UNAPPLIED PROPOSAL`, printed in chat, and not written into
+  the project tree.
+- After approved bundle-size source changes, validate the touched package with typecheck, relevant
+  tests, build when emitted output/declarations are affected, and `size:check`.
+
+## Docs and README
+
+- Follow [`STYLE_GUIDE.md`](./STYLE_GUIDE.md) for human-authored prose. Authored docs live in
+  `documentation/`; generated TypeDoc output lives in `docs/`.
+- Preserve existing README families: repo/package/reference implementation headers, navigation, and
+  pre-release warnings; documentation indexes; short status READMEs for placeholders or
+  internal-only surfaces.
+- Use sentence-case Markdown headings, official product/API casing, fenced code blocks with language
+  tags, and `pnpm` commands.
+- Keep package READMEs orientation-first, implementation READMEs procedural, and lower-level package
+  READMEs maintainer-oriented. Generated docs own exhaustive signatures and exported type detail.
+- Move deep implementation guidance into `documentation/guides/` when an existing guide fits; create
+  a new guide only for a distinct reader goal.
+- Account for every README render target before changing links: GitHub, TypeDoc project docs, and
+  npm package README rendering.
+- Preserve `<!-- mtoc-start -->` and `<!-- mtoc-end -->` markers and keep TOCs synchronized.
+
+## Safety and resume
 
 - Never overwrite or delete ignored local files just to get a clean run.
 - Do not run destructive Contentful scripts unless explicitly asked.
 - Do not use broad cleanup commands such as `pm2 delete all` unless explicitly asked.
+- Do not manually terminate processes without explicit user permission in the current turn. This
+  includes `kill`, `pkill`, `killall`, `xargs kill`, emulator termination, container termination,
+  and similar process-stop commands. If a validation, server, installer, emulator, or watcher is
+  running and the user says to skip, pause, or change direction, ask whether to let it finish or
+  terminate it; do not infer termination permission.
+- Repository scripts may clean up their own child processes only as part of the documented command
+  the user asked to run. Do not replace that with manual process termination unless the user
+  explicitly approves it.
 - Do not assume full cross-platform E2E is required for every change.
-
-## Context resume audit
-
-- After context compaction, interruption, or a long-running resume, audit before editing: reread the
-  latest user instruction, inspect `git status`, inspect relevant diffs, and restate the active
-  constraints in a short commentary update.
-- If resumed context is missing, contradictory, or no longer explains why a change exists, stop and
-  ask or report the uncertainty instead of continuing from memory.
-- Keep resumed work scoped to the newest user request. Do not continue older plans unless they are
-  still required by the latest instruction.
+- After compaction, interruption, or a long-running resume, reread the latest user request, inspect
+  `git status` and relevant diffs, then continue only with the current request.
 
 ## Preferred workflow
 
-1. Read the root `AGENTS.md`.
-2. Read each applicable child `AGENTS.md` from outermost to nearest in the subtree you will edit.
-3. Make the narrowest source-of-truth change in the correct layer.
-4. Run the smallest meaningful validation set.
-5. Broaden validation only when exports, build tooling, mocks, or shared behavior changed.
-6. Summarize what changed, what was verified, what was skipped, and any follow-up risk.
+1. Read the applicable `AGENTS.md` chain.
+2. Make the narrowest source-of-truth change in the correct layer.
+3. Run the smallest meaningful validation.
+4. Broaden validation only when shared behavior, exports, generated artifacts, mocks, or downstream
+   consumers are affected.
+5. Summarize changes, validation, skipped checks, and residual risk.
diff --git a/documentation/AGENTS.md b/documentation/AGENTS.md
index c5236931..4f7daaa7 100644
--- a/documentation/AGENTS.md
+++ b/documentation/AGENTS.md
@@ -1,70 +1,36 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first.
+Applies to authored documentation under `documentation/`.
 
-These instructions apply to authored documentation under `documentation/`.
+## Structure
 
-For prose style, follow [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md). This file adds documentation
-structure, cross-linking, and validation rules.
+- Follow [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md) plus root Markdown rules.
+- Put step-by-step implementation material in `guides/`, mechanics explanations in `concepts/`, and
+  unpublished or nonconforming material in `drafts/`.
+- When README content grows beyond orientation and common setup, update an existing guide or concept
+  before creating a new document.
+- Generated TypeDoc owns exhaustive API reference; authored docs explain integration flow,
+  decisions, and mechanics.
 
-## Documentation categories
+## Directory READMEs
 
-- Put step-by-step implementation material in `guides/`.
-- Put "how it works" explanations in `concepts/`.
-- Put nonconforming or unpublished material in `drafts/`. Drafts are not part of public navigation
-  unless the user explicitly asks to publish or link them.
-- When package README content grows beyond orientation and common setup, first look for an existing
-  guide or concept that matches the reader goal and update that document instead of creating a new
-  one. Create a new guide only when the material has no existing guide home.
-- Do not move exhaustive API reference material from READMEs into authored docs when generated
-  TypeDoc already owns the detail. Authored docs must explain integration flow, decisions, and
-  mechanics that generated reference docs cannot.
+- Treat directory `README.md` files as navigation indexes.
+- Keep frontmatter `children`, visible list order, and one-sentence child descriptions aligned.
+- When adding, moving, or removing docs, update the nearest directory README and affected links.
+- Preserve observed index headings and frontmatter `title` values matching the visible `#` heading.
 
-## Directory README files
+## Writing and links
 
-- Keep directory `README.md` frontmatter `children` aligned with the visible list order in the same
-  file.
-- When adding, moving, or removing a document, update the nearest directory `README.md` and any
-  affected relative links in the same change.
-- Treat directory README files as navigation indexes, not full guides or concepts. Keep the body to
-  a short "start here" paragraph and grouped lists of child documents with one-sentence
-  descriptions.
-- Use the observed index headings for consistency: `## Sections` at the documentation root,
-  `## Start here` and `## Integration guides` under `guides/`, and `## Available concepts` under
-  `concepts/`.
-- Preserve frontmatter `title` values that match the visible `#` heading.
+- Write for engineers integrating the SDK into consumer applications.
+- Lead with the reader goal, keep default paths before advanced variants, and explain consequences
+  behind constraints.
+- Separate SDK responsibilities from application responsibilities, especially fetching, consent
+  policy, identity policy, routing, and rendering.
+- Link from guides to concepts for deeper mechanics.
+- Guides and concepts may link to docs, package READMEs, implementation READMEs, and generated
+  reference docs, but not directly to source code, tests, generated outputs, or source line numbers.
 
-## Heading and writing style
+## Validate
 
-- Write for human software engineers integrating the SDK into consumer applications. Authored docs
-  are not internal agent instructions or maintainer runbooks.
-- Use sentence case for headings.
-- Preserve official product, package, API, component, and hook casing.
-- Lead with what the reader is trying to implement.
-- Separate SDK responsibilities from application responsibilities.
-- State what the SDK does not own when relevant, especially Contentful fetching, consent policy,
-  identity policy, routing, and rendering.
-- Prefer concrete implementation guidance over marketing language.
-- When documenting an integration constraint, tell the reader what breaks, what to do instead, and
-  how to choose a default or fallback for their own integration.
-- Explain the consequence behind constraints. Prefer reader-facing phrasing such as "all-locale CDA
-  responses are incompatible with the resolver because..." over unexplained "do not" rules.
-- Use direct imperatives only when they help an engineer avoid a concrete integration bug, security
-  issue, data leak, or broken runtime behavior. Pair them with the reason or the safer alternative.
-
-## Cross-linking
-
-- Link from guides to concepts when the reader needs deeper mechanics.
-- Link only to source-of-truth documentation files, package READMEs, or implementation READMEs.
-- Guides and concepts must not link to or mention source code files directly, including package
-  `src/**`, test files, implementation source files, scripts, config files, generated source
-  outputs, or source line numbers. When code-level detail is useful, link to package README,
-  implementation README, generated reference docs, or a concept/guide that explains the behavior.
-- After moving a document, fix all affected relative links.
-
-## Validation
-
-- Run Prettier on touched Markdown files.
-- Run `git diff --check`.
-- For moved or newly linked documents, verify relative Markdown links resolve to existing files when
-  the target is inside the repository.
+- Run Prettier on touched Markdown files and `git diff --check`.
+- For moved or newly linked documents, verify repository-local relative links resolve.
diff --git a/documentation/concepts/README.md b/documentation/concepts/README.md
index 14d307f5..46ab755a 100644
--- a/documentation/concepts/README.md
+++ b/documentation/concepts/README.md
@@ -2,6 +2,7 @@
 title: Concepts
 children:
   - ./core-state-management.md
+  - ./consent-management-in-the-optimization-sdk-suite.md
   - ./entry-personalization-and-variant-resolution.md
   - ./locale-handling-in-the-optimization-sdk-suite.md
   - ./interaction-tracking-in-web-sdks.md
@@ -24,6 +25,9 @@ they are not the first stop for installation or setup commands.
   state using signals, why that state is protected from outside interference, and which
   consumer-facing surfaces — observables, interceptors, and lifecycle methods — are the correct way
   to observe and influence state.
+- [Consent management in the Optimization SDK Suite](./consent-management-in-the-optimization-sdk-suite.md) -
+  explains how SDK consent state, event allow-lists, blocked-event diagnostics, persistence, and
+  application-owned CMP policy work together to support consent-aware integrations.
 - [Entry personalization and variant resolution](./entry-personalization-and-variant-resolution.md) -
   explains how the SDK resolves a Contentful baseline entry to the selected entry variant, including
   data model expectations, fallback behavior, resolution paths, and preview overrides.
diff --git a/documentation/concepts/android-sdk-runtime-and-interaction-mechanics.md b/documentation/concepts/android-sdk-runtime-and-interaction-mechanics.md
index 57f02bca..9e55364e 100644
--- a/documentation/concepts/android-sdk-runtime-and-interaction-mechanics.md
+++ b/documentation/concepts/android-sdk-runtime-and-interaction-mechanics.md
@@ -91,7 +91,6 @@ OptimizationConfig(
     environment = "master",
     contentfulLocales = ContentfulLocales(default = "en-US"),
     locale = "en-US",
-    defaults = StorageDefaults(consent = true),
     debug = BuildConfig.DEBUG,
 )
 ```
@@ -124,8 +123,9 @@ Compose code reads these values through `collectAsState()` or effects. XML Views
 collects them from lifecycle-aware coroutines.
 
 The SDK persists state with `SharedPreferences`. `StorageDefaults` can seed values such as consent,
-profile, selected changes, and personalizations on first launch. Seeds are applied only when no
-persisted value exists, so an existing user choice is not overwritten.
+profile-continuity persistence consent, profile, selected changes, and personalizations on first
+launch. Seeds are applied only when no persisted value exists, so an existing user choice is not
+overwritten.
 
 ## Consent and event gates
 
@@ -140,7 +140,11 @@ establish profile context and anonymous screen analytics.
 | `false`       | `identify` and `screen` can emit; other events are blocked. |
 
 Call `client.consent(true)` when the visitor grants consent and `client.consent(false)` when the
-visitor rejects it. The value is persisted and restored on later launches.
+visitor rejects it. Boolean consent controls both event emission and durable profile-continuity
+persistence by default. Use `client.consent(events = true, persistence = false)` when event emission
+is allowed but profile continuity must remain session-only. Withdrawing consent purges SDK queues
+and clears SDK-managed durable profile-continuity storage while leaving active in-memory state
+available until the app resets or tears down the client.
 
 ## Entry personalization boundary
 
diff --git a/documentation/concepts/consent-management-in-the-optimization-sdk-suite.md b/documentation/concepts/consent-management-in-the-optimization-sdk-suite.md
new file mode 100644
index 00000000..544af857
--- /dev/null
+++ b/documentation/concepts/consent-management-in-the-optimization-sdk-suite.md
@@ -0,0 +1,370 @@
+---
+title: Consent management in the Optimization SDK Suite
+---
+
+# Consent management in the Optimization SDK Suite
+
+Use this document to design consent flows that use the Optimization SDK Suite without treating the
+SDK as the policy engine. It explains how the SDK stores and applies consent, how consumers can map
+consent management platform (CMP) decisions into SDK configuration, and how common regulatory
+expectations affect integration choices.
+
+This document is engineering guidance, not legal advice. Your application owns legal interpretation,
+jurisdiction detection, CMP behavior, consent records, privacy notices, and downstream destination
+policy. The SDK provides controls that can support a compliant implementation, but those controls do
+not make an application compliant by themselves.
+
+For lower-level state mechanics, see [Core state management](./core-state-management.md). For
+profile ID and cookie continuity, see
+[Profile synchronization between client and server](./profile-synchronization-between-client-and-server.md).
+For third-party analytics routing, see
+[Forwarding Optimization SDK context to analytics and tag management tools](../guides/forwarding-optimization-sdk-context-to-analytics-and-tag-management-tools.md).
+
+<details>
+  <summary>Table of Contents</summary>
+<!-- mtoc-start -->
+
+- [The consent responsibility model](#the-consent-responsibility-model)
+- [SDK consent behavior](#sdk-consent-behavior)
+  - [Stateful SDKs](#stateful-sdks)
+  - [Node and stateless runtimes](#node-and-stateless-runtimes)
+  - [Event allow-lists and blocked events](#event-allow-lists-and-blocked-events)
+  - [Revocation and profile cleanup](#revocation-and-profile-cleanup)
+- [Configure consent flows](#configure-consent-flows)
+  - [Map CMP choices to SDK state](#map-cmp-choices-to-sdk-state)
+  - [Choose a pre-consent posture](#choose-a-pre-consent-posture)
+  - [Keep server and browser policy aligned](#keep-server-and-browser-policy-aligned)
+  - [Align third-party destinations](#align-third-party-destinations)
+- [Regulatory expectations and SDK configuration](#regulatory-expectations-and-sdk-configuration)
+  - [Shared implementation principles](#shared-implementation-principles)
+  - [Regional considerations](#regional-considerations)
+- [Engineering checklist](#engineering-checklist)
+
+<!-- mtoc-end -->
+</details>
+
+## The consent responsibility model
+
+Consent is shared work between the application, the SDK, and any destinations that receive mirrored
+events.
+
+| Layer                          | Owns                                                                                           | Does not own                                                                                  |
+| ------------------------------ | ---------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| **Application or CMP**         | Notice text, choices, jurisdiction logic, consent records, purpose categories, and withdrawal. | SDK event gates, Experience API profile evaluation, or Insights API delivery.                 |
+| **Optimization SDK Suite**     | Runtime consent state, allowed-event checks, blocked-event diagnostics, and local persistence. | Legal basis selection, consent UI, proof of consent, data subject requests, or vendor policy. |
+| **Node or server application** | Request-scoped consent checks, cookies, sessions, profile persistence, and response caching.   | Stateful SDK consent storage or browser-side CMP behavior.                                    |
+| **Third-party destinations**   | Their own consent mode, opt-out handling, deletion flows, and contractual processing controls. | Optimization SDK consent state or Contentful profile evaluation.                              |
+
+The SDK's consent value is a runtime control, not a consent record. Store the user-facing consent
+receipt in the CMP, user-preference service, consent cookie, or account system your organization
+uses for audit and withdrawal.
+
+The SDK exposes event consent as its compatibility consent state and supports an optional separate
+persistence consent state for durable profile continuity. If your CMP uses separate categories for
+personalization, analytics, advertising, and third-party sharing, map those categories before
+calling `consent(true)` or `consent({ events, persistence })`. If one SDK event type or downstream
+destination is not permitted, keep the SDK denied for that flow and gate the affected method calls
+or forwarding code in the application layer.
+
+## SDK consent behavior
+
+### Stateful SDKs
+
+Stateful SDKs include the Web SDK, React Web SDK, React Native SDK, iOS SDK, and Android SDK. They
+hold event consent as one of three values:
+
+| Consent value | Meaning                                                                       |
+| ------------- | ----------------------------------------------------------------------------- |
+| `undefined`   | No SDK consent decision has been set in this runtime.                         |
+| `true`        | The SDK can emit all configured event types.                                  |
+| `false`       | The SDK blocks event types that are not present in the configured allow-list. |
+
+Stateful SDKs persist event consent in their platform storage so later visits or app launches can
+restore the decision. They also persist a separate profile-continuity persistence consent value when
+one is set. Browser SDKs use localStorage and can also use the readable `ctfl-opt-aid` cookie for
+profile continuity. React Native persists with AsyncStorage. Native iOS and Android SDKs persist
+with UserDefaults and SharedPreferences.
+
+Stateful SDKs initialize early enough to support first-render personalization, but they restore
+storage in two steps. On startup, the SDK reads consent and preference state first. It reads durable
+profile continuity, such as profile IDs, cached profile data, selected optimizations, and mobile
+profile-continuity state, only after persistence consent resolves to `true`. If persistence consent
+resolves to `false`, the SDK clears SDK-managed durable profile-continuity storage. If persistence
+consent is `undefined`, the SDK does not restore durable profile continuity.
+
+Use `defaults.consent: true` or native `StorageDefaults(consent: true)` when the application policy
+permits the SDK to start in an accepted state, including integrations that do not render an end-user
+consent UI. This starts all gated SDK events immediately and permits durable profile continuity.
+Existing boolean consent calls map to both event and persistence consent. Use
+`consent({ events: true, persistence: false })` when events are allowed but durable profile
+continuity must remain session-only. For production consent prompts, leave consent unset and call
+`consent(true)`, `consent(false)`, or object-form consent from the CMP or banner callback.
+
+### Node and stateless runtimes
+
+The Node SDK does not store consent. When the application policy permits Optimization by default,
+bind each request with accepted event and persistence consent:
+
+```ts
+const requestOptimization = optimization.forRequest({
+  consent: { events: true, persistence: true },
+  eventContext: { locale: eventLocale },
+  profile,
+})
+```
+
+When consent depends on request-specific state, server applications must read it from a
+request-scoped source, such as a consent cookie, session, account preference, or CMP token, before
+binding a request client or persisting profile identifiers.
+
+```ts
+const canEmitOptimizationEvent = request.cookies['app-personalization-consent'] === 'granted'
+
+const requestOptimization = optimization.forRequest({
+  consent: {
+    events: canEmitOptimizationEvent,
+    persistence: canEmitOptimizationEvent,
+  },
+  eventContext: { locale: eventLocale },
+  profile,
+})
+
+const data = await requestOptimization.page()
+```
+
+Node SDK event calls fail closed except for the configured `allowedEventTypes`. The Node SDK default
+allows `identify` and `page` before event consent, and those events are sent with
+`context.gdpr.isConsentGiven: false`. Pass `allowedEventTypes: []` for strict opt-in, or configure a
+narrow allowlist when legal review approves a specific pre-consent server event. Do not persist the
+returned profile ID unless request persistence consent is true:
+
+```ts
+const optimization = new ContentfulOptimization({
+  allowedEventTypes: ['page'],
+  clientId: 'your-client-id',
+})
+
+const requestOptimization = optimization.forRequest({
+  consent: { events: false, persistence: false },
+  eventContext: { locale: eventLocale },
+  profile,
+})
+
+const data = await requestOptimization.page()
+
+if (requestOptimization.canPersistProfile && data?.profile.id) {
+  persistProfileId(data.profile.id)
+}
+```
+
+A conservative server policy is:
+
+- Do not call profile-producing SDK methods when consent is unknown or denied unless legal review
+  has approved that pre-consent behavior.
+- Do not persist `profile.id` or `ctfl-opt-aid` when consent is unknown or denied.
+- Clear application-owned profile identifiers when consent revocation must end profile continuity.
+- Render baseline content when the consent policy does not permit personalization.
+
+### Event allow-lists and blocked events
+
+`allowedEventTypes` controls which event types can emit while consent is `undefined` or `false`.
+Default allow-lists differ by runtime. For example, browser guides describe `identify` and `page` as
+the Web and React Web pre-consent defaults, while mobile guides describe `identify` and `screen` as
+mobile defaults.
+
+Use the allow-list as a policy mapping tool:
+
+- Set `allowedEventTypes: []` when no Optimization event can emit before consent.
+- Remove `identify` from the allow-list when profile mutation is not allowed before consent.
+- Keep only the event types that your legal and privacy review permits for the purpose and region.
+
+The allow-list only controls event emission. It does not control when a CMP renders, when browser
+storage is read, when a server writes cookies, whether a user has received a valid notice, or
+whether a third-party destination can receive mirrored events.
+
+Allow-listed events can emit before event consent is granted, but their SDK-built payloads mark
+`context.gdpr.isConsentGiven` as `false` until event consent is explicitly `true`.
+
+When the consent guard blocks an event, the SDK writes blocked-event metadata and calls the
+configured `onEventBlocked` callback. You can also subscribe to `states.blockedEventStream` in
+stateful JavaScript SDKs. Blocked events are dropped at the SDK boundary and are not replayed after
+`consent(true)`. If the application needs an event after consent, emit a fresh `page()`,
+`identify()`, `screen()`, or interaction event when policy allows.
+
+### Revocation and profile cleanup
+
+Calling `consent(false)` blocks future non-allowed events in stateful clients and purges queued SDK
+Experience and Insights events. It also clears SDK-managed durable profile-continuity storage. It
+leaves the current in-memory profile, selected optimizations, and changes untouched so the
+application can decide whether the active session should reset. It does not erase the consent record
+in your CMP, clear server cookies, delete Contentful-side profile data, or remove application-owned
+profile continuity.
+
+When withdrawal must stop both future events and profile continuity:
+
+- Call `consent(false)` so the SDK blocks future gated events.
+- Call `reset()` in Web or React Web flows when profile, selected optimizations, changes, and the
+  in-memory browser anonymous ID need to be cleared during the active session.
+- Clear application-owned cookies, sessions, and server-side profile IDs, including any
+  server-managed `ctfl-opt-aid` value.
+- Stop Node SDK calls until request-scoped consent permits them again.
+- Apply the same withdrawal state to third-party analytics, advertising, tag management, and data
+  warehouse destinations.
+
+If withdrawal also requires deletion or suppression in external systems, implement those flows
+outside the SDK with the systems that store the data.
+
+## Configure consent flows
+
+### Map CMP choices to SDK state
+
+Treat the CMP or application preference service as the source of truth. The SDK receives the result:
+
+```ts
+cmp.onChange((choice) => {
+  const optimizationAllowed = choice.purposes.personalization && choice.purposes.analytics
+
+  optimization.consent(optimizationAllowed)
+})
+```
+
+When event emission and durable profile continuity are separate CMP choices, pass only the fields
+that changed:
+
+```ts
+cmp.onChange((choice) => {
+  optimization.consent({
+    events: choice.purposes.personalization && choice.purposes.analytics,
+    persistence: choice.purposes.profileContinuity,
+  })
+})
+```
+
+If your CMP has separate purposes, avoid mapping one accepted purpose to `consent(true)` when other
+SDK event types or mirrored destinations remain disallowed. In that case, keep the SDK denied and
+gate the allowed calls explicitly, or use `allowedEventTypes` to permit only the approved event
+types before full consent exists.
+
+### Choose a pre-consent posture
+
+There are three common implementation postures:
+
+| Posture                         | SDK configuration                                                                                                                                   | Use when                                                                                                                         |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
+| **Strict opt-in**               | Initialize with `allowedEventTypes: []`, no `defaults.consent`, and no accepted persistence consent.                                                | Policy does not permit non-essential event emission or durable profile-continuity storage before opt-in.                         |
+| **Limited pre-consent context** | Leave consent unset and use the runtime's default or custom `allowedEventTypes`; keep persistence consent unset or false.                           | Legal review permits specific first-party context events before broader tracking consent.                                        |
+| **Default-on accepted context** | Seed `defaults.consent: true` or native storage defaults; set `defaults.persistenceConsent: false` only when profile continuity should be deferred. | Application policy permits SDK event emission and profile continuity at startup, with or without a separate end-user consent UI. |
+
+For browser applications, storage policy can matter as much as event policy. If legal review treats
+SDK localStorage or the `ctfl-opt-aid` cookie as non-essential before opt-in, keep persistence
+consent unset or false and avoid server-set anonymous cookies until the CMP allows them.
+`allowedEventTypes: []` prevents event emission, while persistence consent controls whether the SDK
+restores durable profile-continuity storage. The SDK still does not own browser storage policy,
+server-set cookies, or CMP records.
+
+### Keep server and browser policy aligned
+
+Hybrid applications often run the Node SDK on the server and the Web or React Web SDK in the
+browser. Use the same consent decision on both sides:
+
+- The server reads consent before calling `page()`, `identify()`, or follow-up tracking methods and
+  calls the Node SDK only when the application policy allows the server event.
+- The browser calls `consent(true)` or `consent(false)` from the same CMP state after hydration.
+- Both runtimes clear profile continuity when withdrawal requires it.
+- The server does not set `ctfl-opt-aid` when the browser is not allowed to use profile continuity.
+
+If the server personalizes HTML while the browser denies SDK consent after hydration, the user can
+see personalized content without follow-up event collection. Decide whether that is permitted. If
+not, render baseline content until the consent state is known.
+
+### Align third-party destinations
+
+The SDK consent gate controls Optimization SDK event emission. It does not automatically configure
+Google Consent Mode, tag managers, advertising platforms, analytics warehouses, or customer data
+platforms.
+
+When forwarding SDK context or event streams:
+
+- Use the same CMP state before forwarding events to each destination.
+- Apply opt-out, global privacy signal, and sensitive-data restrictions before mirroring SDK events.
+- Avoid sending Optimization profile IDs as known-user IDs to third-party analytics tools.
+- Deduplicate events by message or event identity after consent changes so a fresh post-consent
+  event does not create duplicate downstream reporting.
+
+## Regulatory expectations and SDK configuration
+
+Use this section as an implementation lens. The linked sources describe regulatory expectations;
+your legal review decides which expectations apply to each property, region, purpose, and data flow.
+
+### Shared implementation principles
+
+Use the same SDK controls after your legal and privacy review maps the applicable rules:
+
+- Explain Optimization purposes before enabling SDK event emission when notice or consent is
+  required.
+- Keep the CMP, account system, or preference service as the consent record; SDK consent is only a
+  runtime value.
+- Map event emission, durable profile continuity, server profile IDs, and third-party destination
+  routing as separate choices when your policy separates those purposes.
+- Leave SDK consent unset, use `allowedEventTypes: []`, or defer browser SDK initialization when
+  pre-consent events, localStorage access, or cookies are not permitted.
+- Use `defaults.consent: true` only when application policy permits accepted SDK startup, such as a
+  valid existing consent record or a default-on policy.
+- Call `consent(false)` on refusal or withdrawal to block gated events, purge SDK queues, and clear
+  SDK-managed durable profile continuity. Call `reset()` plus application cookie cleanup when
+  withdrawal must also clear the active in-memory profile.
+- Gate sensitive traits, audience attributes, custom event properties, and mirrored downstream
+  events before sending them.
+
+### Regional considerations
+
+| Region or framework                     | Source links                                                                 | SDK configuration lens                                                                                                                                                              |
+| --------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| EU GDPR, ePrivacy, and UK PECR          | [EDPB GDPR][edpb-gdpr], [EDPB ePrivacy][edpb-eprivacy], [ICO PECR][ico-pecr] | Treat affirmative consent, withdrawal, and device-storage access as the primary configuration drivers. Use strict opt-in when pre-consent event or storage access is not permitted. |
+| California CCPA and CPRA                | [California CCPA and CPRA][california-ccpa]                                  | Treat opt-out of sale or sharing, global privacy signals, and sensitive-data limits as application-owned routing and payload policy before SDK calls or forwarding.                 |
+| Canada PIPEDA and Australia Privacy Act | [OPC PIPEDA][opc-pipeda], [OAIC Privacy Act][oaic-privacy]                   | Use meaningful purpose disclosure, keep a consent record outside the SDK, and apply withdrawal across SDK state, server persistence, local profile continuity, and destinations.    |
+| Brazil LGPD                             | [ANPD cookie guidance][anpd-lgpd]                                            | Present purpose categories for personalization, analytics, and sharing, then enable only the SDK event and persistence choices those purposes cover.                                |
+| India DPDP Act                          | [Digital Personal Data Protection Act, 2023][india-dpdp]                     | Sync notice, clear affirmative choice, purpose limits, and withdrawal state into browser, server, and mobile SDK runtimes.                                                          |
+
+[edpb-gdpr]:
+  https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en
+[edpb-eprivacy]:
+  https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-22023-technical-scope-art-53-eprivacy-directive_en
+[ico-pecr]:
+  https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/
+[california-ccpa]: https://oag.ca.gov/privacy/ccpa
+[opc-pipeda]:
+  https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/principles/p_consent/
+[oaic-privacy]:
+  https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/consent-to-the-handling-of-personal-information
+[anpd-lgpd]:
+  https://www.gov.br/anpd/pt-br/centrais-de-conteudo/materiais-educativos-e-publicacoes/guia_orientativo_cookies_e_protecao_de_dados_pessoais
+[india-dpdp]:
+  https://www.meity.gov.in/static/uploads/2024/02/Digital-Personal-Data-Protection-Act-2023.pdf
+
+## Engineering checklist
+
+Before releasing a consent-aware Optimization SDK integration, verify these implementation points:
+
+- Document each SDK event purpose and downstream destination in your privacy design.
+- Decide whether pre-consent SDK initialization, localStorage, cookies, or profile IDs are allowed.
+- Configure `allowedEventTypes` to match the approved pre-consent event set.
+- Seed `defaults.consent: true` only when application policy permits accepted SDK startup, such as a
+  default-on policy or an existing accepted consent record.
+- Connect the CMP or consent UI to `consent(true)` and `consent(false)` in every stateful runtime
+  when policy depends on user choice.
+- Bind Node SDK calls with `forRequest()`; use `allowedEventTypes` only for intentionally permitted
+  pre-consent server events, and never persist returned IDs unless
+  `requestOptimization.canPersistProfile` is true.
+- Clear active in-memory profile state with `reset()` and server profile cookies when revocation
+  requires it.
+- Use `consent({ events, persistence })` when event emission and durable profile continuity have
+  separate consent choices.
+- Keep mobile persisted consent aligned with account or CMP state across launches.
+- Gate `identify()` traits and custom event properties before sending sensitive or restricted data.
+- Apply the same consent, opt-out, and global privacy signal decisions before forwarding events to
+  third-party destinations.
+- Subscribe to `states.blockedEventStream` or use `onEventBlocked` during validation to confirm
+  denied events are blocked.
+- Verify post-consent flows emit fresh events instead of relying on replay of previously blocked
+  events.
diff --git a/documentation/concepts/core-state-management.md b/documentation/concepts/core-state-management.md
index e94f703a..d0c9d461 100644
--- a/documentation/concepts/core-state-management.md
+++ b/documentation/concepts/core-state-management.md
@@ -25,6 +25,7 @@ extend behavior through the consumer-facing channels the SDK provides.
 - [How state changes](#how-state-changes)
   - [Entry points for state mutation](#entry-points-for-state-mutation)
   - [How the Experience API drives state](#how-the-experience-api-drives-state)
+  - [Persistence-settled publication](#persistence-settled-publication)
   - [Consent gating](#consent-gating)
 - [What consumers receive: the `states` surface](#what-consumers-receive-the-states-surface)
   - [The `Observable` contract](#the-observable-contract)
@@ -69,6 +70,7 @@ signal.
 | Signal                  | Type                                            | Description                                                                                                               |
 | ----------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
 | `consent`               | `boolean \| undefined`                          | Whether the user has granted or denied tracking consent. `undefined` means the value has not yet been set.                |
+| `persistenceConsent`    | `boolean \| undefined`                          | Whether durable profile-continuity storage is allowed. `undefined` means the value has not yet been set.                  |
 | `profile`               | `Profile \| undefined`                          | The active user profile returned by the Experience API, including ID, traits, and location.                               |
 | `selectedOptimizations` | `SelectedOptimizationArray \| undefined`        | The set of variant selections returned by the Experience API for the current profile.                                     |
 | `changes`               | `ChangeArray \| undefined`                      | The optimization change payload returned by the Experience API, used to resolve Custom Flag values and optimized entries. |
@@ -102,7 +104,7 @@ change Core state or event streams are:
 
 | Method or surface                   | What it affects                                                                                       |
 | ----------------------------------- | ----------------------------------------------------------------------------------------------------- |
-| `consent(accept)`                   | Sets the `consent` signal.                                                                            |
+| `consent(accept)`                   | Sets event consent and, when provided, durable profile-continuity persistence consent.                |
 | `identify(payload)`                 | Sends an Experience event; updates `profile`, `selectedOptimizations`, and `changes` on response.     |
 | `page(payload)`                     | Sends an Experience event; same response-driven updates.                                              |
 | `screen(payload)`                   | Sends an Experience event; same response-driven updates.                                              |
@@ -145,6 +147,25 @@ Consumer calls sdk.page()
 Batching the writes means downstream effects and computed signals see a consistent snapshot. There
 is no intermediate state where `profile` has updated but `selectedOptimizations` has not.
 
+### Persistence-settled publication
+
+State interceptors run before Core writes Experience API response data to observable state. Runtime
+state remains memory-backed: platform storage is read during initialization to seed continuity, and
+live reads use the SDK's in-memory signals. Platform SDKs use the interceptor hook to mirror the
+same response snapshot to durable profile-continuity storage before publishing the in-memory state
+that depends on it.
+
+When durable profile-continuity persistence consent is `true`, a stateful SDK should not emit a new
+`states.profile`, `states.selectedOptimizations`, or `states.canOptimize` value for an Experience
+response until the platform storage write has either completed or failed and been handled. This does
+not make storage infallible or make storage the source of truth for live state; a failed write can
+still leave the SDK running on the response data in memory. It does mean application code and tests
+can wait for SDK-derived state instead of adding arbitrary delays before relaunch-sensitive work.
+
+When durable persistence consent is `false` or unset, profile-continuity values are not written for
+the response. The SDK may still publish in-memory state for allowed events, but that state should be
+treated as session-only.
+
 ### Consent gating
 
 The send path checks `hasConsent(methodName)` inside `sendExperienceEvent` and `sendInsightsEvent`
@@ -152,12 +173,15 @@ before a queue accepts the event. When consent is `false` or `undefined` and the
 allow-listed, the event is blocked, a `BlockedEvent` record is written to the `blockedEvent` signal,
 and the configured `onEventBlocked` callback is invoked.
 
-By default, `identify`, `page`, and `screen` are exempt from consent gating (they are in
-`allowedEventTypes`). All other event methods are gated. This default list can be changed via the
-`allowedEventTypes` configuration option.
+Core defaults `allowedEventTypes` to `[]`, so Core itself fails closed before consent. Platform SDKs
+set runtime-specific defaults for event types that are valid in that runtime. For example, Web and
+Node use `identify`/`page`, while mobile runtimes use `identify`/`screen`. This list can be changed
+via the `allowedEventTypes` configuration option.
 
-Calling `consent(true)` unblocks all gated events going forward. It does not replay events that were
-blocked before consent was granted.
+Calling `consent(true)` unblocks all gated events going forward and grants durable
+profile-continuity persistence consent. Calling `consent({ events: true, persistence: false })`
+allows event emission while keeping profile continuity session-only. Blocked events are not replayed
+after consent is granted.
 
 ## What consumers receive: the `states` surface
 
@@ -182,6 +206,7 @@ reaching your code. Mutating a received value does not affect internal signal st
 | Observable                     | Type                                                        | Description                                                                          |
 | ------------------------------ | ----------------------------------------------------------- | ------------------------------------------------------------------------------------ |
 | `states.consent`               | `Observable<boolean \| undefined>`                          | Current consent value.                                                               |
+| `states.persistenceConsent`    | `Observable<boolean \| undefined>`                          | Current durable profile-continuity persistence consent value.                        |
 | `states.profile`               | `Observable<Profile \| undefined>`                          | Active user profile.                                                                 |
 | `states.selectedOptimizations` | `Observable<SelectedOptimizationArray \| undefined>`        | Active variant selections.                                                           |
 | `states.canOptimize`           | `Observable<boolean>`                                       | `true` when variant data is available.                                               |
@@ -381,9 +406,12 @@ children can render immediately unless `onStatesReady` is provided.
 Consent is a precondition for most event emission. Set it with the `consent` method:
 
 ```ts
-// Grant consent (e.g., after the user accepts your cookie banner)
+// Grant consent after application policy allows SDK event emission.
 sdk.consent(true)
 
+// Allow events but keep durable profile continuity disabled
+sdk.consent({ events: true, persistence: false })
+
 // Revoke consent
 sdk.consent(false)
 ```
@@ -397,8 +425,11 @@ sdk.states.consent.subscribe((value) => {
 ```
 
 The SDK does not provide a consent UI. Consent policy, including when to ask, what to display, and
-how to store the user's choice, belongs to your application. The SDK exposes `consent()` to receive
-the decision and `states.consent` to let your application reflect it.
+how to store any user choice, belongs to your application. If application policy permits SDK
+activity by default, stateful SDKs can start from `defaults.consent: true` instead of rendering an
+end-user consent UI. The SDK exposes `consent()` to receive runtime changes and `states.consent` to
+let your application reflect them. Use `states.persistenceConsent` when the application needs to
+reflect whether durable profile-continuity storage is allowed separately from event emission.
 
 ### Resetting state
 
diff --git a/documentation/concepts/entry-personalization-and-variant-resolution.md b/documentation/concepts/entry-personalization-and-variant-resolution.md
index a6ca9a27..47fb7f5b 100644
--- a/documentation/concepts/entry-personalization-and-variant-resolution.md
+++ b/documentation/concepts/entry-personalization-and-variant-resolution.md
@@ -302,7 +302,14 @@ The Node SDK is stateless. Pass the request-local `selectedOptimizations` return
 `identify()`, `screen()`, `track()`, or sticky `trackView()`.
 
 ```ts
-const optimizationData = await optimization.page({ profile, properties: { path: req.path } })
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  profile,
+})
+
+const optimizationData = await requestOptimization.page({
+  properties: { path: req.path },
+})
 const { entry, selectedOptimization } = optimization.resolveOptimizedEntry(
   baselineEntry,
   optimizationData?.selectedOptimizations,
diff --git a/documentation/concepts/interaction-tracking-in-node-and-stateless-environments.md b/documentation/concepts/interaction-tracking-in-node-and-stateless-environments.md
index b0029eb9..e85557c8 100644
--- a/documentation/concepts/interaction-tracking-in-node-and-stateless-environments.md
+++ b/documentation/concepts/interaction-tracking-in-node-and-stateless-environments.md
@@ -82,7 +82,7 @@ does not retain profile, consent, page, cookie, session, or browser-storage stat
 In practice, the application must supply:
 
 - the current profile ID, usually from `ANONYMOUS_ID_COOKIE` (`ctfl-opt-aid`) or a session
-- the consent decision, usually from an application-owned consent cookie, session, or user setting
+- the application policy decision for whether the server should call the SDK
 - page context such as `path`, `url`, `referrer`, `query`, and locale
 - user agent and optional IP override when server-side evaluation needs client request metadata
 - the selected entry metadata needed for entry interaction events
@@ -96,15 +96,15 @@ were pure data lookups.
 
 Tracking uses two API paths with different semantics:
 
-| Path           | Methods                                                                     | Purpose                                                        | Profile behavior                                                                             |
-| -------------- | --------------------------------------------------------------------------- | -------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
-| Experience API | `page()`, `identify()`, `screen()`, `track()`, sticky `trackView()`         | Evaluates or updates a profile and returns `OptimizationData`. | Uses `payload.profile?.id` in stateless Node calls. If absent, the API can create a profile. |
-| Insights API   | non-sticky `trackView()`, `trackClick()`, `trackHover()`, `trackFlagView()` | Sends fire-and-forget Analytics interaction events.            | Requires a profile in stateless Node calls because there is no ambient SDK state.            |
+| Path           | Methods                                                                     | Purpose                                                        | Profile behavior                                                                        |
+| -------------- | --------------------------------------------------------------------------- | -------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
+| Experience API | `page()`, `identify()`, `screen()`, `track()`, sticky `trackView()`         | Evaluates or updates a profile and returns `OptimizationData`. | Uses the profile ID bound with `forRequest()`. If absent, the API can create a profile. |
+| Insights API   | non-sticky `trackView()`, `trackClick()`, `trackHover()`, `trackFlagView()` | Sends fire-and-forget Analytics interaction events.            | Requires a request-bound profile because there is no ambient SDK state.                 |
 
 Sticky entry views are the exception that touches both paths. In Node, `trackView({ sticky: true })`
 sends a view event through Experience first, then sends the paired Insights event using the profile
 returned by the Experience response. Non-sticky `trackView()` only uses Insights and therefore
-requires `payload.profile.id`.
+requires a request-bound profile ID.
 
 The interaction wire event types are:
 
@@ -123,6 +123,10 @@ Server-side `page()` is the normal SSR entry point. It records the page request,
 `OptimizationData`, and gives the server `profile`, `selectedOptimizations`, and `changes` for the
 render.
 
+The examples below bind application-owned consent into a request-scoped client. Node SDK event calls
+fail closed except for the configured `allowedEventTypes`; the Node default permits `identify` and
+`page` before consent and labels those events as not consented.
+
 Event `context.locale` is event data. It can be used by analytics and audience rules that inspect
 event context, but it does not choose the CDA locale for Contentful entry fetches and it is separate
 from the Experience API request `locale` query parameter. For the broader locale model, see
@@ -130,12 +134,13 @@ from the Experience API request `locale` query parameter. For the broader locale
 
 ```ts
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-
-const pageResponse = await optimization.page(
-  {
+const requestOptimization = optimization.forRequest({
+  consent: {
+    events: appPolicyAllowsOptimizationEvent(req),
+    persistence: appPolicyAllowsOptimizationEvent(req),
+  },
+  eventContext: {
     locale: eventLocale,
-    profile: profileId ? { id: profileId } : undefined,
     page: {
       path: req.path,
       query,
@@ -145,28 +150,31 @@ const pageResponse = await optimization.page(
     },
     userAgent: req.get('user-agent') ?? 'node-server',
   },
-  requestOptions,
-)
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: profileId ? { id: profileId } : undefined,
+})
+
+const pageResponse = await requestOptimization.page()
 ```
 
 Use server-side `track()` for server-known business events:
 
 ```ts
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-
-await optimization.track(
-  {
-    profile: pageResponse.profile,
-    locale: eventLocale,
-    event: 'quote_requested',
-    properties: {
-      plan: 'enterprise',
-      source: 'pricing-page',
-    },
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  eventContext: { locale: eventLocale },
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: pageResponse.profile,
+})
+
+await requestOptimization.track({
+  event: 'quote_requested',
+  properties: {
+    plan: 'enterprise',
+    source: 'pricing-page',
   },
-  requestOptions,
-)
+})
 ```
 
 Use server-side `trackView()` only when the event definition is "the server rendered this entry into
@@ -177,21 +185,21 @@ visibility, use browser tracking.
 import { randomUUID } from 'node:crypto'
 
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-
-await optimization.trackView(
-  {
-    profile: pageResponse.profile,
-    locale: eventLocale,
-    componentId: resolvedEntry.sys.id,
-    experienceId: selectedOptimization?.experienceId,
-    sticky: selectedOptimization?.sticky ?? false,
-    variantIndex: selectedOptimization?.variantIndex,
-    viewDurationMs: 0,
-    viewId: randomUUID(),
-  },
-  requestOptions,
-)
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  eventContext: { locale: eventLocale },
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: pageResponse.profile,
+})
+
+await requestOptimization.trackView({
+  componentId: resolvedEntry.sys.id,
+  experienceId: selectedOptimization?.experienceId,
+  sticky: selectedOptimization?.sticky ?? false,
+  variantIndex: selectedOptimization?.variantIndex,
+  viewDurationMs: 0,
+  viewId: randomUUID(),
+})
 ```
 
 Use `trackClick()` and `trackHover()` on the server only for interactions that the server actually
@@ -349,8 +357,8 @@ the browser.
 Keep personalization server-owned by enforcing these boundaries:
 
 - Server-only modules, routes, loaders, middleware, actions, or Server Components import
-  `@contentful/optimization-node`, call `sdk.page()`, call `sdk.resolveOptimizedEntry(...)`, and
-  render plain React elements.
+  `@contentful/optimization-node`, call `requestOptimization.page()`, call
+  `sdk.resolveOptimizedEntry(...)`, and render plain React elements.
 - Server-rendered entry wrappers include `data-ctfl-entry-id` and `data-ctfl-baseline-id`, so the
   browser tracking runtime can observe them after hydration.
 - Client-only modules import `@contentful/optimization-react-web` for `OptimizationRoot`, router
diff --git a/documentation/concepts/interaction-tracking-in-web-sdks.md b/documentation/concepts/interaction-tracking-in-web-sdks.md
index 0d3167dd..150a1461 100644
--- a/documentation/concepts/interaction-tracking-in-web-sdks.md
+++ b/documentation/concepts/interaction-tracking-in-web-sdks.md
@@ -59,11 +59,11 @@ allowed, which event type it becomes, and which queue receives it.
 
 ## Layer responsibilities
 
-| Layer                                | Responsibility in interaction tracking                                                                                                                                       |
-| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `@contentful/optimization-core`      | Builds `page`, `identify`, `track`, entry view, entry click, entry hover, and Custom Flag view events. Applies consent gates. Queues Experience API and Insights API work.   |
-| `@contentful/optimization-web`       | Initializes Core for a browser runtime. Persists consent, profile data, selected optimizations, and anonymous IDs. Discovers tracked DOM elements and observes interactions. |
-| `@contentful/optimization-react-web` | Creates and tears down the Web SDK instance, resolves entries in React, emits `data-ctfl-*` attributes, exposes the SDK instance, and emits router-driven `page()` calls.    |
+| Layer                                | Responsibility in interaction tracking                                                                                                                                                                                |
+| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `@contentful/optimization-core`      | Builds `page`, `identify`, `track`, entry view, entry click, entry hover, and Custom Flag view events. Applies consent gates. Queues Experience API and Insights API work.                                            |
+| `@contentful/optimization-web`       | Initializes Core for a browser runtime. Persists consent and, when persistence consent permits it, profile data, selected optimizations, and anonymous IDs. Discovers tracked DOM elements and observes interactions. |
+| `@contentful/optimization-react-web` | Creates and tears down the Web SDK instance, resolves entries in React, emits `data-ctfl-*` attributes, exposes the SDK instance, and emits router-driven `page()` calls.                                             |
 
 The application still owns Contentful fetching, rendering policy, consent UX, identity policy, route
 ownership, and any business event taxonomy passed to `track()`.
@@ -100,9 +100,9 @@ fields such as `viewId`, `componentId`, `experienceId`, and `variantIndex`, not
 
 ## Consent and profile gates
 
-The Web SDK defaults `allowedEventTypes` to `['identify', 'page']`. Until consent is accepted, Core
-blocks non-allowed event types such as `track`, `component`, `component_click`, and
-`component_hover`.
+The Web SDK defaults `allowedEventTypes` to `['identify', 'page']`. Until consent is granted or an
+event type is allow-listed, Core blocks non-allowed event types such as `track`, `component`,
+`component_click`, and `component_hover`.
 
 Consent affects two parts of automatic entry tracking:
 
@@ -372,10 +372,11 @@ The Web SDK wires browser lifecycle events into this queue model:
 - `visibilitychange`, `pagehide`, and `beforeunload` call `flush()` once per hide cycle.
 - Insights delivery uses the configured beacon handler, which defaults to `navigator.sendBeacon()`.
 
-Browser persistence is best-effort. Consent, profile, selected optimizations, Custom Flag changes,
-and the anonymous ID are read from `localStorage` at startup when available. The anonymous ID is
-also persisted in the `ctfl-opt-aid` cookie and migrated from the legacy anonymous ID cookie when
-present.
+Browser persistence is best-effort. Consent is read from `localStorage` at startup when available.
+Profile-continuity values such as profile, selected optimizations, Custom Flag changes, and
+anonymous ID are read only when persistence consent permits it. The anonymous ID is also persisted
+in the `ctfl-opt-aid` cookie and migrated from the legacy anonymous ID cookie when profile
+continuity is enabled.
 
 ## Debugging model
 
diff --git a/documentation/concepts/ios-sdk-runtime-and-interaction-mechanics.md b/documentation/concepts/ios-sdk-runtime-and-interaction-mechanics.md
index 4f1b4cce..75a554d6 100644
--- a/documentation/concepts/ios-sdk-runtime-and-interaction-mechanics.md
+++ b/documentation/concepts/ios-sdk-runtime-and-interaction-mechanics.md
@@ -83,7 +83,6 @@ OptimizationConfig(
     environment: "master",
     contentfulLocales: ContentfulLocales(default: "en-US"),
     locale: "en-US",
-    defaults: StorageDefaults(consent: true),
     debug: true
 )
 ```
@@ -116,8 +115,14 @@ SwiftUI code reads these values through `@EnvironmentObject`. UIKit code can sub
 Combine publishers such as `client.$state` and `client.$selectedPersonalizations`.
 
 The SDK persists state with `UserDefaults`. `StorageDefaults` can seed values such as consent,
-profile, selected changes, and personalizations on first launch. Seeds are applied only when no
-persisted value exists, so an existing user choice is not overwritten.
+profile-continuity persistence consent, profile, selected changes, and personalizations on first
+launch. Seeds are applied only when no persisted value exists, so an existing user choice is not
+overwritten.
+
+When durable profile-continuity persistence is allowed, the client writes profile-continuity values
+to `UserDefaults` before publishing the corresponding state snapshot and selected personalizations.
+Application code and XCUITest flows can wait for SDK-derived state rather than adding storage-timing
+delays before relaunching.
 
 ## Consent and event gates
 
@@ -132,7 +137,18 @@ establish profile context and anonymous screen analytics.
 | `false`       | `identify` and `screen` can emit; other events are blocked. |
 
 Call `client.consent(true)` when the visitor grants consent and `client.consent(false)` when the
-visitor rejects it. The value is persisted and restored on later launches.
+visitor rejects it. Boolean consent controls both event emission and durable profile-continuity
+persistence by default. Use `client.consent(events:persistence:)` when event emission and durable
+profile continuity need separate policy decisions:
+
+```swift
+client.consent(events: true, persistence: false)
+```
+
+Read `client.state.consent` for event consent and `client.state.persistenceConsent` for durable
+profile-continuity persistence consent. Withdrawing consent purges SDK queues and clears SDK-managed
+durable profile-continuity storage while leaving active in-memory state available until the app
+resets or tears down the client.
 
 ## Entry personalization boundary
 
diff --git a/documentation/concepts/locale-handling-in-the-optimization-sdk-suite.md b/documentation/concepts/locale-handling-in-the-optimization-sdk-suite.md
index 3d77a751..4bb66f81 100644
--- a/documentation/concepts/locale-handling-in-the-optimization-sdk-suite.md
+++ b/documentation/concepts/locale-handling-in-the-optimization-sdk-suite.md
@@ -318,16 +318,16 @@ Stateless Node code passes the Experience API locale per request:
 
 ```ts
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  eventContext: { locale: eventLocale },
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: { id: profileId },
+})
 
-const data = await optimization.page(
-  {
-    locale: eventLocale,
-    profile: { id: profileId },
-    properties: { path: req.path },
-  },
-  requestOptions,
-)
+const data = await requestOptimization.page({
+  properties: { path: req.path },
+})
 ```
 
 Use the same resolved Contentful locale for CDA and Experience API requests when merge tags must
diff --git a/documentation/concepts/profile-synchronization-between-client-and-server.md b/documentation/concepts/profile-synchronization-between-client-and-server.md
index 66d90915..bf7c6f4a 100644
--- a/documentation/concepts/profile-synchronization-between-client-and-server.md
+++ b/documentation/concepts/profile-synchronization-between-client-and-server.md
@@ -125,7 +125,10 @@ sticky `trackView()`.
 
 Stateful SDKs write that response to in-memory signals as a single batch. This means subscribers see
 the profile, selected optimizations, and changes as one consistent snapshot. Browser and React
-Native packages then persist that snapshot through platform-specific effects.
+Native packages read platform storage during initialization to seed continuity, then live SDK state
+reads come from memory. When durable profile-continuity persistence consent is enabled, those
+packages mirror the same response snapshot to platform storage before the new observable in-memory
+state is published.
 
 Stateless SDKs return the same `OptimizationData` to the caller and do not retain it. The caller
 decides what to render, what to persist, and what to pass into later SDK calls.
@@ -133,25 +136,25 @@ decides what to render, what to persist, and what to pass into later SDK calls.
 ## Server-side mechanics
 
 The Node SDK extends the stateless Core runtime. Create the Node SDK once per process or module, but
-pass request-scoped inputs into every SDK method call.
+bind request-scoped inputs with `forRequest()` before calling event methods.
 
 ### Profile upsert behavior
 
-In Node, Experience methods use `payload.profile?.id` as the profile selector:
+In Node, Experience methods use the request-bound profile ID as the profile selector:
 
 ```ts
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
 const profileId = req.cookies[ANONYMOUS_ID_COOKIE]
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  eventContext: { locale: eventLocale },
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: profileId ? { id: profileId } : undefined,
+})
 
-const optimizationData = await optimization.page(
-  {
-    locale: eventLocale,
-    profile: profileId ? { id: profileId } : undefined,
-    properties: { path: req.path },
-  },
-  requestOptions,
-)
+const optimizationData = await requestOptimization.page({
+  properties: { path: req.path },
+})
 ```
 
 For the difference between `contentfulLocale`, `eventLocale`, and the Experience API request
@@ -161,10 +164,10 @@ For the difference between `contentfulLocale`, `eventLocale`, and the Experience
 The Node SDK passes that ID to the Experience API as `profileId`. If the ID is absent, the API can
 create a profile and return the new `profile.id`.
 
-Insights-only stateless methods need an explicit profile because there is no ambient state. For
-example, non-sticky `trackView()`, `trackClick()`, `trackHover()`, and `trackFlagView()` require
-`payload.profile.id`. Sticky `trackView()` first sends an Experience event and can use the returned
-profile for the paired Insights event.
+Insights-only stateless methods need a request-bound profile because there is no ambient state. For
+example, non-sticky `trackView()`, `trackClick()`, `trackHover()`, and `trackFlagView()` require a
+profile ID passed to `forRequest()`. Sticky `trackView()` first sends an Experience event and can
+use the returned profile for the paired Insights event.
 
 ### Request-scoped state
 
@@ -221,18 +224,34 @@ The Web SDK persists these values in localStorage:
 | Key                                   | Contents                                                                |
 | ------------------------------------- | ----------------------------------------------------------------------- |
 | `__ctfl_opt_anonymous_id__`           | Anonymous profile ID used by future browser Experience calls.           |
-| `__ctfl_opt_consent__`                | `'accepted'`, `'denied'`, or absent.                                    |
+| `__ctfl_opt_consent__`                | SDK event consent value.                                                |
+| `__ctfl_opt_persistence_consent__`    | SDK durable profile-continuity persistence consent value.               |
 | `__ctfl_opt_profile__`                | Full `Profile` returned by the Experience API.                          |
 | `__ctfl_opt_selected-optimizations__` | Selected optimization records used for browser-side variant resolution. |
 | `__ctfl_opt_changes__`                | Change records used for Custom Flags.                                   |
 | `__ctfl_opt_debug__`                  | Debug logging toggle.                                                   |
 
+The `app-personalization-consent` name appears in examples only as an application-owned consent
+cookie (`'granted'`, `'denied'`, or absent) that server and browser code can read. It is not an SDK
+localStorage key.
+
 Structured cache values are schema-validated when they are read. Malformed JSON or invalid shapes
 are removed instead of being used as SDK state.
 
 The browser also persists the profile ID in the `ctfl-opt-aid` cookie. This cookie is the only
 built-in browser-server synchronization channel.
 
+Persistence consent controls whether the SDK writes and reloads the profile-continuity keys:
+anonymous ID, profile, selected optimizations, changes, and the `ctfl-opt-aid` cookie. It does not
+disable SDK storage of `__ctfl_opt_consent__` or `__ctfl_opt_debug__`.
+
+Stateful browser and mobile SDKs treat profile-continuity persistence as a durability gate around
+publishing an Experience response, not as the source for live state reads. When persistence consent
+is granted, SDK-derived identified state is visible only after the relevant storage write for that
+same response snapshot has settled or failed gracefully. Consumers should still handle storage
+failure as a possible durability loss, but they should not need sleeps between observing identified
+SDK state and relaunching, navigating, or terminating an app in tests.
+
 ### Cookie and localStorage reconciliation
 
 The Web SDK keeps the cookie and localStorage anonymous ID aligned:
@@ -270,8 +289,9 @@ queue logs a warning and skips delivery.
 
 A Node and Web SDK application usually follows this lifecycle:
 
-1. **First server request.** The request has no `ctfl-opt-aid` cookie. The server calls `page()` or
-   `identify()` without a profile ID. The Experience API creates or evaluates a profile.
+1. **First server request.** The request has no `ctfl-opt-aid` cookie. If the application's consent
+   policy permits the server event, the server calls `page()` or `identify()` without a profile ID.
+   The Experience API creates or evaluates a profile.
 2. **Server response.** The server persists the returned `profile.id` in `ctfl-opt-aid` with
    `path: '/'` and a readable cookie policy for browser code.
 3. **Browser initialization.** The Web SDK reads the cookie. If localStorage has a different
@@ -298,17 +318,17 @@ On the server, pass the current anonymous profile ID when identifying a known us
 
 ```ts
 const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-
-const identifyResponse = await optimization.identify(
-  {
-    locale: eventLocale,
-    profile: { id: anonymousId },
-    userId,
-    traits: { authenticated: true },
-  },
-  requestOptions,
-)
+const requestOptimization = optimization.forRequest({
+  consent: true,
+  eventContext: { locale: eventLocale },
+  experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+  profile: { id: anonymousId },
+})
+
+const identifyResponse = await requestOptimization.identify({
+  userId,
+  traits: { authenticated: true },
+})
 ```
 
 Then render and persist from the response that matches the user state you want for that response. If
@@ -366,12 +386,14 @@ Different lifecycle methods have different synchronization effects:
 | ----------------------------- | ------------------------------------------------------------------------------------------------------ |
 | `optimization.reset()` in Web | Clears profile, selected optimizations, changes, event streams, anonymous ID localStorage, and cookie. |
 | `LocalStore.reset()` default  | Clears profile-related browser caches and anonymous ID, but preserves consent and debug values.        |
-| `optimization.consent(false)` | Blocks gated future events in stateful clients. It does not clear the profile ID by itself.            |
+| `optimization.consent(false)` | Blocks gated future events, purges SDK queues, and clears SDK-managed durable profile continuity.      |
 | `optimization.destroy()`      | Flushes queues and releases runtime listeners. It does not clear persisted user state.                 |
 | Server consent revocation     | Must clear the application-owned consent state and any persisted profile ID such as `ctfl-opt-aid`.    |
 
-If consent revocation must also remove profile continuity, call `reset()` in the browser and clear
-the server-side cookie or session value in the same user flow.
+`consent(false)` leaves the active in-memory SDK profile, selected optimizations, and changes
+available until the application calls `reset()` or tears down the runtime. If consent revocation
+must also remove active session personalization, call `reset()` in the browser and clear the
+server-side cookie or session value in the same user flow.
 
 ## Edge cases and failure modes
 
diff --git a/documentation/concepts/react-native-sdk-interaction-tracking-mechanics.md b/documentation/concepts/react-native-sdk-interaction-tracking-mechanics.md
index 4aeb73ad..6ee5fa1f 100644
--- a/documentation/concepts/react-native-sdk-interaction-tracking-mechanics.md
+++ b/documentation/concepts/react-native-sdk-interaction-tracking-mechanics.md
@@ -21,8 +21,8 @@ If you drop `OptimizationRoot` at the top, wrap `NavigationContainer` in
 - **Identify/screen events before consent** (blocked events: everything else until consent is
   `true`).
 - **Offline queueing and background flushing** when `@react-native-community/netinfo` is installed.
-- **Persistence across launches** via AsyncStorage (consent, profile, anonymous ID, selected
-  optimizations).
+- **Persistence across launches** via AsyncStorage for consent state and, when persistence consent
+  permits it, profile-continuity values such as profile, anonymous ID, and selected optimizations.
 
 Things you still have to enable yourself:
 
@@ -164,7 +164,7 @@ The React Native SDK layers RN-specific behavior on top:
    resumes flushing. If NetInfo is not installed the SDK logs a warning and stays always-online —
    you keep tracking but lose offline durability.
 2. **Background flushing.** On `AppState` transition to `background` or `inactive`, the SDK calls
-   `flush()` to drain the queue before the OS might suspend the process.
+   `flush()` and drains pending AsyncStorage persistence before the OS might suspend the process.
 3. **Final view event on background.** If an entry is mid-visibility-cycle when the app backgrounds,
    `useViewportTracking` pauses, emits a final view event if at least one event already fired, and
    resets.
@@ -176,24 +176,40 @@ configuration entry point.
 
 ### Persistence via AsyncStorage
 
-`AsyncStorageStore` persists the following across launches so tracking decisions and variant
-assignments survive a cold start:
+`AsyncStorageStore` persists consent-related state independently from profile-continuity values:
+
+| Key                       | Contents                                 |
+| ------------------------- | ---------------------------------------- |
+| `CONSENT_KEY`             | `'accepted'` / `'denied'` / absent.      |
+| `PERSISTENCE_CONSENT_KEY` | `'accepted'` / `'denied'` / absent.      |
+| `DEBUG_FLAG_KEY`          | Forces `logLevel` to `'debug'` when set. |
+
+Profile-continuity values persist and reload only when persistence consent allows durable storage:
 
 | Key                                | Contents                                                                           |
 | ---------------------------------- | ---------------------------------------------------------------------------------- |
-| `CONSENT_KEY`                      | `'accepted'` / `'denied'` / absent.                                                |
 | `PROFILE_CACHE_KEY`                | The aggregated profile returned from the Experience API.                           |
 | `SELECTED_OPTIMIZATIONS_CACHE_KEY` | Current audience/variant assignments. Drives which variant renders on next launch. |
 | `ANONYMOUS_ID_KEY`                 | Stable anonymous identifier until `identify` is called.                            |
 | `CHANGES_CACHE_KEY`                | Pending profile changes.                                                           |
-| `DEBUG_FLAG_KEY`                   | Forces `logLevel` to `'debug'` when set.                                           |
 
 Persistence is best-effort; write failures keep the SDK running on in-memory state. Structured
 values are schema-validated on load; malformed JSON is evicted.
 
-Why this matters for tracking: selected optimizations persist, so a user placed in Variant B
-continues to see it on the next launch and view/tap events carry the correct `experienceId` /
-`variantIndex` without re-round-tripping Experience first.
+AsyncStorage is not the source for live state reads after SDK initialization. The SDK hydrates
+allowed continuity values into memory during startup, then `sdk.states`, entry rendering, tracking
+metadata, and later Experience requests read from in-memory SDK state.
+
+AsyncStorage writes are serialized. When persistence consent permits durable profile continuity,
+Experience responses from `identify`, `page`, `screen`, `track`, or sticky `trackView` are mirrored
+to storage before the SDK publishes the resulting profile, selected optimizations, or changes
+through `sdk.states`. If AsyncStorage rejects a write, the SDK logs the failure and publishes the
+in-memory state only after that failure has been handled.
+
+Why this matters for tracking: when persistence consent permits durable profile continuity, selected
+optimizations persist, so a user placed in Variant B continues to see it on the next launch and
+view/tap events carry the correct `experienceId` / `variantIndex` without re-round-tripping
+Experience first.
 
 ## 3. Consent gating
 
@@ -216,13 +232,21 @@ To widen the default pre-consent allow-list, pass `allowedEventTypes` to `Optimi
 </OptimizationRoot>
 ```
 
+For default-on application policies without an end-user consent prompt, set
+`defaults={{ consent: true }}` on `OptimizationRoot` during initialization. Avoid setting default
+consent later from a component effect; that delays persistence policy until after child effects can
+start emitting events.
+
 When consent flips:
 
 - **`consent(true)`** — new events flow normally. Blocked events are _not_ retroactively replayed;
-  they were dropped at the guard (you can observe this via `onEventBlocked`). Consent persists to
-  AsyncStorage.
+  they were dropped at the guard (you can observe this via `onEventBlocked`). Event consent and
+  durable profile-continuity persistence consent persist to AsyncStorage.
+- **`consent({ events: true, persistence: false })`** — new events flow normally, but profile,
+  selected optimizations, changes, and the anonymous ID stay session-only until persistence consent
+  is granted.
 - **`consent(false)`** — the allow-list gate re-engages. In-flight events that already cleared the
-  guard continue to flush.
+  guard are purged from SDK queues. SDK-managed durable profile-continuity storage is cleared.
 
 ### "Why is nothing tracking?"
 
@@ -453,14 +477,15 @@ ones.
 
 ### OptimizationRoot props
 
-| Prop                    | Type                   | Default                        | Controls                                                                                          |
-| ----------------------- | ---------------------- | ------------------------------ | ------------------------------------------------------------------------------------------------- |
-| `trackEntryInteraction` | `{ views?, taps? }`    | `{ views: true, taps: false }` | Default view/tap tracking for every `<OptimizedEntry>`. Omitted keys fall back to the defaults.   |
-| `liveUpdates`           | `boolean`              | `false`                        | Global live-updates default. When `false`, `<OptimizedEntry>` locks to the first variant it sees. |
-| `previewPanel`          | `PreviewPanelConfig`   | `undefined`                    | Forces `liveUpdates = true` whenever the panel is open (cannot be overridden).                    |
-| `onStatesReady`         | `(states) => cleanup`  | `undefined`                    | Registers app-level state subscribers when SDK state is ready.                                    |
-| `defaults.consent`      | `boolean \| undefined` | `undefined`                    | Initial consent state at startup. Overridden by `consent()` calls at runtime.                     |
-| `allowedEventTypes`     | `EventType[]`          | `['identify', 'screen']`       | Event types permitted while consent is `undefined` or `false`.                                    |
+| Prop                          | Type                   | Default                        | Controls                                                                                                            |
+| ----------------------------- | ---------------------- | ------------------------------ | ------------------------------------------------------------------------------------------------------------------- |
+| `trackEntryInteraction`       | `{ views?, taps? }`    | `{ views: true, taps: false }` | Default view/tap tracking for every `<OptimizedEntry>`. Omitted keys fall back to the defaults.                     |
+| `liveUpdates`                 | `boolean`              | `false`                        | Global live-updates default. When `false`, `<OptimizedEntry>` locks to the first variant it sees.                   |
+| `previewPanel`                | `PreviewPanelConfig`   | `undefined`                    | Forces `liveUpdates = true` whenever the panel is open (cannot be overridden).                                      |
+| `onStatesReady`               | `(states) => cleanup`  | `undefined`                    | Registers app-level state subscribers when SDK state is ready.                                                      |
+| `defaults.consent`            | `boolean \| undefined` | `undefined`                    | Initial consent state at startup. Overridden by `consent()` calls at runtime.                                       |
+| `defaults.persistenceConsent` | `boolean \| undefined` | `undefined`                    | Initial durable profile-continuity persistence consent. Boolean `defaults.consent` seeds both when this is omitted. |
+| `allowedEventTypes`           | `EventType[]`          | `['identify', 'screen']`       | Event types permitted while consent is `undefined` or `false`.                                                      |
 
 The "`{ views: true, taps: false }`" default is the root interaction-tracking context default. Use
 `onStatesReady` when diagnostics or app-level observers should attach as soon as SDK state exists
@@ -628,6 +653,10 @@ What fires:
   before the OS suspends the process.
 - **Offline** — events buffer; they replay on reconnect.
 
+If application policy depends on user choice, omit `defaults={{ consent: true }}` and call
+`optimization.consent(true)` from the application-owned consent UI. Until that happens, view and tap
+events wait behind the consent gate.
+
 For the broader integration walkthrough, read the
 [React Native SDK integration guide](../guides/integrating-the-react-native-sdk-in-a-react-native-app.md).
 
diff --git a/documentation/guides/AGENTS.md b/documentation/guides/AGENTS.md
index 26c74e03..838402d0 100644
--- a/documentation/guides/AGENTS.md
+++ b/documentation/guides/AGENTS.md
@@ -1,82 +1,41 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `documentation/AGENTS.md`, before this file.
-
-These instructions apply to public integration guides under `documentation/guides/`.
-
-## Directory README
-
-- Keep `Choosing the right SDK` under `## Start here`.
-- List implementation guides under `## Integration guides` in platform/layer order:
-  1. Node
-  2. Web
-  3. React Web
-  4. React Native
-  5. iOS SwiftUI
-  6. iOS UIKit
-  7. Next.js SSR-primary
-  8. Next.js hybrid SSR + CSR takeover
-
-## Integration guide structure
-
-Use this structure for implementation guides:
-
-1. H1: `# Integrating the Optimization <SDK name> SDK in a <runtime> app`
-2. A short introduction that starts with the reader's implementation goal, usually
-   `Use this guide when...`
-3. A collapsible table of contents immediately after the introduction and before the first `##`
-   section.
-4. `## Scope and capabilities`
-5. `## The integration flow`
-6. Numbered `##` sections for core implementation steps only.
-7. Unnumbered `##` sections for optional or informative material.
-8. `## Reference implementations to compare against`
-
-Do not place a table of contents after a section it outlines. Do not turn an implementation guide
-into a deep mechanics reference. Link to a concept document when the reader needs lower-level
-behavior details.
-
-When extracting dense material from a package README, prefer updating the existing guide for that
-runtime. Keep package setup choices, common configuration, and workflow sequencing in the guide;
-keep method-by-method API details in TypeDoc. Create a new guide only when the extracted material
-has a distinct implementation goal that is not covered by an existing guide.
-
-## Table of contents
-
-Every guide must include this TOC wrapper:
-
-```md
-<details>
-  <summary>Table of Contents</summary>
-<!-- mtoc-start -->
-
-<!-- mtoc-end -->
-</details>
-```
-
-- The TOC block must appear before the first `##` heading.
-- Keep TOC entries and anchors synchronized with the headings after any heading edit.
-- Include both `##` and relevant `###` headings in the TOC.
-
-## Numbering rules
-
-- Number only core implementation steps.
-- Do not number optional or informational sections such as live updates, preview panels, caching
-  notes, hybrid architecture notes, or reference sections.
-- If a section is optional, say so in prose near the integration flow instead of making it part of
-  the numbered flow.
-
-## Reference implementation policy
-
-- Only link to or mention reference implementations that are co-located in this monorepo.
-- Do not link to or mention external demo applications.
-- Mention relevant monorepo reference implementations briefly near the top of an integration guide,
-  usually in `The integration flow`.
-- Expand reference links in `Reference implementations to compare against`.
-- Link to implementation READMEs, not implementation source files. Describe the demonstrated
-  workflow in prose when a specific implementation area matters.
-
-## Validation
-
-- For guide edits, verify that each TOC block appears before the first `##` and that TOC anchors
-  resolve to headings.
+Applies to public integration guides under `documentation/guides/`.
+
+## Guide shape
+
+- Directory README: keep `Choosing the right SDK` under `## Start here`; list implementation guides
+  under `## Integration guides` in platform/layer order: Node, Web, React Web, React Native, iOS
+  SwiftUI, iOS UIKit, Next.js SSR-primary, Next.js hybrid SSR + CSR takeover.
+- Implementation guide H1 format:
+  `# Integrating the Optimization <SDK name> SDK in a <runtime> app`.
+- Open with the reader goal, usually `Use this guide when...`, then place the collapsible TOC before
+  the first `##`.
+- Standard section flow: `## Scope and capabilities`, `## The integration flow`, numbered core
+  implementation steps, optional/informational sections, and
+  `## Reference implementations to compare against`.
+- Keep minimum viable/default setup before stricter consent, persistence, hybrid, troubleshooting,
+  or regulatory variants.
+- Consent guidance must include default-on accepted startup when supported and frame UI/CMP wiring
+  as application-policy dependent.
+- When extracting README material, update the existing runtime guide when possible; TypeDoc owns
+  method-by-method API detail.
+
+## TOC and numbering
+
+- Preserve the guide TOC wrapper with `<!-- mtoc-start -->` and `<!-- mtoc-end -->`.
+- Include `##` and relevant `###` headings in the TOC; keep anchors synchronized after heading
+  edits.
+- Number only core implementation steps. Do not number optional live-update, preview-panel, caching,
+  hybrid, troubleshooting, or reference sections.
+
+## Reference implementations
+
+- Link only to monorepo reference implementation READMEs, not external demos or implementation
+  source files.
+- Mention relevant implementations briefly near the top, then expand links in
+  `Reference implementations to compare against`.
+
+## Validate
+
+- For guide edits, verify the TOC appears before the first `##` and TOC anchors resolve to headings.
diff --git a/documentation/guides/forwarding-optimization-sdk-context-to-analytics-and-tag-management-tools.md b/documentation/guides/forwarding-optimization-sdk-context-to-analytics-and-tag-management-tools.md
index f24a3617..c9a3feb2 100644
--- a/documentation/guides/forwarding-optimization-sdk-context-to-analytics-and-tag-management-tools.md
+++ b/documentation/guides/forwarding-optimization-sdk-context-to-analytics-and-tag-management-tools.md
@@ -260,8 +260,12 @@ Node and SSR flows do not expose process-wide subscriptions. Keep third-party fo
 request or server-side business event that produced the SDK data.
 
 ```ts
-const optimizationData = await optimization.page({
+const requestOptimization = optimization.forRequest({
+  consent: true,
   profile,
+})
+
+const optimizationData = await requestOptimization.page({
   properties: { path: req.path },
 })
 
diff --git a/documentation/guides/integrating-the-node-sdk-in-a-node-app.md b/documentation/guides/integrating-the-node-sdk-in-a-node-app.md
index 18fc0563..8cea71e8 100644
--- a/documentation/guides/integrating-the-node-sdk-in-a-node-app.md
+++ b/documentation/guides/integrating-the-node-sdk-in-a-node-app.md
@@ -55,8 +55,8 @@ content has been fetched.
 In practice, most Node integrations follow this high-level sequence:
 
 1. Create one SDK instance for the Node process.
-2. Read the request-scoped inputs your app owns: consent state, existing `profile.id`, known user
-   identity, and page context.
+2. Bind the application's request policy with `forRequest()`: pass accepted consent for default-on
+   integrations, or read request-scoped consent state before SDK calls.
 3. Call the SDK to evaluate the request and, when appropriate, associate a known user with the
    current profile.
 4. Use the returned profile data, selected optimizations, and flag changes to render the response.
@@ -111,8 +111,8 @@ export const optimization = new ContentfulOptimization({
 ```
 
 Treat that SDK as a module-level singleton for the current Node process. Do not create a new
-`ContentfulOptimization` instance per incoming request. Pass request-scoped Experience API options
-as the final argument to stateless event methods.
+`ContentfulOptimization` instance per incoming request. Use `forRequest()` to bind request-scoped
+consent, profile, event context, and Experience API options before calling event methods.
 
 Use `contentfulLocales.default` for single-locale apps, and add `contentfulLocales.supported` when
 the app needs request locale matching across multiple Contentful locales. Copy those codes from
@@ -190,7 +190,21 @@ locale for that request option so localized profile values match the entry langu
 The Node SDK does not expose a server-side `consent()` state the way stateful SDKs do. In a Node
 app, consent belongs in your application layer.
 
-That usually means your app needs to:
+When application policy permits Optimization by default and no end-user consent UI is rendered, bind
+each request with accepted event and persistence consent:
+
+```ts
+const requestOptimization = optimization.forRequest({
+  consent: { events: true, persistence: true },
+  eventContext: getRequestContext(req, eventLocale),
+  profile: getProfileFromRequest(req),
+})
+```
+
+That allows SDK calls to emit events and lets `requestOptimization.canPersistProfile` return `true`
+when a response includes a profile ID.
+
+When consent depends on user choice, your app needs to:
 
 - store the user's consent decision in its own cookie, session, or user-preference store
 - decide which high-level SDK methods are allowed before consent, after consent, and after consent
@@ -212,10 +226,12 @@ If your app stores consent in cookies, register cookie parsing middleware before
 import type { Request, Response } from 'express'
 import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 
-const OPTIMIZATION_CONSENT_COOKIE = 'ctfl-opt-consent'
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function appPolicyAllowsOptimizationEvent(req: Request): boolean {
+  const consent = req.cookies[APP_PERSONALIZATION_CONSENT_COOKIE]
 
-function hasOptimizationConsent(req: Request): boolean {
-  return req.cookies[OPTIMIZATION_CONSENT_COOKIE] === 'true'
+  return consent === 'granted'
 }
 
 function clearOptimizationIdentity(res: Response): void {
@@ -223,8 +239,10 @@ function clearOptimizationIdentity(res: Response): void {
 }
 ```
 
-The exact consent policy belongs to the application, not the SDK. The important part is that the
-server makes that decision before it persists identifiers or emits events on the user's behalf.
+The exact consent policy belongs to the application, not the SDK. The important parts are that the
+server makes the call/no-call decision before it persists identifiers or emits events on the user's
+behalf. Bind that decision with `forRequest()` so emitted events are labeled with the request's
+actual consent state.
 
 ## 4. Decide how you will persist the profile ID
 
@@ -287,35 +305,27 @@ function getAuthenticatedUserId(req: Request): string | undefined {
 }
 
 app.get('/', async (req, res) => {
-  const consented = hasOptimizationConsent(req)
-  if (!consented) {
-    return res.json({
-      profile: undefined,
-      changes: undefined,
-      selectedOptimizations: undefined,
-    })
-  }
-
   const { eventLocale } = optimization.resolveRequestLocale(req)
-  const requestContext = getRequestContext(req, eventLocale)
-  const existingProfile = getProfileFromRequest(req)
-  const pageResponse: OptimizationData | undefined = await optimization.page({
-    ...requestContext,
-    profile: existingProfile,
+  const requestOptimization = optimization.forRequest({
+    consent: {
+      events: appPolicyAllowsOptimizationEvent(req),
+      persistence: appPolicyAllowsOptimizationEvent(req),
+    },
+    eventContext: getRequestContext(req, eventLocale),
+    profile: getProfileFromRequest(req),
   })
+  const pageResponse: OptimizationData | undefined = await requestOptimization.page()
 
   const userId = getAuthenticatedUserId(req)
 
   const identifyResponse = userId
-    ? await optimization.identify({
-        ...requestContext,
-        profile: pageResponse?.profile ?? existingProfile,
+    ? await requestOptimization.identify({
         userId,
         traits: { authenticated: true },
       })
     : undefined
 
-  if (consented) {
+  if (requestOptimization.canPersistProfile) {
     persistProfile(res, identifyResponse?.profile?.id ?? pageResponse?.profile?.id)
   }
 
@@ -332,8 +342,24 @@ Replace `getAuthenticatedUserId()` with the lookup your app actually uses, such
 cookie, or upstream auth middleware.
 
 This example shows the common "evaluate first, then identify when the user is known" flow. If your
-policy allows a different pre-consent behavior, implement that policy in your application layer
-before you call SDK methods.
+policy allows a specific pre-consent server event, configure that event type in `allowedEventTypes`
+and bind request consent as false. Do not persist `profile.id` returned by an approved pre-consent
+event unless `requestOptimization.canPersistProfile` is true.
+
+```ts
+const optimization = new ContentfulOptimization({
+  allowedEventTypes: ['page'],
+  clientId: 'your-client-id',
+})
+
+const requestOptimization = optimization.forRequest({
+  consent: { events: false, persistence: false },
+  eventContext: { locale: eventLocale },
+  profile,
+})
+
+const data = await requestOptimization.page()
+```
 
 That route lets a consumer accomplish two things:
 
@@ -390,18 +416,18 @@ async function getArticle(entryId: string, locale?: string): Promise<ArticleEntr
 }
 
 app.get('/article/:entryId', async (req, res) => {
-  const consented = hasOptimizationConsent(req)
   const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-  const pageResponse = consented
-    ? await optimization.page(
-        {
-          ...getRequestContext(req, eventLocale),
-          locale: eventLocale,
-          profile: getProfileFromRequest(req),
-        },
-        requestOptions,
-      )
+  const requestOptimization = optimization.forRequest({
+    consent: {
+      events: appPolicyAllowsOptimizationEvent(req),
+      persistence: appPolicyAllowsOptimizationEvent(req),
+    },
+    eventContext: getRequestContext(req, eventLocale),
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile: getProfileFromRequest(req),
+  })
+  const pageResponse = appPolicyAllowsOptimizationEvent(req)
+    ? await requestOptimization.page()
     : undefined
 
   const article = await getArticle(req.params.entryId, contentfulLocale)
@@ -411,7 +437,7 @@ app.get('/article/:entryId', async (req, res) => {
     pageResponse?.selectedOptimizations,
   )
 
-  if (consented) {
+  if (appPolicyAllowsOptimizationEvent(req)) {
     persistProfile(res, pageResponse?.profile?.id)
   }
 
@@ -485,12 +511,16 @@ In the Node SDK, `getFlag()` does not auto-track flag views. If a flag exposure
 captured as an Insights event, call `trackFlagView()` explicitly:
 
 ```ts
-if (pageResponse?.profile) {
-  await optimization.trackFlagView({
-    ...getRequestContext(req, eventLocale),
-    componentId: 'new-navigation',
+if (appPolicyAllowsOptimizationEvent(req) && pageResponse?.profile) {
+  const requestOptimization = optimization.forRequest({
+    consent: true,
+    eventContext: getRequestContext(req, eventLocale),
     profile: pageResponse.profile,
   })
+
+  await requestOptimization.trackFlagView({
+    componentId: 'new-navigation',
+  })
 }
 ```
 
@@ -506,23 +536,29 @@ The Node SDK can send more than page views. Common server-side cases are:
 
 Gate these calls with the same consent policy your app applies to `page()` and `identify()`.
 
-In stateless Node usage, Insights-backed calls need a profile. `trackClick()`, `trackHover()`,
-`trackFlagView()`, and non-sticky `trackView()` must use a persisted or freshly returned profile.
-Sticky `trackView()` can omit `profile`, because it can reuse the paired Experience response
-profile.
+In stateless Node usage, Insights-backed calls need a request-bound profile. `trackClick()`,
+`trackHover()`, `trackFlagView()`, and non-sticky `trackView()` must use a persisted or freshly
+returned profile bound with `forRequest()`. Sticky `trackView()` can start without a profile,
+because it can reuse the paired Experience response profile.
 
 Example custom event:
 
 ```ts
-await optimization.track({
-  ...getRequestContext(req, eventLocale),
-  profile: pageResponse?.profile,
-  event: 'quote_requested',
-  properties: {
-    plan: 'enterprise',
-    source: 'pricing-page',
-  },
-})
+if (appPolicyAllowsOptimizationEvent(req)) {
+  const requestOptimization = optimization.forRequest({
+    consent: true,
+    eventContext: getRequestContext(req, eventLocale),
+    profile: pageResponse?.profile,
+  })
+
+  await requestOptimization.track({
+    event: 'quote_requested',
+    properties: {
+      plan: 'enterprise',
+      source: 'pricing-page',
+    },
+  })
+}
 ```
 
 Example rendered-entry view event:
@@ -531,7 +567,6 @@ Example rendered-entry view event:
 import { randomUUID } from 'node:crypto'
 
 const viewPayload = {
-  ...getRequestContext(req, eventLocale),
   componentId: optimizedArticle.sys.id,
   experienceId: selectedOptimization?.experienceId,
   variantIndex: selectedOptimization?.variantIndex,
@@ -539,10 +574,22 @@ const viewPayload = {
   viewId: randomUUID(),
 }
 
-if (selectedOptimization?.sticky) {
-  await optimization.trackView({ ...viewPayload, sticky: true })
-} else if (pageResponse?.profile) {
-  await optimization.trackView({ ...viewPayload, profile: pageResponse.profile })
+if (appPolicyAllowsOptimizationEvent(req) && selectedOptimization?.sticky) {
+  const requestOptimization = optimization.forRequest({
+    consent: true,
+    eventContext: getRequestContext(req, eventLocale),
+    profile: pageResponse?.profile,
+  })
+
+  await requestOptimization.trackView({ ...viewPayload, sticky: true })
+} else if (appPolicyAllowsOptimizationEvent(req) && pageResponse?.profile) {
+  const requestOptimization = optimization.forRequest({
+    consent: true,
+    eventContext: getRequestContext(req, eventLocale),
+    profile: pageResponse.profile,
+  })
+
+  await requestOptimization.trackView(viewPayload)
 }
 ```
 
diff --git a/documentation/guides/integrating-the-optimization-android-sdk-in-a-compose-app.md b/documentation/guides/integrating-the-optimization-android-sdk-in-a-compose-app.md
index 01784b41..7fc1c606 100644
--- a/documentation/guides/integrating-the-optimization-android-sdk-in-a-compose-app.md
+++ b/documentation/guides/integrating-the-optimization-android-sdk-in-a-compose-app.md
@@ -54,7 +54,8 @@ Most Compose integrations follow this sequence:
 
 1. Add the Maven dependency and create an `OptimizationConfig`.
 2. Wrap the app's root content in `OptimizationRoot`.
-3. Collect consent, or seed consent for demos and trusted internal contexts.
+3. Apply the application's consent policy: seed consent when default-on SDK activity is permitted,
+   or collect consent in app UI.
 4. Fetch Contentful entries with linked optimization references.
 5. Render each Contentful entry through `OptimizedEntry`.
 6. Enable view and tap tracking where they fit the screen.
@@ -90,14 +91,13 @@ val optimizationConfig = OptimizationConfig(
     environment = "master",
     contentfulLocales = ContentfulLocales(default = "en-US"),
     locale = "en-US",
-    defaults = StorageDefaults(consent = true),
     debug = BuildConfig.DEBUG,
 )
 ```
 
-Only `clientId` is required. Use `defaults = StorageDefaults(consent = true)` only when the app can
-start with consent already granted, such as a demo or an internal validation app. For production
-apps, connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
+Only `clientId` is required. If application policy permits Optimization by default and no end-user
+consent UI is rendered, set `defaults = StorageDefaults(consent = true)`. Otherwise, leave defaults
+unset and connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
 
 Use `contentfulLocales` and `locale` when the same screen renders localized Contentful entries. For
 the full locale model, see
@@ -152,9 +152,21 @@ coroutines. For lifecycle details, see
 
 ## 3. Handle consent
 
-The SDK blocks most Analytics events until consent is granted. `identify` and `screen` remain
-allowed before consent so a mobile journey can establish profile context and anonymous screen
-analytics.
+If your application policy permits Optimization by default, seed accepted consent in
+`OptimizationConfig` and omit the consent gate:
+
+```kotlin
+val optimizationConfig = OptimizationConfig(
+    clientId = "your-client-id",
+    defaults = StorageDefaults(consent = true),
+)
+```
+
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID.
+
+When application policy depends on user choice, leave consent unset and call
+`client.consent(true | false)` from an application-owned consent UI.
 
 ```kotlin
 @Composable
@@ -180,8 +192,20 @@ fun ConsentGate(content: @Composable () -> Unit) {
 }
 ```
 
-The consent value is persisted and restored on later launches. Use the app's consent policy to
-decide whether a stored value remains valid.
+`identify` and `screen` remain allowed before consent so a mobile journey can establish profile
+context and anonymous screen analytics. For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+The consent value is persisted and restored on later launches. Profile-continuity state persists
+only when persistence consent allows it. Use the app's consent policy to decide whether a stored
+value remains valid.
+
+When durable profile-continuity persistence is allowed, SDK state from an Experience response is
+published only after the corresponding storage write has settled. Wait for SDK-derived state instead
+of adding sleeps before relaunching or terminating the app in tests.
+
+Use `client.consent(events = true, persistence = false)` when events are allowed but durable profile
+continuity must stay session-only.
 
 ## 4. Personalize entries with OptimizedEntry
 
diff --git a/documentation/guides/integrating-the-optimization-android-sdk-in-a-views-app.md b/documentation/guides/integrating-the-optimization-android-sdk-in-a-views-app.md
index b359bd59..7921f4dc 100644
--- a/documentation/guides/integrating-the-optimization-android-sdk-in-a-views-app.md
+++ b/documentation/guides/integrating-the-optimization-android-sdk-in-a-views-app.md
@@ -56,7 +56,8 @@ Most XML Views integrations follow this sequence:
 
 1. Add the Maven dependency and create an `OptimizationConfig`.
 2. Initialize `OptimizationManager` from `Application.onCreate`.
-3. Collect consent, or seed consent for demos and trusted internal contexts.
+3. Apply the application's consent policy: seed consent when default-on SDK activity is permitted,
+   or collect consent in app UI.
 4. Read `OptimizationManager.client` from activities or fragments that render Contentful content.
 5. Fetch Contentful entries with linked optimization references.
 6. Render each Contentful entry through `OptimizedEntryView`.
@@ -93,14 +94,13 @@ val optimizationConfig = OptimizationConfig(
     environment = "master",
     contentfulLocales = ContentfulLocales(default = "en-US"),
     locale = "en-US",
-    defaults = StorageDefaults(consent = true),
     debug = BuildConfig.DEBUG,
 )
 ```
 
-Only `clientId` is required. Use `defaults = StorageDefaults(consent = true)` only when the app can
-start with consent already granted, such as a demo or an internal validation app. For production
-apps, connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
+Only `clientId` is required. If application policy permits Optimization by default and no end-user
+consent UI is rendered, set `defaults = StorageDefaults(consent = true)`. Otherwise, leave defaults
+unset and connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
 
 Use `contentfulLocales` and `locale` when the same screen renders localized Contentful entries. For
 the full locale model, see
@@ -146,9 +146,21 @@ details, see
 
 ## 3. Handle consent
 
-The SDK blocks most Analytics events until consent is granted. `identify` and `screen` remain
-allowed before consent so a mobile journey can establish profile context and anonymous screen
-analytics.
+If your application policy permits Optimization by default, seed accepted consent in
+`OptimizationConfig` and omit consent controls:
+
+```kotlin
+val optimizationConfig = OptimizationConfig(
+    clientId = "your-client-id",
+    defaults = StorageDefaults(consent = true),
+)
+```
+
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID.
+
+When application policy depends on user choice, leave consent unset and call
+`client.consent(true | false)` from an application-owned consent UI.
 
 ```kotlin
 class ConsentActivity : AppCompatActivity() {
@@ -174,8 +186,16 @@ class ConsentActivity : AppCompatActivity() {
 }
 ```
 
-The consent value is persisted and restored on later launches. Use the app's consent policy to
-decide whether a stored value remains valid.
+`identify` and `screen` remain allowed before consent so a mobile journey can establish profile
+context and anonymous screen analytics. For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+The consent value is persisted and restored on later launches. Profile-continuity state persists
+only when persistence consent allows it. Use the app's consent policy to decide whether a stored
+value remains valid.
+
+Use `OptimizationManager.client.consent(events = true, persistence = false)` when events are allowed
+but durable profile continuity must stay session-only.
 
 ## 4. Personalize entries with OptimizedEntryView
 
diff --git a/documentation/guides/integrating-the-optimization-ios-sdk-in-a-swiftui-app.md b/documentation/guides/integrating-the-optimization-ios-sdk-in-a-swiftui-app.md
index efbedecb..bbc37566 100644
--- a/documentation/guides/integrating-the-optimization-ios-sdk-in-a-swiftui-app.md
+++ b/documentation/guides/integrating-the-optimization-ios-sdk-in-a-swiftui-app.md
@@ -6,6 +6,8 @@ overrides to a SwiftUI application using the Optimization iOS SDK.
 For shared runtime behavior, consent gates, tracking thresholds, live-update precedence, and offline
 delivery, see
 [iOS SDK runtime and interaction mechanics](../concepts/ios-sdk-runtime-and-interaction-mechanics.md).
+For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
 Use the UIKit guide instead if your app is UIKit-based:
 [Integrating the Optimization iOS SDK in a UIKit app](./integrating-the-optimization-ios-sdk-in-a-uikit-app.md).
 
@@ -54,7 +56,8 @@ Most SwiftUI integrations follow this sequence:
 
 1. Add the Swift Package and create an `OptimizationConfig`.
 2. Wrap the app's root content in `OptimizationRoot`.
-3. Collect consent, or seed consent for demos and trusted internal contexts.
+3. Apply the application's consent policy: seed consent when default-on SDK activity is permitted,
+   or collect consent in app UI.
 4. Fetch Contentful entries with linked optimization references.
 5. Render each Contentful entry through `OptimizedEntry`.
 6. Enable view and tap tracking where they fit the screen.
@@ -82,14 +85,13 @@ let config = OptimizationConfig(
     environment: "master",
     contentfulLocales: ContentfulLocales(default: "en-US"),
     locale: "en-US",
-    defaults: StorageDefaults(consent: true),
     debug: true
 )
 ```
 
-Only `clientId` is required. Use `defaults: StorageDefaults(consent: true)` only when the app can
-start with consent already granted, such as a demo or an internal validation app. For production
-apps, connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
+Only `clientId` is required. If application policy permits Optimization by default and no end-user
+consent UI is rendered, set `defaults: StorageDefaults(consent: true)`. Otherwise, leave defaults
+unset and connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
 
 Use `contentfulLocales` and `locale` when the same screen renders localized Contentful entries. For
 the full locale model, see
@@ -143,9 +145,22 @@ main-actor tasks. For lifecycle details, see
 
 ## 3. Handle consent
 
-The SDK blocks most Analytics events until consent is granted. `identify` and `screen` remain
-allowed before consent so a mobile journey can establish profile context and anonymous screen
-analytics.
+If your application policy permits Optimization by default, seed accepted consent in
+`OptimizationConfig` and omit the consent gate:
+
+```swift
+let config = OptimizationConfig(
+    clientId: "your-client-id",
+    defaults: StorageDefaults(consent: true)
+)
+```
+
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID.
+
+When application policy depends on user choice, leave consent unset and connect the app's controls
+to `client.consent(true | false)`. `identify` and `screen` remain allowed before consent so a mobile
+journey can establish profile context and anonymous screen analytics.
 
 ```swift
 struct ConsentBanner: View {
@@ -180,6 +195,11 @@ struct ConsentGate<Content: View>: View {
 }
 ```
 
+Boolean consent updates both event emission and durable profile-continuity persistence by default.
+If your policy allows events but not durable continuity, call
+`client.consent(events: true, persistence: false)` and read `client.state.persistenceConsent` when
+the UI needs to show that separate state.
+
 ## 4. Personalize entries with OptimizedEntry
 
 `OptimizedEntry` is the SwiftUI component for rendering Contentful entries through the Optimization
diff --git a/documentation/guides/integrating-the-optimization-ios-sdk-in-a-uikit-app.md b/documentation/guides/integrating-the-optimization-ios-sdk-in-a-uikit-app.md
index d180c62c..60c6b637 100644
--- a/documentation/guides/integrating-the-optimization-ios-sdk-in-a-uikit-app.md
+++ b/documentation/guides/integrating-the-optimization-ios-sdk-in-a-uikit-app.md
@@ -6,6 +6,8 @@ overrides to a UIKit application using the Optimization iOS SDK.
 For shared runtime behavior, consent gates, tracking thresholds, live-update precedence, and offline
 delivery, see
 [iOS SDK runtime and interaction mechanics](../concepts/ios-sdk-runtime-and-interaction-mechanics.md).
+For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
 Use the SwiftUI guide instead if your app is SwiftUI-based:
 [Integrating the Optimization iOS SDK in a SwiftUI app](./integrating-the-optimization-ios-sdk-in-a-swiftui-app.md).
 
@@ -56,7 +58,8 @@ Most UIKit integrations follow this sequence:
 
 1. Add the Swift Package and create an `OptimizationConfig`.
 2. Create a shared `OptimizationClient` and call `initialize(config:)`.
-3. Collect consent, or seed consent for demos and trusted internal contexts.
+3. Apply the application's consent policy: seed consent when default-on SDK activity is permitted,
+   or collect consent in app UI.
 4. Pass the client into the view controllers that render Contentful content.
 5. Fetch Contentful entries with linked optimization references.
 6. Resolve entries in cell or view configuration with
@@ -85,14 +88,13 @@ let config = OptimizationConfig(
     environment: "master",
     contentfulLocales: ContentfulLocales(default: "en-US"),
     locale: "en-US",
-    defaults: StorageDefaults(consent: true),
     debug: true
 )
 ```
 
-Only `clientId` is required. Use `defaults: StorageDefaults(consent: true)` only when the app can
-start with consent already granted, such as a demo or an internal validation app. For production
-apps, connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
+Only `clientId` is required. If application policy permits Optimization by default and no end-user
+consent UI is rendered, set `defaults: StorageDefaults(consent: true)`. Otherwise, leave defaults
+unset and connect `client.consent(true)` and `client.consent(false)` to the app's consent UI.
 
 Use `contentfulLocales` and `locale` when the same screen renders localized Contentful entries. For
 the full locale model, see
@@ -138,11 +140,22 @@ lifecycle details, see
 
 ## 3. Handle consent
 
-The SDK blocks most Analytics events until consent is granted. `identify` and `screen` remain
-allowed before consent so a mobile journey can establish profile context and anonymous screen
-analytics.
+If your application policy permits Optimization by default, seed accepted consent in
+`OptimizationConfig` and omit consent controls:
 
-Connect the app's consent controls to the client:
+```swift
+let config = OptimizationConfig(
+    clientId: "your-client-id",
+    defaults: StorageDefaults(consent: true)
+)
+```
+
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID.
+
+When application policy depends on user choice, leave consent unset and connect the app's consent
+controls to the client. `identify` and `screen` remain allowed before consent so a mobile journey
+can establish profile context and anonymous screen analytics.
 
 ```swift
 @objc private func acceptTapped() {
@@ -167,6 +180,15 @@ client.$state
     .store(in: &cancellables)
 ```
 
+Boolean consent updates both event emission and durable profile-continuity persistence by default.
+If your policy allows events but not durable continuity, call
+`client.consent(events: true, persistence: false)` and observe `client.state.persistenceConsent` or
+`client.$state.map(\.persistenceConsent)` when the UI needs to show that separate state.
+
+When durable profile-continuity persistence is allowed, SDK state from an Experience response is
+published only after the corresponding storage write has settled. Wait for SDK-derived state instead
+of adding sleeps before relaunching or terminating the app in tests.
+
 ## 4. Personalize entries
 
 ### Resolve entries in view code
diff --git a/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr-csr.md b/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr-csr.md
index d1f4d103..3e5f678f 100644
--- a/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr-csr.md
+++ b/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr-csr.md
@@ -80,8 +80,10 @@ What it does not give you (compared to the SSR-primary pattern):
 In practice, the integration follows this sequence:
 
 1. Create one Node SDK instance shared across Server Components and middleware.
-2. Use Next.js middleware to maintain the anonymous ID cookie on every request.
-3. In the server layout, call `sdk.page()` once and pass the result as `defaults` into the client
+2. Use Next.js middleware to maintain the anonymous ID cookie when application policy permits
+   profile continuity.
+3. In the server layout, bind request-scoped consent with `sdk.forRequest()`; the examples below use
+   accepted consent for a default-on policy and pass the result as `defaults` into the client
    provider.
 4. In Server Component pages, use `sdk.resolveOptimizedEntry()` for first-paint content.
 5. In Client Component pages or components, use `resolveEntry()` from `useEntryResolver()` for
@@ -101,15 +103,16 @@ pnpm add @contentful/optimization-node @contentful/optimization-react-web
 
 ## 2. Create the Node SDK singleton and a cached page helper
 
-Create the SDK once at module level, then wrap `sdk.page()` in React's `cache()` function so that
-multiple Server Components on the same request share a single API call:
+Create the SDK once at module level, then wrap the consent-allowed request-bound page call in
+React's `cache()` function so that multiple Server Components on the same request share a single API
+call:
 
 ```ts
 // lib/optimization-server.ts
 import ContentfulOptimization from '@contentful/optimization-node'
-import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { cookies, headers } from 'next/headers'
 import { cache } from 'react'
+import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 
 const sdk = new ContentfulOptimization({
   clientId: process.env.CONTENTFUL_OPTIMIZATION_CLIENT_ID ?? '',
@@ -135,16 +138,17 @@ const getOptimizationData = cache(async (eventLocale: string, contentfulLocale?:
 
   const anonymousId = cookieStore.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-
-  return sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
       userAgent: headerStore.get('user-agent') ?? 'next-js-server',
-      profile,
     },
-    requestOptions,
-  )
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile,
+  })
+
+  return requestOptimization.page()
 })
 
 export { sdk, getOptimizationData }
@@ -157,14 +161,14 @@ is present. Merge tags that reference localized profile fields such as `location
 `location.country` then resolve in a language consistent with the rendered content.
 
 `cache()` is a React Server Component primitive that deduplicates calls within a single render pass.
-Both the layout and the page can call `getOptimizationData()` and only one HTTP request to the
-Experience API is made per server request. This is more important in the hybrid pattern than in the
-SSR-primary pattern because the layout also needs the data to seed the client provider.
+Both the layout and the page can call `getOptimizationData()` and only one default-on HTTP request
+to the Experience API is made per server request. If application policy depends on user choice, read
+that state before the SDK call and return `undefined` when server personalization is not permitted.
 
 ## 3. Set up the anonymous ID cookie in middleware
 
-This step is identical to the SSR-primary pattern. Middleware runs before every request and ensures
-the anonymous ID cookie is set before any Server Component reads it:
+Middleware runs before every request and keeps the anonymous ID cookie aligned with the default-on
+server `requestOptimization.page()` calls:
 
 ```ts
 import { sdk } from '@/lib/optimization-server'
@@ -172,14 +176,16 @@ import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { type NextRequest, NextResponse } from 'next/server'
 
 export async function middleware(request: NextRequest): Promise<NextResponse> {
+  const response = NextResponse.next()
+
   const anonymousId = request.cookies.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(request)
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
 
   const url = new URL(request.url)
-  const data = await sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
       userAgent: request.headers.get('user-agent') ?? 'next-js-server',
       page: {
@@ -189,14 +195,13 @@ export async function middleware(request: NextRequest): Promise<NextResponse> {
         search: url.search,
         url: request.url,
       },
-      profile,
     },
-    requestOptions,
-  )
-
-  const response = NextResponse.next()
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile,
+  })
+  const data = await requestOptimization.page()
 
-  if (data.profile.id) {
+  if (requestOptimization.canPersistProfile && data?.profile.id) {
     response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, {
       path: '/',
       sameSite: 'lax',
@@ -213,7 +218,9 @@ export const config = {
 
 The `ANONYMOUS_ID_COOKIE` constant is shared between the Node SDK and the React Web SDK. After
 hydration, the Web SDK reads the same cookie from `document.cookie` and continues the same anonymous
-profile journey. Do not mark this cookie as `HttpOnly`.
+profile journey. Do not mark this cookie as `HttpOnly`. If application policy depends on user
+choice, keep that consent state in a CMP, session, account preference, or cookie and clear
+`ANONYMOUS_ID_COOKIE` when profile continuity is not permitted.
 
 ## 4. Resolve entries on the server for first paint
 
@@ -238,7 +245,7 @@ export default async function Home() {
   const resolvedEntries = baselineEntries.map((entry) => {
     const { entry: resolved } = sdk.resolveOptimizedEntry(
       entry,
-      optimizationData.selectedOptimizations,
+      optimizationData?.selectedOptimizations,
     )
     return resolved
   })
@@ -269,8 +276,9 @@ for the broader locale model.
 
 ### Add data attributes for client-side tracking
 
-Include `data-ctfl-entry-id` and `data-ctfl-baseline-id` on the wrapper element so the React Web SDK
-can register interaction trackers after hydration:
+Include `data-ctfl-entry-id` on the wrapper element so the React Web SDK can register interaction
+trackers after hydration. Keep the original baseline ID in application-owned metadata such as
+`data-ctfl-baseline-id` when your rendering code needs it:
 
 ```tsx
 <div data-ctfl-entry-id={resolvedEntry.sys.id} data-ctfl-baseline-id={baselineEntry.sys.id}>
@@ -278,6 +286,11 @@ can register interaction trackers after hydration:
 </div>
 ```
 
+`data-ctfl-baseline-id` is not used in Web SDK event payloads. When the server has selected
+optimization context available, also render `data-ctfl-optimization-id`, `data-ctfl-sticky`, and
+`data-ctfl-variant-index` so client-side interaction events can carry the same optimization
+identifiers.
+
 ## 5. Seed the React Web SDK with server-resolved state
 
 The key difference from the SSR-primary pattern is passing `defaults` to `OptimizationRoot`. This
@@ -320,6 +333,7 @@ interface ClientProviderWrapperProps {
   children: ReactNode
   contentfulLocale?: string
   defaults?: {
+    consent?: boolean
     profile?: Profile
     selectedOptimizations?: SelectedOptimizationArray
     changes?: ChangeArray
@@ -379,18 +393,21 @@ export default async function RootLayout({ children }: { children: React.ReactNo
   )
   const optimizationData = await getOptimizationData(eventLocale, contentfulLocale)
   const htmlLang = getHtmlLang(contentfulLocale)
+  const defaults = {
+    consent: true,
+    ...(optimizationData
+      ? {
+          profile: optimizationData.profile,
+          selectedOptimizations: optimizationData.selectedOptimizations,
+          changes: optimizationData.changes,
+        }
+      : {}),
+  }
 
   return (
     <html lang={htmlLang}>
       <body>
-        <ClientProviderWrapper
-          contentfulLocale={contentfulLocale}
-          defaults={{
-            profile: optimizationData.profile,
-            selectedOptimizations: optimizationData.selectedOptimizations,
-            changes: optimizationData.changes,
-          }}
-        >
+        <ClientProviderWrapper contentfulLocale={contentfulLocale} defaults={defaults}>
           {children}
         </ClientProviderWrapper>
       </body>
@@ -400,7 +417,8 @@ export default async function RootLayout({ children }: { children: React.ReactNo
 ```
 
 Because `getOptimizationData()` is wrapped with `cache()`, calling it in the layout and in a page
-Server Component on the same request makes only one API call to the Experience API.
+Server Component on the same request makes only one API call to the Experience API for the
+default-on accepted request policy.
 
 ## 6. Re-resolve entries client-side after hydration
 
@@ -490,8 +508,13 @@ changes. This is the right choice for sections of the page that do not need the
 
 ## 7. Handle consent and identify from client components
 
-Consent and identify controls are identical to the SSR-primary pattern. Create a Client Component
-that reads the SDK state and exposes controls:
+With a default-on policy, no consent UI is required. The server examples above bind
+`consent: { events: true, persistence: true }`, and the browser provider receives
+`defaults={{ consent: true, ...serverResolvedState }}` so client-side page and interaction tracking
+can emit immediately.
+
+If application policy depends on user choice, keep server request consent, the anonymous ID cookie,
+and browser SDK consent aligned from a Client Component that reads SDK state and exposes controls:
 
 ```tsx
 // components/InteractiveControls.tsx
@@ -500,6 +523,13 @@ that reads the SDK state and exposes controls:
 import { useOptimizationContext } from '@contentful/optimization-react-web'
 import { useEffect, useState } from 'react'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function setAppConsentCookie(consented: boolean): void {
+  const value = consented ? 'granted' : 'denied'
+  document.cookie = `${APP_PERSONALIZATION_CONSENT_COOKIE}=${value}; Path=/; SameSite=Lax`
+}
+
 export function InteractiveControls() {
   const { sdk, isReady } = useOptimizationContext()
   const [consent, setConsent] = useState<boolean | undefined>(undefined)
@@ -507,7 +537,10 @@ export function InteractiveControls() {
   useEffect(() => {
     if (!sdk || !isReady) return
 
-    const sub = sdk.states.consent.subscribe(setConsent)
+    const sub = sdk.states.consent.subscribe((value) => {
+      setConsent(value)
+      if (typeof value === 'boolean') setAppConsentCookie(value)
+    })
 
     return () => sub.unsubscribe()
   }, [sdk, isReady])
@@ -516,7 +549,11 @@ export function InteractiveControls() {
 
   return (
     <div>
-      <button onClick={() => sdk.consent(consent !== true)}>
+      <button
+        onClick={() => {
+          sdk.consent(consent !== true)
+        }}
+      >
         {consent === true ? 'Reject consent' : 'Accept consent'}
       </button>
       <button onClick={() => sdk.identify({ userId: 'user-123' })}>Identify</button>
@@ -530,6 +567,10 @@ In this pattern, unlike the SSR-primary pattern, calling `sdk.identify()` or `sd
 immediately updates `selectedOptimizations` in the client SDK, which causes all Client Components
 subscribed to that state to re-render with the new variant. No page refresh is required.
 
+The cookie write keeps the next server request aligned with the browser-side `sdk.consent()` state.
+In production, replace this with the same CMP or account-preference state that drives your browser
+consent UI.
+
 ## Forward optimization context to third-party analytics
 
 Use this optional step when your Next.js app already sends events to a tag manager, customer-data
diff --git a/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr.md b/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr.md
index a42ee6fc..ad1a284a 100644
--- a/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr.md
+++ b/documentation/guides/integrating-the-optimization-sdk-in-a-nextjs-app-ssr.md
@@ -69,7 +69,7 @@ What it does not give you:
 | Concern                             | Where it runs             | SDK used                                 |
 | ----------------------------------- | ------------------------- | ---------------------------------------- |
 | Anonymous ID cookie lifecycle       | Middleware (Edge Runtime) | Node SDK                                 |
-| Profile resolution and variant pick | Server Component          | Node SDK (`sdk.page()`)                  |
+| Profile resolution and variant pick | Server Component          | Node SDK (`requestOptimization.page()`)  |
 | Entry variant resolution            | Server Component          | Node SDK (`sdk.resolveOptimizedEntry()`) |
 | HTML rendering                      | Server Component          | None (plain React)                       |
 | Page view tracking                  | Client (after hydration)  | React Web SDK (`NextAppAutoPageTracker`) |
@@ -80,8 +80,10 @@ What it does not give you:
 In practice, the integration follows this sequence:
 
 1. Create one Node SDK instance shared across Server Components and middleware.
-2. Use Next.js middleware to maintain the anonymous ID cookie on every request.
-3. In Server Components, read the cookie, call `sdk.page()`, and resolve each entry variant.
+2. Use Next.js middleware to maintain the anonymous ID cookie when application policy permits
+   profile continuity.
+3. In Server Components, bind request-scoped consent with `sdk.forRequest()`; the examples below use
+   accepted consent for a default-on policy.
 4. Load the React Web SDK with `next/dynamic` and `ssr: false` so it only runs in the browser.
 5. Mount the React Web SDK provider and page tracker in a `'use client'` wrapper in your layout.
 6. Use Client Components for consent, identify, and any interactive SDK controls.
@@ -127,8 +129,8 @@ export { sdk }
 ```
 
 Do not create a new instance per request. The Node SDK is designed to be a process-level singleton.
-Pass request-scoped context (locale, user agent, profile, page URL) as arguments to each method
-call. The optional final argument to each method accepts Experience API request options.
+Use `forRequest()` to bind request-scoped consent, locale, user agent, profile, page URL, and
+Experience API request options before calling event methods.
 
 The per-call `{ locale }` request option is sent as the Experience API `locale` query parameter.
 Call `sdk.resolveRequestLocale(reqOrAcceptLanguage)` for each request, use `eventLocale` in event
@@ -148,14 +150,16 @@ import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { type NextRequest, NextResponse } from 'next/server'
 
 export async function middleware(request: NextRequest): Promise<NextResponse> {
+  const response = NextResponse.next()
+
   const anonymousId = request.cookies.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(request)
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
 
   const url = new URL(request.url)
-  const data = await sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
       userAgent: request.headers.get('user-agent') ?? 'next-js-server',
       page: {
@@ -165,14 +169,13 @@ export async function middleware(request: NextRequest): Promise<NextResponse> {
         search: url.search,
         url: request.url,
       },
-      profile,
     },
-    requestOptions,
-  )
-
-  const response = NextResponse.next()
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile,
+  })
+  const data = await requestOptimization.page()
 
-  if (data.profile.id) {
+  if (requestOptimization.canPersistProfile && data?.profile.id) {
     response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, {
       path: '/',
       sameSite: 'lax',
@@ -191,17 +194,15 @@ The `ANONYMOUS_ID_COOKIE` constant is the shared cookie name used by both the No
 Web SDK. Using the same name means that after hydration, the Web SDK reads the same anonymous ID
 from `document.cookie` and continues the same profile journey the server started.
 
-Do not mark this cookie as `HttpOnly`. The Web SDK reads it from the browser.
-
-Why the middleware calls `sdk.page()` in addition to the Server Component doing the same: the
-middleware call ensures the cookie is set and populated in the `Set-Cookie` header of the response
-before the Server Component runs. Without this, the first request to a page that has no existing
-cookie would see an empty cookie store in the Server Component.
+Do not mark this cookie as `HttpOnly`. The Web SDK reads it from the browser. The example uses a
+default-on policy, so middleware binds accepted event and persistence consent before calling
+`requestOptimization.page()`. If application policy depends on user choice, read that state before
+the SDK call and clear the shared anonymous ID cookie when profile continuity is not permitted.
 
 ## 4. Resolve entries in a Server Component
 
-Inside a Server Component, read the cookie, call `sdk.page()` in parallel with your Contentful
-fetch, then resolve each entry:
+Inside a Server Component, read the anonymous ID cookie and bind accepted consent for the default-on
+request policy:
 
 ```tsx
 import { sdk } from '@/lib/optimization-server'
@@ -215,28 +216,29 @@ export default async function Home() {
     headerStore.get('accept-language'),
   )
   const contentfulOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
 
   const anonymousId = cookieStore.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
 
   const [baselineEntries, optimizationData] = await Promise.all([
     fetchEntriesFromContentful(contentfulOptions),
-    sdk.page(
-      {
-        locale: eventLocale,
-        userAgent: headerStore.get('user-agent') ?? 'next-js-server',
+    sdk
+      .forRequest({
+        consent: { events: true, persistence: true },
+        eventContext: {
+          locale: eventLocale,
+          userAgent: headerStore.get('user-agent') ?? 'next-js-server',
+        },
+        experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
         profile,
-      },
-      requestOptions,
-    ),
+      })
+      .page(),
   ])
 
   const resolvedEntries = baselineEntries.map((entry) => {
-    const { entry: resolved } = sdk.resolveOptimizedEntry(
-      entry,
-      optimizationData.selectedOptimizations,
-    )
+    const { entry: resolved } = optimizationData
+      ? sdk.resolveOptimizedEntry(entry, optimizationData.selectedOptimizations)
+      : { entry }
     return resolved
   })
 
@@ -266,15 +268,15 @@ for the entry contract and
 for the broader locale model.
 
 `resolveOptimizedEntry` is synchronous. It picks the correct variant from the resolved entry based
-on `selectedOptimizations` returned by `sdk.page()`. If no optimization applies, it returns the
-baseline entry unchanged.
+on `selectedOptimizations` returned by `requestOptimization.page()`. If no optimization applies, it
+returns the baseline entry unchanged.
 
 ### Add data attributes for client-side tracking
 
 After hydration, the React Web SDK's `trackEntryInteraction` option uses a `MutationObserver` to
 find elements with specific `data-ctfl-*` attributes and register interaction trackers (views,
-clicks, hovers) against them. For automatic tracking to work on server-rendered entries, add these
-attributes to the wrapper element:
+clicks, hovers) against them. For automatic tracking to work on server-rendered entries, add
+`data-ctfl-entry-id` to the wrapper element:
 
 ```tsx
 function ServerRenderedEntry({
@@ -292,9 +294,12 @@ function ServerRenderedEntry({
 }
 ```
 
-`data-ctfl-entry-id` is the resolved (possibly variant) entry ID. `data-ctfl-baseline-id` is the
-original baseline entry ID. Both are required for the client SDK to associate interaction events
-with the correct optimization context.
+`data-ctfl-entry-id` is the resolved (possibly variant) entry ID and is required for automatic
+interaction tracking. `data-ctfl-baseline-id` is application-owned metadata for keeping the original
+baseline entry ID available to your rendering code; the Web SDK does not include it in event
+payloads. When the server has selected optimization context available, also render
+`data-ctfl-optimization-id`, `data-ctfl-sticky`, and `data-ctfl-variant-index` so client-side
+interaction events can carry the same optimization identifiers.
 
 ## 5. Load the React Web SDK on the client only
 
@@ -394,6 +399,7 @@ export function ClientProviderWrapper({
     <OptimizationRoot
       clientId={process.env.NEXT_PUBLIC_OPTIMIZATION_CLIENT_ID ?? ''}
       environment={process.env.NEXT_PUBLIC_OPTIMIZATION_ENVIRONMENT ?? 'main'}
+      defaults={{ consent: true }}
       contentfulLocales={{
         default: 'en-US',
         supported: ['en-US', 'de-DE', 'fr-FR'],
@@ -457,8 +463,13 @@ NEXT_PUBLIC_OPTIMIZATION_ENVIRONMENT="main"
 
 ## 7. Handle consent and identify from client components
 
-Consent and identify are client-side concerns. Create a Client Component that subscribes to the SDK
-state and exposes the controls:
+With a default-on policy, no consent UI is required. The server examples above bind
+`consent: { events: true, persistence: true }`, and the browser provider seeds
+`defaults={{ consent: true }}` so client-side page and interaction tracking can emit immediately.
+
+If application policy depends on user choice, keep server request consent, the anonymous ID cookie,
+and browser SDK consent aligned from a Client Component that subscribes to SDK state and exposes the
+controls:
 
 ```tsx
 // components/InteractiveControls.tsx
@@ -467,6 +478,13 @@ state and exposes the controls:
 import { useOptimizationContext } from '@contentful/optimization-react-web'
 import { useEffect, useState } from 'react'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function setAppConsentCookie(consented: boolean): void {
+  const value = consented ? 'granted' : 'denied'
+  document.cookie = `${APP_PERSONALIZATION_CONSENT_COOKIE}=${value}; Path=/; SameSite=Lax`
+}
+
 export function InteractiveControls() {
   const { sdk, isReady } = useOptimizationContext()
   const [consent, setConsent] = useState<boolean | undefined>(undefined)
@@ -474,7 +492,10 @@ export function InteractiveControls() {
   useEffect(() => {
     if (!sdk || !isReady) return
 
-    const sub = sdk.states.consent.subscribe(setConsent)
+    const sub = sdk.states.consent.subscribe((value) => {
+      setConsent(value)
+      if (typeof value === 'boolean') setAppConsentCookie(value)
+    })
 
     return () => sub.unsubscribe()
   }, [sdk, isReady])
@@ -483,7 +504,11 @@ export function InteractiveControls() {
 
   return (
     <div>
-      <button onClick={() => sdk.consent(consent !== true)}>
+      <button
+        onClick={() => {
+          sdk.consent(consent !== true)
+        }}
+      >
         {consent === true ? 'Reject consent' : 'Accept consent'}
       </button>
       <button onClick={() => sdk.identify({ userId: 'user-123' })}>Identify</button>
@@ -496,6 +521,10 @@ export function InteractiveControls() {
 `InteractiveControls` can be mounted inside a Server Component page — React allows Client Components
 to be children of Server Components.
 
+The cookie write keeps the next server request aligned with the browser-side `sdk.consent()` state.
+In production, replace this with the same CMP or account-preference state that drives your browser
+consent UI.
+
 Client actions update the Optimization profile via the Experience API, but they do not re-render the
 server-resolved content on the current page. The updated profile is reflected on the next server
 request (navigation or browser refresh).
@@ -577,8 +606,8 @@ client never re-resolves entries in this pattern.
 The personalization loop makes certain pieces of your response non-cacheable at the CDN or reverse
 proxy layer:
 
-- The result of `sdk.page()` must not be cached and reused across requests. It performs a
-  server-side effect and returns profile state for the current visitor.
+- The result of `requestOptimization.page()` must not be cached and reused across requests. It
+  performs a server-side effect and returns profile state for the current visitor.
 - Resolved entry HTML (the output of `resolveOptimizedEntry()`) is only cache-safe if you vary the
   cache on both the baseline entry version and a fingerprint of `selectedOptimizations`. In
   practice, most teams treat server-rendered personalized responses as uncacheable.
diff --git a/documentation/guides/integrating-the-react-native-sdk-in-a-react-native-app.md b/documentation/guides/integrating-the-react-native-sdk-in-a-react-native-app.md
index 7db862c7..05f52625 100644
--- a/documentation/guides/integrating-the-react-native-sdk-in-a-react-native-app.md
+++ b/documentation/guides/integrating-the-react-native-sdk-in-a-react-native-app.md
@@ -19,6 +19,7 @@ to a React Native (or Expo) application using `@contentful/optimization-react-na
   - [Gating consent on a banner](#gating-consent-on-a-banner)
   - [Reading and reacting to consent state](#reading-and-reacting-to-consent-state)
   - [Revoking consent](#revoking-consent)
+  - [Optional consent policy controls](#optional-consent-policy-controls)
 - [3. Personalize entries with OptimizedEntry](#3-personalize-entries-with-optimizedentry)
   - [Fetch the entry with `include: 10`](#fetch-the-entry-with-include-10)
   - [Render the variant with a render prop](#render-the-variant-with-a-render-prop)
@@ -53,7 +54,8 @@ The React Native SDK builds on the Optimization Core Library and adds React Nati
 providers, hooks, and components. It lets consumers:
 
 - initialize and own a mobile SDK instance through `OptimizationRoot` or explicit providers
-- persist consent, profile state, selected optimizations, and anonymous identity with AsyncStorage
+- persist consent and, when persistence consent permits it, profile state, selected optimizations,
+  and anonymous identity with AsyncStorage
 - personalize Contentful entries with `OptimizedEntry`
 - emit entry view and tap tracking from React Native components
 - emit screen events through React Navigation adapters or screen-level hooks
@@ -70,7 +72,8 @@ Most React Native integrations follow this sequence:
 
 1. Install the SDK and its required peer dependencies.
 2. Wrap the app in `OptimizationRoot` with the minimum config (`clientId`).
-3. Decide how consent behaves (default-on for trusted contexts, or gated by a UI prompt).
+3. Decide how consent behaves: default-on when application policy permits it, or gated by a UI
+   prompt.
 4. Wrap each personalizable Contentful entry in `<OptimizedEntry>`.
 5. Enable view and/or tap tracking for the entries you care about.
 6. Wrap scrollable screens in `<OptimizationScrollProvider>` so viewport tracking is accurate.
@@ -99,9 +102,9 @@ For offline support (recommended), also install:
 pnpm add @react-native-community/netinfo
 ```
 
-The SDK uses AsyncStorage to persist consent, profile, and selected optimizations across app
-launches. `netinfo` is optional but lets the SDK queue events while the device is offline and flush
-them automatically when connectivity returns.
+The SDK uses AsyncStorage to persist consent and, when persistence consent permits it, profile state
+and selected optimizations across app launches. `netinfo` is optional but lets the SDK queue events
+while the device is offline and flush them automatically when connectivity returns.
 
 > [!NOTE]
 >
@@ -132,8 +135,8 @@ export default function App() {
 That is the minimum viable setup. `clientId` is the only required prop; everything else falls back
 to safe defaults (environment defaults to `'main'`, channel to `'mobile'`, etc.).
 
-A fuller application usually adds environment-specific config, a defaults block, optional preview
-panel settings, and navigation integration:
+A fuller application usually adds environment-specific config, optional preview panel settings, and
+navigation integration:
 
 ```tsx
 <OptimizationRoot
@@ -145,7 +148,6 @@ panel settings, and navigation integration:
   }}
   locale="en-US"
   logLevel={__DEV__ ? 'info' : 'warn'}
-  defaults={{ consent: true }}
   previewPanel={{
     enabled: __DEV__,
     contentfulClient: client,
@@ -168,6 +170,7 @@ Common props on `OptimizationRoot`:
 | `clientId`              | `string`                     | Yes      | N/A                                     | Your Contentful Optimization client identifier                        |
 | `environment`           | `string`                     | No       | `'main'`                                | Optimization environment to read from                                 |
 | `defaults`              | `{ consent?: boolean, ... }` | No       | `undefined`                             | Initial values applied at startup (e.g. `consent: true`)              |
+| `allowedEventTypes`     | `EventType[]`                | No       | `['identify', 'screen']`                | Event types allowed before consent is explicitly set                  |
 | `logLevel`              | `LogLevels`                  | No       | `'error'`                               | Minimum console log level                                             |
 | `previewPanel`          | `PreviewPanelConfig`         | No       | `undefined`                             | Enables the in-app preview panel; see [Preview Panel](#preview-panel) |
 | `liveUpdates`           | `boolean`                    | No       | `false`                                 | Global live-updates default for `<OptimizedEntry />`                  |
@@ -264,17 +267,14 @@ call `destroy()` on the injected SDK.
 
 ## 2. Handle consent
 
-The SDK gates non-essential event types behind a consent state. By default, only `identify` and
-`screen` events are allowed before consent is explicitly set. All other event types (including entry
-view/tap tracking) are blocked until the user accepts or rejects consent.
-
-You can change which event types are permitted before consent via the `allowedEventTypes` config
-option.
+React Native applications usually choose one startup policy: seed accepted consent when application
+policy permits Optimization by default, or leave SDK consent unset and connect application-owned
+controls to `consent(true | false)`.
 
 ### Defaulting consent to `true`
 
-If your app already collects consent at install time (e.g. through a prior onboarding flow) or if
-you don't need a runtime consent prompt, set `defaults.consent: true` so events flow immediately:
+If your application policy permits Optimization by default and you do not render an end-user consent
+prompt, set `defaults.consent: true` so events flow immediately:
 
 ```tsx
 <OptimizationRoot clientId="your-client-id" defaults={{ consent: true }}>
@@ -282,14 +282,21 @@ you don't need a runtime consent prompt, set `defaults.consent: true` so events
 </OptimizationRoot>
 ```
 
-The default is applied once at startup; user input later takes precedence. The
-[React Native reference implementation](../../implementations/react-native-sdk/README.md) shows an
-equivalent trusted-context shortcut by calling `sdk.consent(true)` after the provider initializes.
+The default is applied once at startup; user input later takes precedence. It also permits durable
+profile-continuity storage for profile, selected optimizations, changes, and the anonymous ID. Set
+this default during SDK initialization rather than from a component effect so the persistence policy
+is in place before child effects, screen tracking, or manual `identify()` calls can run.
+
+When durable profile-continuity persistence is allowed, SDK state from an Experience response is
+published only after the corresponding AsyncStorage write for that same response snapshot has
+settled or failed gracefully. This affects durability timing, not the live source of truth: after
+startup hydration, SDK state and rendered SDK-derived UI read from in-memory SDK state. Wait for
+SDK-derived state or UI instead of adding sleeps before relaunching or terminating the app in tests.
 
 ### Gating consent on a banner
 
-For apps that need an explicit prompt, leave `defaults.consent` unset and call `consent()` from your
-banner UI:
+When your application policy depends on user choice, leave `defaults.consent` unset and call
+`consent()` from your banner UI:
 
 ```tsx
 import { useOptimization } from '@contentful/optimization-react-native'
@@ -312,6 +319,11 @@ When consent is accepted (`true`), all event types are permitted. When consent i
 (`false`), non-allowed event types are blocked and `<OptimizedEntry />` view/tap tracking will be
 silently dropped at the SDK boundary. Consent state persists across app launches via AsyncStorage.
 
+By default, only `identify` and `screen` events are allowed before consent is explicitly set. All
+other event types, including entry view/tap tracking, are blocked until consent is granted or the
+event type is allow-listed. For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
+
 ### Reading and reacting to consent state
 
 Subscribe to the SDK's consent observable when you need to render UI conditionally:
@@ -345,6 +357,14 @@ To revoke consent after it was previously accepted, just call `consent(false)`:
 optimization.consent(false)
 ```
 
+### Optional consent policy controls
+
+Use these options only when your application policy needs a stricter or split consent model:
+
+- Set `allowedEventTypes={[]}` for strict opt-in before any Optimization event can emit.
+- Call `optimization.consent({ events: true, persistence: false })` when events are allowed but
+  durable profile continuity must stay session-only.
+
 ## 3. Personalize entries with OptimizedEntry
 
 `<OptimizedEntry />` is the unified component for resolving optimized variants and tracking
diff --git a/documentation/guides/integrating-the-react-web-sdk-in-a-react-app.md b/documentation/guides/integrating-the-react-web-sdk-in-a-react-app.md
index 747d8c52..6dd84ce8 100644
--- a/documentation/guides/integrating-the-react-web-sdk-in-a-react-app.md
+++ b/documentation/guides/integrating-the-react-web-sdk-in-a-react-app.md
@@ -21,9 +21,11 @@ to own the browser SDK integration without React abstractions.
   - [Subscribe to SDK state from the provider](#subscribe-to-sdk-state-from-the-provider)
   - [Provide a pre-built SDK instance when needed](#provide-a-pre-built-sdk-instance-when-needed)
 - [2. Handle consent in React](#2-handle-consent-in-react)
-  - [Reading consent state](#reading-consent-state)
+  - [Default-on consent](#default-on-consent)
   - [Updating consent](#updating-consent)
+  - [Reading consent state](#reading-consent-state)
   - [Revoking consent](#revoking-consent)
+  - [Optional consent policy controls](#optional-consent-policy-controls)
   - [Consent-gated rendering](#consent-gated-rendering)
 - [3. Personalize entries with OptimizedEntry](#3-personalize-entries-with-optimizedentry)
   - [Basic usage](#basic-usage)
@@ -78,7 +80,8 @@ In practice, most React integrations follow this high-level sequence:
 
 1. Wrap the app with `OptimizationRoot` or `OptimizationProvider` + `LiveUpdatesProvider`.
 2. Read the SDK through hooks such as `useOptimization()` or `useOptimizationContext()`.
-3. Handle consent in application UI before enabling broader event collection.
+3. Apply the application's consent policy: seed `defaults={{ consent: true }}` for default-on
+   integrations, or call `consent(true | false)` from a consent UI or CMP callback.
 4. Render personalized entries with `OptimizedEntry` or `useOptimizedEntry`.
 5. Enable automatic or manual entry interaction tracking where needed.
 6. Add a router adapter so `page()` events follow client-side navigation.
@@ -122,18 +125,21 @@ children can mount before the first visible paint.
 
 Available configuration props:
 
-| Prop                    | Type                           | Required | Default                                         | Description                                                         |
-| ----------------------- | ------------------------------ | -------- | ----------------------------------------------- | ------------------------------------------------------------------- |
-| `clientId`              | `string`                       | Yes      | N/A                                             | Your Contentful Optimization client identifier                      |
-| `environment`           | `string`                       | No       | `'main'`                                        | Contentful environment                                              |
-| `api`                   | `CoreApiConfig`                | No       | See below                                       | Experience API and Insights API configuration                       |
-| `app`                   | `App`                          | No       | —                                               | Application metadata attached to events                             |
-| `contentfulLocales`     | `ContentfulLocales`            | No       | —                                               | Contentful locale codes used for SDK-assisted CDA locale resolution |
-| `locale`                | `string`                       | No       | `undefined` unless `contentfulLocales` is set   | Initial app/content locale candidate                                |
-| `trackEntryInteraction` | `TrackEntryInteractionOptions` | No       | `{ views: true, clicks: false, hovers: false }` | Automatic entry interaction tracking options                        |
-| `logLevel`              | `LogLevels`                    | No       | `'error'`                                       | Minimum log level for console output                                |
-| `liveUpdates`           | `boolean`                      | No       | `false`                                         | Enable global live updates                                          |
-| `onStatesReady`         | `(states) => cleanup`          | No       | —                                               | Attach app-level state subscribers when SDK state is ready          |
+| Prop                    | Type                           | Required | Default                                         | Description                                                          |
+| ----------------------- | ------------------------------ | -------- | ----------------------------------------------- | -------------------------------------------------------------------- |
+| `clientId`              | `string`                       | Yes      | N/A                                             | Your Contentful Optimization client identifier                       |
+| `environment`           | `string`                       | No       | `'main'`                                        | Contentful environment                                               |
+| `api`                   | `CoreApiConfig`                | No       | See below                                       | Experience API and Insights API configuration                        |
+| `app`                   | `App`                          | No       | —                                               | Application metadata attached to events                              |
+| `contentfulLocales`     | `ContentfulLocales`            | No       | —                                               | Contentful locale codes used for SDK-assisted CDA locale resolution  |
+| `locale`                | `string`                       | No       | `undefined` unless `contentfulLocales` is set   | Initial app/content locale candidate                                 |
+| `defaults`              | `CoreConfigDefaults`           | No       | `undefined`                                     | Initial consent, persistence consent, profile, or optimization state |
+| `allowedEventTypes`     | `EventType[]`                  | No       | `['identify', 'page']`                          | Event types allowed before consent is explicitly set                 |
+| `trackEntryInteraction` | `TrackEntryInteractionOptions` | No       | `{ views: true, clicks: false, hovers: false }` | Automatic entry interaction tracking options                         |
+| `cookie`                | `CookieAttributes`             | No       | `{ domain: undefined, expires: 365 }`           | Anonymous ID cookie settings inherited from the Web SDK              |
+| `logLevel`              | `LogLevels`                    | No       | `'error'`                                       | Minimum log level for console output                                 |
+| `liveUpdates`           | `boolean`                      | No       | `false`                                         | Enable global live updates                                           |
+| `onStatesReady`         | `(states) => cleanup`          | No       | —                                               | Attach app-level state subscribers when SDK state is ready           |
 
 A more complete initialization with explicit API endpoints and interaction tracking:
 
@@ -272,39 +278,28 @@ unmount.
 
 ## 2. Handle consent in React
 
-The SDK gates certain event types behind a consent state. By default, only `identify` and `page`
-events are allowed before consent is explicitly set. All other event types are blocked until the
-user accepts or rejects consent.
+React applications usually choose one startup policy: seed accepted consent when application policy
+permits Optimization by default, or leave SDK consent unset and connect application-owned controls
+to `consent(true | false)`.
 
-### Reading consent state
+### Default-on consent
 
-Subscribe to consent state changes using the SDK's `states` observable:
+If your application policy permits Optimization by default and you do not render an end-user consent
+UI, seed accepted consent on `OptimizationRoot`:
 
 ```tsx
-import { useOptimizationContext } from '@contentful/optimization-react-web'
-import { useEffect, useState } from 'react'
-
-function ConsentStatus() {
-  const { sdk, isReady } = useOptimizationContext()
-  const [consent, setConsent] = useState<boolean | undefined>(undefined)
-
-  useEffect(() => {
-    if (!sdk || !isReady) return
-
-    const sub = sdk.states.consent.subscribe((value) => {
-      setConsent(value)
-    })
-
-    return () => sub.unsubscribe()
-  }, [sdk, isReady])
-
-  return <p>Consent: {String(consent)}</p>
-}
+<OptimizationRoot clientId="your-client-id" defaults={{ consent: true }}>
+  <YourApp />
+</OptimizationRoot>
 ```
 
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID.
+
 ### Updating consent
 
-Call `consent()` to accept or reject:
+When your application policy depends on user choice, call `consent()` from the banner, CMP callback,
+or account settings flow that owns the user's choice:
 
 ```tsx
 import { useOptimization } from '@contentful/optimization-react-web'
@@ -326,6 +321,37 @@ When consent is accepted (`true`), all event types are permitted and any auto-en
 interaction trackers are started. When consent is rejected (`false`), auto-enabled interaction
 trackers are disabled and non-allowed event types are blocked.
 
+By default, only `identify` and `page` events are allowed before consent is explicitly set. All
+other event types are blocked until consent is granted or the event type is allow-listed. For
+cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+### Reading consent state
+
+Subscribe to consent state changes using the SDK's `states` observable:
+
+```tsx
+import { useOptimizationContext } from '@contentful/optimization-react-web'
+import { useEffect, useState } from 'react'
+
+function ConsentStatus() {
+  const { sdk, isReady } = useOptimizationContext()
+  const [consent, setConsent] = useState<boolean | undefined>(undefined)
+
+  useEffect(() => {
+    if (!sdk || !isReady) return
+
+    const sub = sdk.states.consent.subscribe((value) => {
+      setConsent(value)
+    })
+
+    return () => sub.unsubscribe()
+  }, [sdk, isReady])
+
+  return <p>Consent: {String(consent)}</p>
+}
+```
+
 ### Revoking consent
 
 To revoke consent after it was previously accepted:
@@ -342,6 +368,14 @@ function RevokeConsent() {
 }
 ```
 
+### Optional consent policy controls
+
+Use these options only when your application policy needs a stricter or split consent model:
+
+- Set `allowedEventTypes={[]}` for strict opt-in before any Optimization event can emit.
+- Call `consent({ events: true, persistence: false })` when events are allowed but durable profile
+  continuity must stay session-only.
+
 ### Consent-gated rendering
 
 A common pattern is to gate personalization features on consent:
diff --git a/documentation/guides/integrating-the-web-sdk-in-a-web-app.md b/documentation/guides/integrating-the-web-sdk-in-a-web-app.md
index 8185a090..5ab2eed3 100644
--- a/documentation/guides/integrating-the-web-sdk-in-a-web-app.md
+++ b/documentation/guides/integrating-the-web-sdk-in-a-web-app.md
@@ -41,8 +41,8 @@ The Web SDK is the browser-side package in the Optimization SDK Suite. It lets c
 
 - evaluate browser events such as `page()`, `identify()`, and `track()` and receive profile data,
   selected optimizations, and Custom Flag changes
-- persist consent, profile state, selected optimizations, and the anonymous profile identifier in
-  browser-managed storage
+- persist consent and, when persistence consent permits it, profile state, selected optimizations,
+  changes, and the anonymous profile identifier in browser-managed storage
 - resolve optimized Contentful entries in the browser after baseline content has been fetched
 - resolve merge tags against the current profile
 - emit page, component view, click, hover, and custom business events from the browser
@@ -62,7 +62,8 @@ becomes known.
 In practice, most Web SDK integrations follow this high-level sequence:
 
 1. Create one SDK instance for the current page or SPA runtime.
-2. Let the application own consent UI and call `consent(true | false)` when the user makes a choice.
+2. Apply the application's consent policy: seed `defaults: { consent: true }` for default-on
+   integrations, or call `consent(true | false)` from a consent UI or CMP callback.
 3. Emit `page()` on the first load and again whenever the active route changes.
 4. Fetch baseline Contentful entries and resolve variants with `resolveOptimizedEntry()`.
 5. Render flags and merge tags from current SDK state.
@@ -158,9 +159,23 @@ Notes:
 The Web SDK exposes a browser-side `consent()` method, but your application still owns the consent
 policy and user experience.
 
-By default, only `identify` and `page` are allowed before consent is explicitly set. Other event
-types are blocked until the user accepts consent. When consent is accepted, the Web SDK also starts
-any auto-enabled entry interaction trackers.
+If your application policy permits Optimization by default and you do not render an end-user consent
+UI, seed accepted consent during initialization:
+
+```ts
+export const optimization = new ContentfulOptimization({
+  clientId: APP_CONFIG.optimizationClientId,
+  defaults: { consent: true },
+})
+```
+
+That starts all gated SDK events immediately and permits durable profile-continuity storage for
+profile, selected optimizations, changes, and the anonymous ID. Consent defaults do not change
+feature defaults such as `autoTrackEntryInteraction`; configure those separately when you want
+automatic tracking enabled.
+
+If your application policy depends on user choice, leave SDK consent unset at startup and call
+`consent(true | false)` from an application-owned banner or CMP callback:
 
 ```ts
 const acceptButton = document.querySelector<HTMLButtonElement>('#consent-accept')
@@ -188,9 +203,17 @@ Important behavior:
 - `reset()` is not a consent API; it clears profile-related state but intentionally preserves the
   consent choice
 
+By default, only `identify` and `page` are allowed before consent is explicitly set. Other event
+types are blocked until consent is granted or the event type is allow-listed. For cross-SDK consent
+policy guidance, see
+[Consent management in the Optimization SDK Suite](../concepts/consent-management-in-the-optimization-sdk-suite.md).
+
 If your policy requires a stricter pre-consent posture, configure `allowedEventTypes: []` during
 initialization instead of relying on the default `['identify', 'page']`.
 
+If events are allowed but durable profile continuity must stay session-only, call
+`optimization.consent({ events: true, persistence: false })`.
+
 ## 3. Emit `page()` on first load and route changes
 
 In a traditional multi-page site, calling `page()` after initialization is usually enough because
@@ -628,7 +651,8 @@ For the lower-level mechanics behind that handoff, see
 
 That is the pattern shown in the `node-sdk+web-sdk` reference implementation:
 
-- the server persists `ANONYMOUS_ID_COOKIE` with `path: '/'` and `sameSite: 'lax'`
+- the server persists `ANONYMOUS_ID_COOKIE` with `path: '/'` and `sameSite: 'lax'` when consent
+  permits profile continuity
 - the browser Web SDK reads the same cookie during initialization
 - after hydration, browser events continue from the same anonymous profile instead of starting over
 
diff --git a/implementations/AGENTS.md b/implementations/AGENTS.md
index 12c7a5e8..1c85ea5f 100644
--- a/implementations/AGENTS.md
+++ b/implementations/AGENTS.md
@@ -1,96 +1,67 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first, then the nearest implementation-specific `AGENTS.md`.
+Applies to reference implementations and shared implementation contracts under `implementations/`.
 
-These instructions apply to all reference implementations under `implementations/` and to shared
-implementation contracts such as `PREVIEW_PANEL_SCENARIOS.md`.
+## Boundaries
 
-For implementation README prose style, follow [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md). This file
-owns implementation boundaries, implementation README structure, and local validation rules.
+- Reference implementations demonstrate SDK integration patterns; reusable SDK behavior belongs in
+  `packages/`.
+- Keep apps small, example-oriented, and aligned with the public SDK surface they demonstrate.
+- CDA entry fetches used for SDK entry resolution must stay single-locale. Do not use
+  `withAllLocales` or `locale=*`; use SDK-assisted locale resolution instead.
+- Experience API calls that render MergeTags must use the same resolved Contentful locale.
+- Prefer root wrappers: `pnpm implementation:run -- <implementation> <script>`. If an implementation
+  has no `package.json`, use its local README or child `AGENTS.md`.
 
-## Implementation boundaries
+## Implementation READMEs
 
-- Reference implementations demonstrate integration patterns. Reusable SDK behavior belongs in the
-  relevant package under `packages/`.
-- Keep implementation code minimal, example-oriented, and aligned with the public SDK surface it is
-  demonstrating.
-- When a reference implementation fetches CDA entries for SDK entry resolution, keep those fetches
-  single-locale. Do not use `withAllLocales` or `locale=*`; configure SDK `contentfulLocales` and
-  use the resolved SDK `locale`, `withOptimizationLocale()`, native `client.locale`, or Node
-  `resolveRequestLocale()` result. When the implementation calls the Experience API for content that
-  can render MergeTags, use that same resolved Contentful locale through SDK-assisted stateful
-  config or the stateless per-call `{ locale }` request option.
-- Prefer root wrapper commands such as `pnpm implementation:run -- <implementation> <script>` for
-  implementations that have a `package.json`.
-- If the implementation has no `package.json`, use its local README or child `AGENTS.md` commands.
-
-## Implementation README standards
-
-- Reference implementation READMEs must open with the repository-standard centered Contentful
-  header, implementation-specific `<h3>`, navigation links including `Readme`, Guides, Reference,
-  and Contributing, and the pre-release warning.
-- Header navigation in reference implementation READMEs is rendered in both GitHub source browsing
-  and TypeDoc project documents. Keep Guides and Reference links as stable generated-docs URLs
-  unless you have verified the replacement in both render targets.
-- The introduction must identify the SDK package or packages being demonstrated and link back to the
-  SDK suite root README.
-- Put `## What this demonstrates` near the top and describe the smallest useful scenario, tested SDK
-  surfaces, and any important architecture caveat. Keep the tone example-oriented, not marketing
-  oriented.
-- Keep implementation READMEs procedural. Explain what code path demonstrates the SDK behavior and
-  where to inspect it, but do not duplicate package API manuals or authored integration guides.
+- Follow root Markdown rules and [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md).
+- Use the repo-standard header, implementation-specific `<h3>`, Readme/Guides/Reference/Contributing
+  navigation, pre-release warning, and an introduction naming the demonstrated SDK packages.
+- Put `## What this demonstrates` near the top. Keep the tone procedural and example-oriented, not a
+  package API manual.
 - Use `## Prerequisites`, `## Setup`, `## Running locally`, `## Running E2E tests`, and `## Related`
-  when applicable. Omit sections that do not match the implementation, such as `Running locally` for
-  a test-only native app.
-- Setup and run commands must prefer monorepo-root commands first, especially `pnpm build:pkgs`,
-  `pnpm implementation:run -- <implementation> implementation:install`,
-  `pnpm implementation:run -- <implementation> <script>`, and the root `setup:e2e:*` / `test:e2e:*`
-  wrappers when they exist.
-- Keep `.env` instructions tied to the implementation-local `.env.example`. Do not suggest
-  overwriting an existing `.env`, and state when defaults are mock-safe.
-- If the README mentions ports, scripts, process cleanup, browsers, Docker, Detox, Xcode,
-  Playwright, PM2, or emulator requirements, keep those details aligned with the implementation
-  `package.json`, nearest child `AGENTS.md`, and actual scripts.
-- End with `## Related` links to the demonstrated package README, nearby comparison implementations,
-  shared mocks, and scenario contracts when relevant.
+  when they fit the implementation.
+- Prefer monorepo-root setup/run commands, local `.env.example` guidance, and links to demonstrated
+  package READMEs, related implementations, shared mocks, or scenario contracts.
+- Keep ports, process cleanup, Docker, Playwright, Detox, Xcode, emulator, and PM2 details aligned
+  with scripts and local `AGENTS.md`.
 
 ## Shared failure modes
 
-- Package changes are not reflected in a package-backed implementation: run `pnpm build:pkgs`, then
-  rerun `pnpm implementation:run -- <implementation> implementation:install`.
-- Missing SDK APIs or stale SDK types in a package-backed implementation are package artifact or
-  install-state failures until proven otherwise. First compare the built package/tarball
-  declarations with the implementation's installed declarations. Do not add local shims, copied
-  types, wrapper types, casts, or source patches in the reference implementation to compensate for
-  stale installed SDK packages.
-- If the goal is full E2E setup rather than the narrowest refresh step, prefer the root
-  `pnpm setup:e2e:<implementation>` wrapper when one exists.
-- For a full E2E run, prefer the root `pnpm test:e2e:<implementation>` wrapper when one exists.
-- Behavior differs from the documented mock setup: compare the implementation `.env` with
-  `.env.example` before changing code.
-- The app or mocks fail to bind local ports: stop only the affected implementation's local processes
-  with its documented stop command.
-- Do not use broad PM2 cleanup for reference apps. Prefer implementation-local `serve:stop` scripts
-  where they exist.
-- Implementation-specific runtime failures such as Docker availability, Playwright browser setup,
-  emulator requirements, `.env` drift, PM2 state, and local port conflicts belong in the relevant
-  implementation `AGENTS.md`.
+- If package changes are not reflected in an implementation, run `pnpm build:pkgs`, then rerun that
+  implementation's install script.
+- Missing SDK APIs or stale SDK types in an implementation are artifact or install-state failures
+  until proven otherwise; compare built package declarations with installed declarations before
+  adding implementation-local shims.
+- Prefer root `pnpm setup:e2e:<implementation>` and `pnpm test:e2e:<implementation>` wrappers when
+  they exist.
+- For native and React Native E2E, prefer the child implementation's runner script over raw tool
+  invocations. The runners start mocks, build/install apps, configure ports, and clean up their own
+  child processes.
+- Do not treat a missing attached emulator/simulator before a runner starts as proof that E2E cannot
+  run locally. Try the documented runner or report its concrete preflight failure.
+- Do not treat a generic implementation `test` script as a replacement for Playwright, Detox,
+  Maestro, or XCUITest. If the E2E concern is app behavior, run the E2E command.
+- If behavior differs from documented mocks, compare the implementation `.env` with `.env.example`
+  before changing code.
+- Stop only the affected implementation's local processes with its documented stop command. Do not
+  use broad PM2 cleanup.
 
 ## Preview panel contract
 
-- `PREVIEW_PANEL_SCENARIOS.md` is the shared contract for cross-platform preview-panel E2E behavior.
-- Keep scenario names, fixture IDs, accessibility identifiers, and test expectations aligned across
-  React Native Detox and native iOS XCUITest coverage.
-- Do not add debug-only UI labels solely to satisfy preview-panel tests; assertions must observe
-  rendered content or real controls.
+- `PREVIEW_PANEL_SCENARIOS.md` is the shared cross-platform preview-panel E2E contract.
+- Keep scenario names, fixture IDs, accessibility identifiers, and expectations aligned across React
+  Native Detox, native iOS XCUITest, Android Maestro, and affected package tests.
+- Do not add debug-only UI labels solely for tests; assertions should observe rendered content or
+  real controls.
 
-## Usually validate
+## Validate
 
-- Run implementation `typecheck` for local TypeScript or TSX changes when the implementation
-  provides it.
-- Run `build` when changing production bundling, static assets, copied SDK assets, or serving
-  behavior.
-- Run implementation unit tests only when meaningful local unit tests exist and the changed behavior
-  is covered there.
-- Run Detox or XCUITest for native implementation changes that affect runtime tracking, preview
-  behavior, navigation, offline behavior, or end-to-end user experience.
+- Run implementation `typecheck` for local TypeScript or TSX changes when available.
+- Run `build` for production bundling, static assets, copied SDK assets, or serving changes.
+- Run unit tests only when meaningful local tests exist for the changed behavior.
+- Run Playwright, Detox, XCUITest, or Maestro when user-visible behavior, routing, event flow,
+  tracking, preview behavior, navigation, offline behavior, or native lifecycle behavior changes.
+- Use targeted E2E first: Playwright project/file filters, RN Detox `--test-file` or `-t`, Android
+  Maestro `--flow`, and iOS `IOS_ONLY_TESTING` or the local iOS runner's `ONLY_TESTING`.
diff --git a/implementations/android-sdk/AGENTS.md b/implementations/android-sdk/AGENTS.md
index 5b2a8c97..e72acdce 100644
--- a/implementations/android-sdk/AGENTS.md
+++ b/implementations/android-sdk/AGENTS.md
@@ -1,114 +1,56 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+Native Android reference implementations: Jetpack Compose and XML Views apps using
+`packages/android/ContentfulOptimization`. One Maestro flow set drives both apps.
 
-## Scope
+## Rules
 
-This directory hosts **two** native Android reference implementations that integrate the Android SDK
-from `packages/android/ContentfulOptimization` — one Jetpack Compose, one legacy XML Views. Both
-apps demonstrate the same SDK capabilities, expose the same test IDs, and are driven by the **same**
-Maestro flow set from `maestro/`. This mirrors the iOS `swiftui/` + `uikit/` pair at
-`implementations/ios-sdk/`.
-
-The Android E2E suite is [Maestro](https://maestro.dev) (`maestro/`): one flow set drives both apps
-via `appId: ${APP_ID}`, run locally with `pnpm test:e2e` and in CI by the `e2e-android-maestro` job.
-The old UiAutomator suite under `uitests/` has been retired (its CI job removed) and that module is
-dormant pending deletion in a follow-up — do not add to it.
-
-## Key paths
-
-- `compose/src/main/kotlin/com/contentful/optimization/app/` — Jetpack Compose reference impl
-  - `screens/` — Screen composables
-  - `components/` — Reusable UI components
-  - applicationId: `com.contentful.optimization.app`
-- `views/src/main/kotlin/com/contentful/optimization/app/views/` — XML Views reference impl
-  - `screens/` is folded into per-screen Activities (`MainActivity`, `NavigationTestActivity`,
-    `LiveUpdatesTestActivity`)
-  - `components/` — `*Binder` objects that construct the equivalent View trees
-  - `support/TestTagging.kt` — `View.setTestTag(testTag)` extension that exposes a kebab-case string
-    as the view's `viewIdResourceName` via `AccessibilityNodeInfoCompat.setViewIdResourceName`,
-    matching Compose's `testTagsAsResourceId = true` so the same Maestro `id:` selector resolves in
-    both apps
-  - applicationId: `com.contentful.optimization.app.views`
-- `shared/src/main/kotlin/com/contentful/optimization/shared/` — Platform-agnostic Kotlin helpers
-  (`AppConfig`, `ContentfulFetcher`, `EventStore`, `MockPreviewContentfulClient`, `RichText`)
-  consumed by both `:compose` and `:views`
-- `maestro/` — the Maestro E2E flow set (one set, both apps); see `maestro/README.md`
-- `uitests/` — retired UiAutomator module (`com.android.test`), dormant pending removal
-- `scripts/` — build and run scripts; `run-e2e.sh` is the Maestro runner (manages the emulator, mock
-  server, and app installs), `ci-maestro-run.sh` is the CI runner with per-flow retry
-- `build.gradle.kts` — Root build config (plugin versions)
-- `settings.gradle.kts` — Project structure (includes `:compose`, `:views`, `:shared`, `:uitests`,
-  and the SDK module via `project.dir`)
-
-## Local rules
-
-- **Both apps must be kept in lock-step.** Any new screen, component, button, or test-id must land
-  in `compose/` and `views/` in the same change. The shared Maestro flow set asserts the same
-  contract against both, so a one-sided change fails that app's matrix leg in CI.
-- Reusable SDK behavior belongs in `packages/android/ContentfulOptimization`; TypeScript bridge
-  behavior belongs in `packages/universal/optimization-js-bridge`. Platform-agnostic helpers shared
-  between `:compose` and `:views` belong in `:shared`. Compose-only or Views-only glue stays in its
-  own app module.
-- The mock server must be running on the host at port `8000` before running either app. The apps
-  reach it via the emulator host alias `http://10.0.2.2:8000` (`AppConfig.mockHost`), so no
-  `adb reverse` is required; `10.0.2.2` survives adb-daemon restarts that wipe reverse forwards.
-- After SDK source changes, rebuild both apps via
-  `./gradlew :compose:assembleDebug :views:assembleDebug` from this directory.
-- Keep accessibility identifiers (testTags) aligned with the iOS SwiftUI implementation and
-  `implementations/PREVIEW_PANEL_SCENARIOS.md`.
-
-## Test-ID contract
-
-- **Compose impl:** `Modifier.testTag("foo-bar")` on the composable; the root composable sets
-  `testTagsAsResourceId = true` so the tag is exposed as the node's resource-id, matched by
-  Maestro's `id: "foo-bar"` selector.
-- **Views impl:** `view.setTestTag("foo-bar")` (the extension in `views/.../support/TestTagging.kt`)
-  installs an `AccessibilityDelegateCompat` whose `onInitializeAccessibilityNodeInfo` reports the
-  same string as `viewIdResourceName`, so the same `id: "foo-bar"` selector resolves the matching
-  `View`. Android XML `android:id` values must be valid Java identifiers and cannot carry kebab-case
-  test tags, which is why the resource-id name is set programmatically.
-- **SDK-side accessibility identifiers** (e.g. `OptimizedEntry`/`OptimizedEntryView`'s
-  `accessibilityIdentifier` parameter) are surfaced through `contentDescription`, matched by
-  Maestro's text selector (a bare string or `text:`). This applies to both impls; the SDK adapter is
-  responsible for setting the `contentDescription` so the same selector resolves.
-- Test launch arguments use intent extras: `--ez reset true` clears SDK SharedPreferences for a
-  clean unidentified start. (Offline simulation was removed — see
-  [`maestro/OFFLINE_TESTING.md`](./maestro/OFFLINE_TESTING.md).)
+- Keep Compose and Views apps in lock-step. New screens, components, buttons, and test IDs must land
+  in both apps in the same change.
+- Reusable SDK behavior belongs in `packages/android/ContentfulOptimization`; bridge behavior
+  belongs in `packages/universal/optimization-js-bridge`; shared app helpers belong in `:shared`.
+- The mock server must run on the host at port `8000`; apps reach it through `http://10.0.2.2:8000`.
+- After SDK source changes, build both apps from this directory:
+  `./gradlew :compose:assembleDebug :views:assembleDebug`.
+- The retired UiAutomator module under `uitests/` is dormant; do not add to it.
+- Keep accessibility identifiers aligned with iOS and `implementations/PREVIEW_PANEL_SCENARIOS.md`.
+- Prefer `scripts/run-e2e.sh` or the package scripts for local Maestro. The runner starts the mock
+  server, resolves or launches a visible emulator for the pinned `pixel_7_api35_e2e` AVD, builds,
+  installs, runs Maestro, writes logs, and cleans up its own child processes.
+- Do not claim Android Maestro cannot run locally just because no device is attached before the
+  runner starts. Run the documented runner or report its exact preflight failure.
+
+## Test IDs and Maestro
+
+- Compose uses `Modifier.testTag("foo-bar")`; `testTagsAsResourceId = true` exposes tags to Maestro
+  `id:` selectors.
+- Views use `view.setTestTag("foo-bar")` from `views/.../support/TestTagging.kt` to expose the same
+  resource-id string.
+- SDK-side `accessibilityIdentifier` values surface through `contentDescription` and are matched by
+  Maestro text selectors.
+- Test launch arguments use intent extras; `--ez reset true` clears SDK SharedPreferences for a
+  clean unidentified start.
+- Flows live in `maestro/<suite>/*.yaml`; each flow declares `appId: ${APP_ID}` and is run against
+  both packages.
 
 ## Commands
 
-- `pnpm serve:mocks` (from monorepo root)
-- Build bridge first: `pnpm --filter @contentful/optimization-js-bridge build`
+- `pnpm serve:mocks`
+- `pnpm --filter @contentful/optimization-js-bridge build`
 - Build one app: `./gradlew :compose:assembleDebug` or `./gradlew :views:assembleDebug`
-- Build both APKs for the matrix: `pnpm build:apks`
-- Bootstrap Compose impl on emulator: `./scripts/bootstrap.sh`
-- Run the Maestro suite against the Compose app: `pnpm test:e2e:compose`
-- Run the Maestro suite against the Views app: `pnpm test:e2e:views`
-- Default `pnpm test:e2e` runs both apps
-- Run a single suite against an app: `pnpm test:e2e:compose -- --flow preview-panel`
-
-## E2E tests (Maestro)
-
-- Flows live in `maestro/<suite>/*.yaml`; a `maestro/config.yaml` workspace file makes flow
-  discovery recurse into the per-suite subfolders.
-- One flow set drives both apps. Each flow declares `appId: ${APP_ID}`; the runner passes the
-  package at runtime (`maestro test -e APP_ID=<pkg> maestro`).
-- Selectors: `id:` matches the resource-id (app test tags, per the contract above); a bare string or
-  `text:` matches visible text and `contentDescription` (SDK `accessibilityIdentifier` elements).
-- `stopApp` + a `reset` launch arg gives a clean unidentified start without `pm clear` (which wedges
-  the package manager on loaded CI emulators).
-- Flow/test names match the iOS XCUITest suite at `implementations/ios-sdk/uitests/Tests/` for
-  cross-platform parity. The dwell/view-tracking contract stays out of E2E — it is owned by
-  `ViewTrackingControllerTest` (JVM unit) and the iOS suite.
-- The mock server must be running before running the suite; the apps reach it via `10.0.2.2`.
-
-## Usually validate
-
-- Build and assemble both APKs after Kotlin changes:
-  `./gradlew :compose:assembleDebug :views:assembleDebug`.
-- After UI structure changes, run the Maestro suite against both apps locally before pushing —
-  `pnpm test:e2e:compose && pnpm test:e2e:views`. A regression that only shows up against one app
-  points to a test-id or behavior divergence between the two reference impls.
+- Build both APKs: `pnpm build:apks`
+- Bootstrap Compose on emulator: `./scripts/bootstrap.sh`
+- Run Compose E2E from the monorepo root: `pnpm implementation:run -- android-sdk test:e2e:compose`
+- Run Views E2E from the monorepo root: `pnpm implementation:run -- android-sdk test:e2e:views`
+- Run both apps from the monorepo root: `pnpm implementation:run -- android-sdk test:e2e`
+- Run one suite: `pnpm implementation:run -- android-sdk test:e2e:compose -- --flow preview-panel`
+- From `implementations/android-sdk/`, the equivalent local scripts are `pnpm test:e2e:compose`,
+  `pnpm test:e2e:views`, `pnpm test:e2e`, and `./scripts/run-e2e.sh --flow <suite>`.
+
+## Validate
+
+- Assemble both APKs after Kotlin changes.
+- Run Maestro against both apps after shared UI structure, test ID, or behavior changes. If only
+  Compose or only Views is affected, run that shell first, then run the other shell when parity is
+  part of the contract.
 - Rebuild `@contentful/optimization-js-bridge` before testing when bridge source changed.
-- Verify accessibility identifiers match iOS counterparts when changing UI structure.
diff --git a/implementations/android-sdk/scripts/run-e2e.sh b/implementations/android-sdk/scripts/run-e2e.sh
index 94461caa..7b0b8244 100755
--- a/implementations/android-sdk/scripts/run-e2e.sh
+++ b/implementations/android-sdk/scripts/run-e2e.sh
@@ -553,6 +553,9 @@ install_app() {
         exit 1
     fi
 
+    log_info "Removing any existing $module install ($package)..."
+    adb uninstall "$package" >/dev/null 2>&1 || true
+
     log_info "Installing $module APK ($package)..."
     adb install -r "$app_apk"
 }
diff --git a/implementations/ios-sdk/AGENTS.md b/implementations/ios-sdk/AGENTS.md
index 03a54f15..efee212f 100644
--- a/implementations/ios-sdk/AGENTS.md
+++ b/implementations/ios-sdk/AGENTS.md
@@ -1,51 +1,52 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+Native iOS reference implementation for bridge and preview-panel validation, with SwiftUI and UIKit
+app shells generated from `project.yml`.
 
-## Scope
+## Rules
 
-This is the native iOS reference implementation for bridge and preview-panel validation work. It
-uses separate SwiftUI and UIKit app shells generated from `project.yml`.
-
-## Key paths
-
-- `shared/`
-- `swiftui/`
-- `uikit/`
-- `uitests/`
-- `OptimizationApp.xcodeproj/`
-- `project.yml`
-- `README.md`
-
-## Local rules
-
-- Keep this app focused on validating native iOS integration behavior. Reusable Swift SDK behavior
-  belongs in `packages/ios/ContentfulOptimization`, and TypeScript bridge behavior belongs in
-  `packages/universal/optimization-js-bridge`.
-- The mock server must be running at `http://localhost:8000` before UI tests.
-- The Xcode project is generated by XcodeGen from `project.yml`. After adding, renaming, or moving
-  iOS source files, run `xcodegen generate` from `implementations/ios-sdk/`.
-- XCUITest source lives under `uitests/`. Add test files under `uitests/Tests/`; both generated UI
-  test bundles pick them up from the shared source tree.
+- Reusable Swift SDK behavior belongs in `packages/ios/ContentfulOptimization`; TypeScript bridge
+  behavior belongs in `packages/universal/optimization-js-bridge`.
+- Run the mock server at `http://localhost:8000` before UI tests.
+- The Xcode project is generated by XcodeGen; after adding, renaming, or moving iOS source files,
+  run `xcodegen generate` from this directory.
+- XCUITest source lives under `uitests/Tests/` and is shared by both generated UI test bundles.
 - Keep preview-panel scenario names, fixture IDs, and accessibility identifiers aligned with
-  `implementations/PREVIEW_PANEL_SCENARIOS.md` and the React Native Detox suite.
-- This app has no `package.json`, so root `pnpm implementation:run` wrappers do not target it.
+  `implementations/PREVIEW_PANEL_SCENARIOS.md`, React Native, and Android.
+- Use the local scripts or root `pnpm implementation:run -- ios-sdk ...` wrappers before falling
+  back to raw `xcodebuild`. The scripts run preflight checks, build the bridge, generate the Xcode
+  project, start mocks, resolve a simulator, and clean up their own child processes.
+- Do not claim iOS XCUITest cannot run locally until the local runner or root wrapper has failed
+  with a concrete macOS, Xcode, simulator, XcodeGen, or signing preflight error.
 
 ## Commands
 
 - `pnpm serve:mocks`
+- Local one-shot SwiftUI XCUITest runner from `implementations/ios-sdk/`: `./scripts/run-e2e.sh`
+- Local UIKit XCUITest runner from `implementations/ios-sdk/`:
+  `APP_SHELL=uikit ./scripts/run-e2e.sh`
+- Local targeted suite:
+  `ONLY_TESTING=OptimizationAppUITestsSwiftUI/PreviewPanelOverridesTests ./scripts/run-e2e.sh`
+- Root release build for both shells:
+  `pnpm implementation:run -- ios-sdk test:e2e:ios:build:release`
+- Root release run for SwiftUI:
+  `IOS_SCHEME=SwiftUI pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`
+- Root release run for UIKit:
+  `IOS_SCHEME=UIKit pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`
+- Root targeted release run:
+  `IOS_SCHEME=SwiftUI IOS_ONLY_TESTING=OptimizationAppUITestsSwiftUI/PreviewPanelOverridesTests pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`
 - From `implementations/ios-sdk/`: `xcodegen generate`
 - From `implementations/ios-sdk/`:
   `xcodebuild test -project OptimizationApp.xcodeproj -scheme OptimizationAppSwiftUI -destination 'platform=iOS Simulator,name=iPhone 16'`
 - From `implementations/ios-sdk/`:
   `xcodebuild test -project OptimizationApp.xcodeproj -scheme OptimizationAppUIKit -destination 'platform=iOS Simulator,name=iPhone 16'`
-- From `implementations/ios-sdk/`:
+- Targeted preview-panel suite:
   `xcodebuild test -project OptimizationApp.xcodeproj -scheme OptimizationAppSwiftUI -destination 'platform=iOS Simulator,name=iPhone 16' -only-testing:OptimizationAppUITestsSwiftUI/PreviewPanelOverridesTests`
 
-## Usually validate
+## Validate
 
-- Run targeted XCUITest coverage for the changed scenario when editing app UI, accessibility
-  identifiers, or scenario-specific behavior.
+- Run targeted XCUITest for the changed scenario when editing app UI, accessibility identifiers, or
+  scenario-specific behavior.
 - Run the full XCUITest suite for broad native integration, preview-panel, tracking, or lifecycle
   changes.
 - Rebuild `@contentful/optimization-js-bridge` before testing when bridge source changed.
diff --git a/implementations/ios-sdk/package.json b/implementations/ios-sdk/package.json
index ca2079a9..56623a21 100644
--- a/implementations/ios-sdk/package.json
+++ b/implementations/ios-sdk/package.json
@@ -5,6 +5,6 @@
   "scripts": {
     "xcodegen": "xcodegen generate",
     "test:e2e:ios:build:release": "set -o pipefail && pnpm run xcodegen && xcodebuild build-for-testing -project OptimizationApp.xcodeproj -scheme OptimizationAppSwiftUI -configuration Release -destination 'generic/platform=iOS Simulator' -derivedDataPath /tmp/optimization-ios-derived-data CODE_SIGNING_ALLOWED=NO COMPILER_INDEX_STORE_ENABLE=NO | xcbeautify && xcodebuild build-for-testing -project OptimizationApp.xcodeproj -scheme OptimizationAppUIKit -configuration Release -destination 'generic/platform=iOS Simulator' -derivedDataPath /tmp/optimization-ios-derived-data CODE_SIGNING_ALLOWED=NO COMPILER_INDEX_STORE_ENABLE=NO | xcbeautify",
-    "test:e2e:ios:run:release": "set -o pipefail && xcodebuild test-without-building -xctestrun \"$(ls /tmp/optimization-ios-derived-data/Build/Products/OptimizationApp${IOS_SCHEME}_*.xctestrun | head -1)\" -destination \"platform=iOS Simulator,name=${IOS_SIM_NAME:-iPhone 16},OS=${IOS_SIM_OS:-latest}\" -resultBundlePath /tmp/optimization-ios-derived-data/Test-${IOS_SCHEME}.xcresult ${IOS_ONLY_TESTING:+-only-testing:${IOS_ONLY_TESTING}} | xcbeautify"
+    "test:e2e:ios:run:release": "set -o pipefail && rm -rf \"/tmp/optimization-ios-derived-data/Test-${IOS_SCHEME}.xcresult\" && xcodebuild test-without-building -xctestrun \"$(ls /tmp/optimization-ios-derived-data/Build/Products/OptimizationApp${IOS_SCHEME}_*.xctestrun | head -1)\" -destination \"platform=iOS Simulator,name=${IOS_SIM_NAME:-iPhone 16},OS=${IOS_SIM_OS:-latest}\" -resultBundlePath /tmp/optimization-ios-derived-data/Test-${IOS_SCHEME}.xcresult ${IOS_ONLY_TESTING:+-only-testing:${IOS_ONLY_TESTING}} | xcbeautify"
   }
 }
diff --git a/implementations/ios-sdk/swiftui/App.swift b/implementations/ios-sdk/swiftui/App.swift
index 2e3cda95..bc7f155a 100644
--- a/implementations/ios-sdk/swiftui/App.swift
+++ b/implementations/ios-sdk/swiftui/App.swift
@@ -23,6 +23,7 @@ struct OptimizationDemoApp: App {
                     insightsBaseUrl: AppConfig.insightsBaseUrl,
                     contentfulLocales: AppConfig.contentfulLocales,
                     locale: AppConfig.defaultContentfulLocale,
+                    defaults: StorageDefaults(consent: true),
                     debug: true
                 ),
                 trackViews: true,
diff --git a/implementations/ios-sdk/uikit/SceneDelegate.swift b/implementations/ios-sdk/uikit/SceneDelegate.swift
index 27236cef..a31e1638 100644
--- a/implementations/ios-sdk/uikit/SceneDelegate.swift
+++ b/implementations/ios-sdk/uikit/SceneDelegate.swift
@@ -20,6 +20,7 @@ final class SceneDelegate: UIResponder, UIWindowSceneDelegate {
             insightsBaseUrl: AppConfig.insightsBaseUrl,
             contentfulLocales: AppConfig.contentfulLocales,
             locale: AppConfig.defaultContentfulLocale,
+            defaults: StorageDefaults(consent: true),
             debug: true
         ))
 
diff --git a/implementations/ios-sdk/uitests/Tests/PreviewPanelTests.swift b/implementations/ios-sdk/uitests/Tests/PreviewPanelTests.swift
index f11b7973..c3328368 100644
--- a/implementations/ios-sdk/uitests/Tests/PreviewPanelTests.swift
+++ b/implementations/ios-sdk/uitests/Tests/PreviewPanelTests.swift
@@ -5,9 +5,7 @@ final class PreviewPanelTests: XCTestCase {
 
     override func setUp() {
         continueAfterFailure = false
-        app.launch()
-        clearProfileState(app: app)
-        waitForElement(app.buttons["identify-button"])
+        clearProfileState(app: app, requireFreshAppInstance: true)
     }
 
     // MARK: - Helpers
diff --git a/implementations/node-sdk+web-sdk/AGENTS.md b/implementations/node-sdk+web-sdk/AGENTS.md
index 33f161d9..8c9c3f79 100644
--- a/implementations/node-sdk+web-sdk/AGENTS.md
+++ b/implementations/node-sdk+web-sdk/AGENTS.md
@@ -1,46 +1,21 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+Combined Node SSR + vanilla Web reference implementation for shared cookie-based server/browser
+behavior.
 
-## Scope
+## Rules
 
-This is the combined Node SSR + Web Vanilla reference implementation used to demonstrate shared
-cookie-based server and browser behavior.
-
-## Key paths
-
-- `src/`
-- `public/`
-- `e2e/`
-- `.env.example`
-
-## Local rules
-
-- Keep this app focused on demonstrating integration patterns, not housing reusable SDK logic.
-- `build` copies Web SDK and preview-panel assets into `public/dist`. Rebuild after changing those
-  packages or the way assets are served.
-- `serve` uses PM2-managed processes. Use `serve:stop` when done.
-
-## Common failure modes
-
-- Playwright reports a missing browser or executable: run `pnpm playwright:install` before retrying
-  E2E.
-- The app or mocks fail to bind local ports such as `3000` or `8000`: stop only this
-  implementation's local processes with `pnpm implementation:run -- node-sdk+web-sdk serve:stop`.
+- Keep this app focused on integration patterns, not reusable SDK logic.
+- `build` copies Web SDK and preview-panel assets into `public/dist`.
+- `serve` uses PM2-managed processes; use `serve:stop` when done.
 
 ## Commands
 
-- `pnpm implementation:run -- node-sdk+web-sdk implementation:install`
-- `pnpm implementation:run -- node-sdk+web-sdk typecheck`
-- `pnpm implementation:run -- node-sdk+web-sdk test:unit`
-- `pnpm implementation:run -- node-sdk+web-sdk build`
-- `pnpm implementation:run -- node-sdk+web-sdk serve`
-- `pnpm implementation:run -- node-sdk+web-sdk serve:stop`
-- `pnpm implementation:run -- node-sdk+web-sdk implementation:test:e2e:run`
+- `pnpm implementation:run -- node-sdk+web-sdk <script>` with `implementation:install`, `typecheck`,
+  `test:unit`, `build`, `serve`, `serve:stop`, or `implementation:test:e2e:run`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for local code changes.
-- Run `test:unit` when server-side logic or utilities change.
-- Run Playwright E2E for integration changes spanning cookies, browser assets, or cross-layer
-  behavior.
+- Run `test:unit` for server-side logic or utilities.
+- Run Playwright E2E for cookie, browser asset, or cross-layer integration changes.
diff --git a/implementations/node-sdk+web-sdk/README.md b/implementations/node-sdk+web-sdk/README.md
index 7fa89bd4..bf431dbe 100644
--- a/implementations/node-sdk+web-sdk/README.md
+++ b/implementations/node-sdk+web-sdk/README.md
@@ -26,7 +26,10 @@ This is a reference implementation using both the
 [Contentful Optimization SDK Suite](../../README.md).
 
 On the server side, the stateless Node SDK is created once at module load and each request passes
-its request-scoped options directly to stateless event methods.
+its request-scoped options directly to stateless event methods. The demo stores application-owned
+consent in a server-readable cookie and writes the shared anonymous ID cookie only when consent
+permits profile continuity. When app consent is missing or denied, the server clears the shared
+anonymous ID cookie, skips Node SDK event calls, and lets the browser render baseline entries.
 
 The goal of this reference implementation is to illustrate the usage of cookie-based communication
 in both the Node and Web SDKs, which is an important component of many server-side/client-side
@@ -55,8 +58,8 @@ for the entry contract.
 ## What this demonstrates
 
 Use this implementation when you need a hybrid SSR/browser example. It demonstrates a stateless Node
-SDK server flow, a stateful Web SDK browser flow, cookie-based profile continuity between them, and
-local mock API usage for end-to-end validation.
+SDK server flow, a stateful Web SDK browser flow, consent-aware cookie-based profile continuity
+between them, and local mock API usage for end-to-end validation.
 
 ## Prerequisites
 
diff --git a/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants-cookie.spec.ts b/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants-cookie.spec.ts
index ba4efe21..10b6a50b 100644
--- a/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants-cookie.spec.ts
+++ b/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants-cookie.spec.ts
@@ -3,11 +3,19 @@ import { expect, test } from '@playwright/test'
 import { getAnonymousIdFromCookie, getAnonymousIdFromStorage } from './utils'
 
 const CUSTOM_PROFILE_ID = 'custom-profile-id'
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
 
 test.describe('identified user: cookie', () => {
   test.beforeEach(async ({ page, context }) => {
     // user is already identified with a custom profile id
     await context.addCookies([
+      {
+        name: APP_PERSONALIZATION_CONSENT_COOKIE,
+        value: 'granted',
+        domain: 'localhost',
+        path: '/',
+        sameSite: 'Lax',
+      },
       {
         name: ANONYMOUS_ID_COOKIE,
         value: CUSTOM_PROFILE_ID,
diff --git a/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants.spec.ts b/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants.spec.ts
index 9454d8c3..1fedf127 100644
--- a/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants.spec.ts
+++ b/implementations/node-sdk+web-sdk/e2e/displays-identified-user-variants.spec.ts
@@ -1,8 +1,19 @@
 import { expect, test } from '@playwright/test'
 import { getAnonymousIdFromCookie, getAnonymousIdFromStorage } from './utils'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
 test.describe('identified user', () => {
-  test.beforeEach(async ({ page }) => {
+  test.beforeEach(async ({ page, context }) => {
+    await context.addCookies([
+      {
+        name: APP_PERSONALIZATION_CONSENT_COOKIE,
+        value: 'granted',
+        domain: 'localhost',
+        path: '/',
+        sameSite: 'Lax',
+      },
+    ])
     await page.goto(`/user/someone`)
     await page.waitForLoadState('domcontentloaded')
   })
diff --git a/implementations/node-sdk+web-sdk/e2e/displays-unidentified-user-variants.spec.ts b/implementations/node-sdk+web-sdk/e2e/displays-unidentified-user-variants.spec.ts
index 59496cf9..06c41b4c 100644
--- a/implementations/node-sdk+web-sdk/e2e/displays-unidentified-user-variants.spec.ts
+++ b/implementations/node-sdk+web-sdk/e2e/displays-unidentified-user-variants.spec.ts
@@ -1,4 +1,5 @@
 import { expect, test } from '@playwright/test'
+import { getAnonymousIdFromCookie, getAnonymousIdFromStorage } from './utils'
 
 test.describe('unidentified user', () => {
   test.beforeEach(async ({ page }) => {
@@ -6,33 +7,32 @@ test.describe('unidentified user', () => {
     await page.waitForLoadState('domcontentloaded')
   })
 
-  test('displays common variants', async ({ page }) => {
-    await expect(
-      page.getByText(
-        'This is a merge tag content entry that displays the visitor\'s continent "EU" embedded within the text.',
-      ),
-    ).toBeVisible()
+  test('does not store profile continuity before app consent', async ({ context }) => {
+    await expect.poll(async () => await getAnonymousIdFromCookie(context)).toBeUndefined()
+    await expect.poll(async () => await getAnonymousIdFromStorage(context)).toBeUndefined()
+  })
 
+  test('displays common baselines before app consent', async ({ page }) => {
     await expect(
-      page.getByText('This is a variant content entry for visitors from Europe.'),
+      page.getByText('This is a baseline content entry for visitors from any continent.'),
     ).toBeVisible()
 
     await expect(
-      page.getByText('This is a variant content entry for visitors using a desktop browser.'),
+      page.getByText('This is a baseline content entry for all visitors using any device.'),
     ).toBeVisible()
   })
 
-  test('displays unidentified user variants', async ({ page }) => {
+  test('displays unidentified user baselines before app consent', async ({ page }) => {
     await expect(page.getByText('This is a level 0 nested baseline entry.')).toBeVisible()
 
     await expect(page.getByText('This is a level 1 nested baseline entry.')).toBeVisible()
 
     await expect(page.getByText('This is a level 2 nested baseline entry.')).toBeVisible()
 
-    await expect(page.getByText('This is a variant content entry for new visitors.')).toBeVisible()
+    await expect(page.getByText('This is a baseline content entry for all users.')).toBeVisible()
 
     await expect(
-      page.getByText('This is a variant content entry for an A/B/C experiment: B'),
+      page.getByText('This is a baseline content entry for an A/B/C experiment: A'),
     ).toBeVisible()
 
     await expect(
diff --git a/implementations/node-sdk+web-sdk/e2e/entry-click-tracking.spec.ts b/implementations/node-sdk+web-sdk/e2e/entry-click-tracking.spec.ts
index a5f3efc2..4bad7e4b 100644
--- a/implementations/node-sdk+web-sdk/e2e/entry-click-tracking.spec.ts
+++ b/implementations/node-sdk+web-sdk/e2e/entry-click-tracking.spec.ts
@@ -4,6 +4,7 @@ interface ClickScenario {
   name: string
   entryTestId: string
   clickTargetTestId: string
+  expectedResolvedEntryId: string
 }
 
 const clickScenarios: ClickScenario[] = [
@@ -11,16 +12,19 @@ const clickScenarios: ClickScenario[] = [
     name: 'direct entry button',
     entryTestId: 'entry-click-direct-entry',
     clickTargetTestId: 'entry-click-direct-entry',
+    expectedResolvedEntryId: '4k6ZyFQnR2POY5IJLLlJRb',
   },
   {
     name: 'clickable descendant button',
     entryTestId: 'entry-click-descendant-entry',
     clickTargetTestId: 'entry-click-descendant-button',
+    expectedResolvedEntryId: '6iyPl6vfDH5AoClf3MtYlh',
   },
   {
     name: 'clickable ancestor button wrapper',
     entryTestId: 'entry-click-ancestor-entry',
     clickTargetTestId: 'entry-click-ancestor-wrapper',
+    expectedResolvedEntryId: '1UFf7qr4mHET3HYuYmcpEj',
   },
 ]
 
@@ -72,16 +76,15 @@ test.describe('entry click tracking', () => {
           .poll(async () => await readResolvedEntryId(page, scenario.entryTestId), {
             message: `${scenario.name}: resolved entry id should be available`,
           })
-          .not.toEqual('')
+          .toEqual(scenario.expectedResolvedEntryId)
 
-        const resolvedEntryId = await readResolvedEntryId(page, scenario.entryTestId)
         const target = page.getByTestId(scenario.clickTargetTestId)
 
         await target.scrollIntoViewIfNeeded()
         await target.click()
 
         await expect(
-          page.getByTestId(resolvedEntryId).filter({
+          page.getByTestId(scenario.expectedResolvedEntryId).filter({
             hasText: 'component_click',
           }),
         ).toBeVisible()
diff --git a/implementations/node-sdk+web-sdk/e2e/entry-view-tracking.spec.ts b/implementations/node-sdk+web-sdk/e2e/entry-view-tracking.spec.ts
index e49de6b3..20e91c8d 100644
--- a/implementations/node-sdk+web-sdk/e2e/entry-view-tracking.spec.ts
+++ b/implementations/node-sdk+web-sdk/e2e/entry-view-tracking.spec.ts
@@ -16,6 +16,20 @@ const variantEntryTexts: Record<string, string> = {
     'This is a baseline content entry for all identified or unidentified users.',
 }
 
+const baselineEntryTexts: Record<string, string> = {
+  '1JAU028vQ7v6nB2swl3NBo': 'This is a level 0 nested baseline entry.',
+  '5i4SdJXw9oDEY0vgO7CwF4': 'This is a level 1 nested baseline entry.',
+  uaNY4YJ0HFPAX3gKXiRdX: 'This is a level 2 nested baseline entry.',
+  '4ib0hsHWoSOnCVdDkizE8d': 'This is a baseline content entry for visitors from any continent.',
+  xFwgG3oNaOcjzWiGe4vXo: 'This is a baseline content entry for all visitors using any device.',
+  '2Z2WLOx07InSewC3LUB3eX': 'This is a baseline content entry for all users.',
+  '5XHssysWUDECHzKLzoIsg1': 'This is a baseline content entry for an A/B/C experiment: A',
+  '6zqoWXyiSrf0ja7I2WGtYj':
+    'This is a baseline content entry for all visitors with or without a custom event.',
+  '7pa5bOx8Z9NmNcr7mISvD':
+    'This is a baseline content entry for all identified or unidentified users.',
+}
+
 test.describe('entry view tracking', () => {
   test.describe('without consent', () => {
     test.beforeEach(async ({ page }) => {
@@ -24,14 +38,14 @@ test.describe('entry view tracking', () => {
       await page.waitForLoadState('domcontentloaded')
     })
 
-    test('page event has been emitted', async ({ page }) => {
+    test('page event has not been emitted', async ({ page }) => {
       await expect(
         page.getByRole('listitem').filter({ has: page.getByRole('button', { name: 'page' }) }),
-      ).toBeVisible()
+      ).toHaveCount(0)
     })
 
     test('entry view events have not been emitted', async ({ page }) => {
-      for (const entryText of Object.values(variantEntryTexts)) {
+      for (const entryText of Object.values(baselineEntryTexts)) {
         const element = page.getByText(entryText)
 
         await element.scrollIntoViewIfNeeded()
@@ -51,6 +65,9 @@ test.describe('entry view tracking', () => {
 
       const consent = page.getByRole('button', { name: 'Accept Consent' })
       await consent.click()
+      await expect(
+        page.getByText('This is a variant content entry for an A/B/C experiment: B'),
+      ).toBeVisible()
     })
 
     test('page event has been emitted', async ({ page }) => {
@@ -65,7 +82,8 @@ test.describe('entry view tracking', () => {
 
         if (!entryText) continue
 
-        const element = page.getByText(entryText)
+        const element = page.getByText(entryText).first()
+        await expect(element).toBeVisible()
 
         await element.scrollIntoViewIfNeeded()
 
diff --git a/implementations/node-sdk+web-sdk/src/app.ts b/implementations/node-sdk+web-sdk/src/app.ts
index 85e7e87c..14086c90 100644
--- a/implementations/node-sdk+web-sdk/src/app.ts
+++ b/implementations/node-sdk+web-sdk/src/app.ts
@@ -50,6 +50,7 @@ const config = {
 } as const
 
 const sdk = new ContentfulOptimization(config.optimization)
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
 
 function requireContentfulLocale(contentfulLocale: string | undefined): string {
   if (contentfulLocale !== undefined) return contentfulLocale
@@ -64,6 +65,12 @@ interface ProfileResult {
   readonly contentfulLocale: string
   readonly optimizationData: OptimizationData | undefined
 }
+interface RenderResponseOptions {
+  readonly appConsent: boolean | undefined
+  readonly contentfulLocale: string
+  readonly id?: string
+  readonly userId?: string
+}
 
 function toStringValue(value: QsValue): string | null {
   if (value === undefined) return null
@@ -104,80 +111,126 @@ function getUniversalEventBuilderArgs(
   }
 }
 
+function getCookieValue(cookies: unknown, name: string): string | undefined {
+  if (typeof cookies !== 'object' || cookies === null) return undefined
+
+  const value: unknown = Reflect.get(cookies, name)
+
+  return typeof value === 'string' ? value : undefined
+}
+
 function getAnonymousIdFromCookies(cookies: unknown): string | undefined {
-  // eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion -- req.cookies is of type any
-  return (cookies as Record<string, string>)[ANONYMOUS_ID_COOKIE] ?? undefined
+  return getCookieValue(cookies, ANONYMOUS_ID_COOKIE)
 }
 
-function respond(res: Response, id: string, contentfulLocale: string, userId?: string): void {
-  res.cookie(ANONYMOUS_ID_COOKIE, id, {
-    path: '/',
-    sameSite: 'lax', // good default for same-site apps
-  })
+function getAppConsentFromCookies(cookies: unknown): boolean | undefined {
+  const consent = getCookieValue(cookies, APP_PERSONALIZATION_CONSENT_COOKIE)
 
-  res.render('index', { config, contentfulLocale, identified: userId })
+  if (consent === 'granted') return true
+  if (consent === 'denied') return false
+
+  return undefined
+}
+
+function respond(
+  res: Response,
+  { appConsent, contentfulLocale, id, userId }: RenderResponseOptions,
+): void {
+  if (appConsent === true && id) {
+    res.cookie(ANONYMOUS_ID_COOKIE, id, {
+      path: '/',
+      sameSite: 'lax', // good default for same-site apps
+    })
+  } else {
+    res.clearCookie(ANONYMOUS_ID_COOKIE, { path: '/' })
+  }
+
+  res.render('index', {
+    config,
+    appConsent: appConsent ?? null,
+    contentfulLocale,
+    identified: userId,
+  })
 }
 
 async function getProfile(
   req: Request,
+  appConsent: boolean | undefined,
   userId?: string,
   anonymousId?: string,
 ): Promise<ProfileResult> {
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(req)
   const resolvedContentfulLocale = requireContentfulLocale(contentfulLocale)
+
+  if (appConsent !== true) {
+    return {
+      contentfulLocale: resolvedContentfulLocale,
+      optimizationData: undefined,
+    }
+  }
+
   const args = getUniversalEventBuilderArgs(req, eventLocale)
   const experienceRequestOptions = { locale: resolvedContentfulLocale }
   const cookieProfile = anonymousId ? { id: anonymousId } : undefined
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: args,
+    experienceOptions: experienceRequestOptions,
+    profile: cookieProfile,
+  })
 
   if (!userId) {
     return {
       contentfulLocale: resolvedContentfulLocale,
-      optimizationData: await sdk.page(
-        { ...args, profile: cookieProfile },
-        experienceRequestOptions,
-      ),
+      optimizationData: await requestOptimization.page(),
     }
   }
 
-  const identifyResponse = await sdk.identify(
-    {
-      ...args,
-      userId,
-      profile: cookieProfile,
-      traits: { identified: true },
-    },
-    experienceRequestOptions,
-  )
+  await requestOptimization.identify({
+    userId,
+    traits: { identified: true },
+  })
 
   return {
     contentfulLocale: resolvedContentfulLocale,
-    optimizationData: await sdk.page(
-      {
-        ...args,
-        profile: cookieProfile ?? { id: identifyResponse.profile.id },
-      },
-      experienceRequestOptions,
-    ),
+    optimizationData: await requestOptimization.page(),
   }
 }
 
 app.get('/', limiter, async (req, res) => {
-  const { contentfulLocale, optimizationData } = await getProfile(req)
+  const appConsent = getAppConsentFromCookies(req.cookies)
+  const { contentfulLocale, optimizationData } = await getProfile(req, appConsent)
 
-  respond(res, optimizationData?.profile.id ?? '', contentfulLocale)
+  respond(res, {
+    appConsent,
+    contentfulLocale,
+    id: optimizationData?.profile.id,
+  })
 })
 app.get('/smoke-test', limiter, (_, res) => {
   res.render('index', {
+    appConsent: null,
     config,
     contentfulLocale: config.optimization.contentfulLocales.default,
   })
 })
 app.get('/user/:id', limiter, async (req, res) => {
   const anonymousId = getAnonymousIdFromCookies(req.cookies)
+  const appConsent = getAppConsentFromCookies(req.cookies)
   const userId = Array.isArray(req.params.id) ? req.params.id[0] : req.params.id
-  const { contentfulLocale, optimizationData } = await getProfile(req, userId, anonymousId)
+  const { contentfulLocale, optimizationData } = await getProfile(
+    req,
+    appConsent,
+    userId,
+    anonymousId,
+  )
 
-  respond(res, optimizationData?.profile.id ?? '', contentfulLocale, userId)
+  respond(res, {
+    appConsent,
+    contentfulLocale,
+    id: optimizationData?.profile.id,
+    userId,
+  })
 })
 app.use('/dist', express.static('./public/dist'))
 
diff --git a/implementations/node-sdk+web-sdk/src/index.ejs b/implementations/node-sdk+web-sdk/src/index.ejs
index 2bf6ba2b..cc6d8ade 100644
--- a/implementations/node-sdk+web-sdk/src/index.ejs
+++ b/implementations/node-sdk+web-sdk/src/index.ejs
@@ -202,6 +202,7 @@
     <script>
       const CONFIG = <%- JSON.stringify(config) %>
       const CONTENTFUL_LOCALE = <%- JSON.stringify(contentfulLocale) %>
+      const SERVER_APP_CONSENT = <%- JSON.stringify(appConsent) %>
     </script>
     <script>
       /* --- Standard Initialization Code --- */
@@ -209,6 +210,9 @@
       let contentfulClient = contentful.createClient(CONFIG.contentful)
       window.contentfulOptimization = new ContentfulOptimization({
         ...CONFIG.optimization,
+        ...(typeof SERVER_APP_CONSENT === 'boolean'
+          ? { defaults: { consent: SERVER_APP_CONSENT } }
+          : {}),
         autoTrackEntryInteraction: { views: true, clicks: true, hovers: true },
         locale: CONTENTFUL_LOCALE,
         app: { name: document.title, version: '0.0.0' },
@@ -221,13 +225,16 @@
         nonce: 'nonce-string',
       })
 
-      // Emit page event
-      contentfulOptimization.page()
-
       /* --- Utility Functionality (for E2E) --- */
 
       const consent = document.getElementById('consent')
       const unconsent = document.getElementById('unconsent')
+      const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+      function setAppConsentCookie(consented) {
+        const value = consented ? 'granted' : 'denied'
+        document.cookie = `${APP_PERSONALIZATION_CONSENT_COOKIE}=${value}; Path=/; SameSite=Lax`
+      }
 
       function toggleConsent(consented = false) {
         if (consented) {
@@ -352,6 +359,7 @@
       }
 
       let renderEntriesPromise = Promise.resolve()
+      let pageEventEmittedForCurrentConsent = false
 
       // Render optimized entries
       async function renderOptimizedEntry(rawEntry, element, autoObserve = true) {
@@ -473,7 +481,18 @@
       }
 
       contentfulOptimization.states.consent.subscribe((consent) => {
+        if (typeof consent === 'boolean') setAppConsentCookie(consent)
         toggleConsent(consent)
+
+        if (consent !== true) {
+          pageEventEmittedForCurrentConsent = false
+          return
+        }
+
+        if (!pageEventEmittedForCurrentConsent) {
+          pageEventEmittedForCurrentConsent = true
+          void contentfulOptimization.page()
+        }
       })
 
       contentfulOptimization.states.eventStream.subscribe((event) => {
@@ -532,6 +551,8 @@
         const booleanFlag = contentfulOptimization.getFlag('boolean')
         console.log('Flag "boolean" value:', booleanFlag)
       })
+
+      void scheduleRenderEntries()
     </script>
   </body>
 </html>
diff --git a/implementations/node-sdk/AGENTS.md b/implementations/node-sdk/AGENTS.md
index 9199e1f3..e236661f 100644
--- a/implementations/node-sdk/AGENTS.md
+++ b/implementations/node-sdk/AGENTS.md
@@ -1,42 +1,21 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+Node SSR reference implementation for `@contentful/optimization-node`.
 
-## Scope
+## Rules
 
-This is the Node SSR reference implementation for `@contentful/optimization-node`.
-
-## Key paths
-
-- `src/`
-- `e2e/`
-- `.env.example`
-
-## Local rules
-
-- Keep this app minimal and documentation-oriented. Reusable SDK behavior belongs in
-  `packages/node/node-sdk`, not here.
-- This implementation uses local mock defaults from `.env.example`.
-- `serve` uses PM2-managed processes. Prefer `serve:stop` over broad PM2 cleanup.
-
-## Common failure modes
-
-- Playwright reports a missing browser or executable: run `pnpm playwright:install` before retrying
-  E2E.
-- The app or mocks fail to bind local ports such as `3000` or `8000`: stop only this
-  implementation's local processes with `pnpm implementation:run -- node-sdk serve:stop`.
+- Keep this app minimal and documentation-oriented; reusable Node SDK behavior belongs in
+  `packages/node/node-sdk`.
+- Local mock defaults come from `.env.example`.
+- `serve` uses PM2-managed processes; use `serve:stop` when done.
 
 ## Commands
 
-- `pnpm implementation:run -- node-sdk implementation:install`
-- `pnpm implementation:run -- node-sdk typecheck`
-- `pnpm implementation:run -- node-sdk serve`
-- `pnpm implementation:run -- node-sdk serve:stop`
-- `pnpm implementation:run -- node-sdk implementation:test:e2e:run`
+- `pnpm implementation:run -- node-sdk <script>` with `implementation:install`, `typecheck`,
+  `serve`, `serve:stop`, or `implementation:test:e2e:run`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for local code changes.
 - Run Playwright E2E for user-visible behavior, routing, cookie/session flow, or SDK integration
   changes.
-- There are no meaningful unit tests here.
diff --git a/implementations/node-sdk/README.md b/implementations/node-sdk/README.md
index 4a3e558d..0b4629ac 100644
--- a/implementations/node-sdk/README.md
+++ b/implementations/node-sdk/README.md
@@ -25,7 +25,9 @@ This is a reference implementation for the
 [Contentful Optimization SDK Suite](../../README.md).
 
 The server creates one stateless Node SDK instance at module load and passes request-specific
-options directly to stateless event methods inside each incoming request handler.
+options directly to stateless event methods inside each incoming request handler. Because the
+application explicitly decides when to call the Node SDK, emitted Node events use the SDK's default
+consented event label.
 
 > [!WARNING]
 >
diff --git a/implementations/node-sdk/src/app.ts b/implementations/node-sdk/src/app.ts
index 771ab633..996de326 100644
--- a/implementations/node-sdk/src/app.ts
+++ b/implementations/node-sdk/src/app.ts
@@ -180,26 +180,28 @@ app.get('/', limiter, async (req, res) => {
   const resolvedContentfulLocale = requireContentfulLocale(contentfulLocale)
   const universalEventBuilderArgs = getUniversalEventBuilderArgs(req, eventLocale)
   const experienceRequestOptions = { locale: resolvedContentfulLocale }
+  const requestOptimization = sdk.forRequest({
+    consent: true,
+    eventContext: universalEventBuilderArgs,
+    experienceOptions: experienceRequestOptions,
+  })
 
   const userId = isNonEmptyString(req.query.userId) ? req.query.userId.trim() : undefined
-
-  const optimizationResponse: OptimizationData = isNonEmptyString(userId)
+  const optimizationResponse: OptimizationData | undefined = isNonEmptyString(userId)
     ? await (async (): Promise<OptimizationData> => {
-        const pageResponse = await sdk.page(
-          { ...universalEventBuilderArgs },
-          experienceRequestOptions,
-        )
-        return await sdk.identify(
-          {
-            ...universalEventBuilderArgs,
-            userId,
-            traits: { identified: true },
-            profile: pageResponse.profile,
-          },
-          experienceRequestOptions,
-        )
+        const pageResponse = await requestOptimization.page()
+        const identifyResponse = await requestOptimization.identify({
+          userId,
+          traits: { identified: true },
+        })
+
+        return identifyResponse ?? pageResponse ?? failOptimizationResponse()
       })()
-    : await sdk.page({ ...universalEventBuilderArgs }, experienceRequestOptions)
+    : await requestOptimization.page()
+
+  if (optimizationResponse === undefined) {
+    throw new Error('Expected Optimization data for consented Node SDK request.')
+  }
 
   const { profile, selectedOptimizations } = optimizationResponse
 
@@ -260,3 +262,7 @@ app.listen(port, () => {
 })
 
 export default app
+
+function failOptimizationResponse(): never {
+  throw new Error('Expected Optimization data for consented Node SDK request.')
+}
diff --git a/implementations/react-native-sdk/AGENTS.md b/implementations/react-native-sdk/AGENTS.md
index 777a0bfe..dbcdf57d 100644
--- a/implementations/react-native-sdk/AGENTS.md
+++ b/implementations/react-native-sdk/AGENTS.md
@@ -1,48 +1,39 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+React Native reference implementation for `@contentful/optimization-react-native`.
 
-## Scope
+## Rules
 
-This is the React Native reference implementation for `@contentful/optimization-react-native`.
-
-## Key paths
-
-- `components/`
-- `screens/`
-- `sections/`
-- `utils/`
-- `e2e/`
-- `scripts/`
-- `.env.example`
-
-## Local rules
-
-- Keep this app focused on demonstrating SDK usage. Reusable SDK behavior belongs in
-  `packages/react-native-sdk`.
-- This implementation is heavier to run than the web and Node implementations because it uses React
-  Native tooling plus Detox.
-- Ensure an Android emulator is running before Android Detox flows.
-
-## Common failure modes
-
-- Detox cannot launch or attach to a device: confirm an Android emulator is already running before
-  retrying.
-- Metro or React Native tooling reports a port `8081` conflict: use
-  `pnpm implementation:run -- react-native-sdk start:clean` or otherwise stop only the conflicting
-  local process.
+- Keep reusable SDK behavior in `packages/react-native-sdk`.
+- React Native plus Detox flows are heavier than the web and Node implementations.
+- Prefer the one-shot Android Detox runner for local E2E. It creates `.env` from `.env.example`,
+  starts mocks and Metro, builds through Detox, runs tests, writes logs, and cleans up its own child
+  processes.
+- A missing `adb devices` entry before the Detox runner starts is not proof that RN E2E cannot run
+  on this machine; Detox can launch the configured emulator during the test run. Report the runner's
+  actual failure if setup does not complete.
+- For Metro port `8081` conflicts, use `pnpm implementation:run -- react-native-sdk start:clean` or
+  stop only the conflicting local process.
 
 ## Commands
 
-- `pnpm implementation:run -- react-native-sdk implementation:install`
-- `pnpm implementation:run -- react-native-sdk typecheck`
-- `pnpm implementation:run -- react-native-sdk test`
-- `pnpm implementation:run -- react-native-sdk test:e2e:android:build`
-- `pnpm implementation:run -- react-native-sdk test:e2e:android:run`
-- `pnpm implementation:run -- react-native-sdk test:e2e:android:full`
-
-## Usually validate
+- Install local package tarballs after package changes:
+  `pnpm implementation:run -- react-native-sdk implementation:install`
+- Typecheck: `pnpm implementation:run -- react-native-sdk typecheck`
+- Lint: `pnpm implementation:run -- react-native-sdk lint`
+- Full local Android Detox flow: `pnpm implementation:run -- react-native-sdk test:e2e:android:full`
+- Target one Android Detox file:
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:full -- --test-file e2e/<file>.test.js`
+- Target one Android Detox test name:
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:full -- -t "<name pattern>"`
+- Build/run split when reusing artifacts:
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:build` then
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:run -- e2e/<file>.test.js`
+- `test` is plain Jest for app-level tests, not the Detox E2E path. If it fails in setup before
+  reaching app assertions, do not use that result to claim RN E2E cannot run locally.
+
+## Validate
 
 - Run `typecheck` for local changes.
-- Run `test` for app-level Jest changes when they are relevant.
+- Run `test` only for relevant app-level Jest changes after confirming the Jest setup is the target.
 - Run Android Detox for runtime tracking, offline behavior, navigation, or end-to-end UX changes.
diff --git a/implementations/react-native-sdk/App.tsx b/implementations/react-native-sdk/App.tsx
index a2c17c7e..cd137c83 100644
--- a/implementations/react-native-sdk/App.tsx
+++ b/implementations/react-native-sdk/App.tsx
@@ -54,7 +54,6 @@ function AppContent(): React.JSX.Element {
   const [showLiveUpdatesTest, setShowLiveUpdatesTest] = useState<boolean>(false)
 
   useEffect(() => {
-    sdk.consent(true)
     void sdk.page({ properties: { url: 'app' } })
 
     const subscription = sdk.states.profile.subscribe((profile) => {
@@ -175,7 +174,11 @@ function AppContent(): React.JSX.Element {
 
 function App(): React.JSX.Element {
   return (
-    <OptimizationProvider {...ENV_CONFIG.optimization} logLevel="debug">
+    <OptimizationProvider
+      {...ENV_CONFIG.optimization}
+      defaults={{ consent: true }}
+      logLevel="debug"
+    >
       <AppContent />
     </OptimizationProvider>
   )
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/AGENTS.md b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/AGENTS.md
index 84be558f..7d48efbf 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/AGENTS.md
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/AGENTS.md
@@ -1,55 +1,26 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first.
+Next.js App Router hybrid SSR + CSR takeover reference implementation: Node SDK resolves first
+paint, then React Web SDK re-resolves entries after hydration and on client-side profile changes.
 
-## Scope
+## Rules
 
-This is the Next.js Hybrid SSR + CSR Takeover reference implementation. It combines
-`@contentful/optimization-node` for server-side first-paint resolution with
-`@contentful/optimization-react-web` for client-side reactivity after hydration.
-
-This represents a customer setup where:
-
-- First paint is server-resolved (no flicker)
-- After hydration, the React Web SDK takes over for entry resolution
-- Identify, consent, and reset re-resolve entries immediately (no server roundtrip)
-- Subsequent navigations via `<Link>` are SPA-style (client-resolved)
-- Some routes are Server Components (SSR-resolved), others are Client Components (CSR-resolved)
-
-Contrast with (`react-web-sdk+node-sdk_nextjs-ssr`) where content is static until the next server
-roundtrip — there the React Web SDK only handles events/tracking, never entry resolution.
-
-## Key Paths
-
-- `app/` — Next.js App Router (mix of Server and Client Components)
-- `lib/` — SDK config, Contentful client, Node SDK singleton
-- `components/` — ClientProviderWrapper, client-resolved page components
-- `middleware.ts` — cookie lifecycle (same as )
-- `.env.example`
-
-## Local Rules
-
-- Next.js App Router only. No Pages Router.
-- Server Components import only from `@contentful/optimization-node`.
-- Client Components (`"use client"`) import only from `@contentful/optimization-react-web`.
-- Landing/SEO pages should be Server Components with Node SDK resolution.
-- Interactive/reactive pages should be Client Components using `<OptimizedEntry>` or
-  `resolveEntry()`.
+- App Router only; no Pages Router.
+- Server Components import only from `@contentful/optimization-node`; Client Components import only
+  from `@contentful/optimization-react-web`.
+- Landing/SEO pages should be Server Components; interactive/reactive pages should be Client
+  Components using `<OptimizedEntry>` or `resolveEntry()`.
 - Use `liveUpdates={true}` on `<OptimizedEntry>` for entries that should re-resolve on profile
-  change.
-- Use the SDK's `OptimizationRoot` directly — no custom provider wrappers around it.
-- If you changed a consumed package, run `pnpm build:pkgs` and reinstall before trusting results.
+  changes.
+- Use the SDK's `OptimizationRoot` directly; do not add custom provider wrappers around it.
+- If consumed packages changed, run `pnpm build:pkgs` and reinstall before trusting results.
 
 ## Commands
 
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr implementation:install`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr typecheck`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr build`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr dev`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr serve`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr serve:stop`
+- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr-csr <script>` with
+  `implementation:install`, `typecheck`, `build`, `dev`, `serve`, or `serve:stop`.
 
-## Usually Validate
+## Validate
 
 - Run `typecheck` for local code changes.
-- Run `build` when changing production bundling behavior.
+- Run `build` for production bundling changes.
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/README.md b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/README.md
index 0b7c9218..35a4970b 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/README.md
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/README.md
@@ -75,17 +75,17 @@ for the entry contract.
 │ FIRST REQUEST (Server — identical to nextJs-ssr)                       │
 │                                                                     │
 │  1. Middleware (Edge Runtime)                                       │
-│     ├─ Read `ctfl-opt-aid` cookie from request                     │
-│     ├─ Call Node SDK `sdk.page()` with request context + profile    │
-│     └─ Set `ctfl-opt-aid` cookie on response with profile.id       │
+│     ├─ Read consent + `ctfl-opt-aid` cookies from request          │
+│     ├─ Clear `ctfl-opt-aid` and skip SDK calls without app consent │
+│     └─ With consent, call `requestOptimization.page()` and persist ID │
 │                                                                     │
 │  2. Server Component (landing page)                                 │
-│     ├─ Read `ctfl-opt-aid` cookie                                  │
-│     ├─ Fetch entries from CDA + call `sdk.page()` in parallel      │
-│     ├─ `sdk.resolveOptimizedEntry()` for each entry                │
-│     └─ Render personalized HTML (zero client JS for content)        │
+│     ├─ Read app consent + `ctfl-opt-aid` cookies                    │
+│     ├─ Fetch entries from CDA                                      │
+│     ├─ With consent, call `requestOptimization.page()`              │
+│     └─ Render baseline or personalized HTML                        │
 │                                                                     │
-│  ↓ HTML response with personalized content                          │
+│  ↓ HTML response with baseline or personalized content              │
 └─────────────────────────────────────────────────────────────────────┘
 
 ┌─────────────────────────────────────────────────────────────────────┐
@@ -154,8 +154,11 @@ function ClientResolvedEntry({ entry }) {
 
 ### 4. Cookie bridge (same as nextJs-ssr)
 
-Middleware creates `ctfl-opt-aid`, Server Components read it, and the Web SDK picks it up from
-`document.cookie` on hydration. Same identity across server and client.
+Middleware creates `ctfl-opt-aid` only when the application-owned consent cookie permits profile
+continuity. When consent is missing or denied, middleware clears `ctfl-opt-aid` and skips Node SDK
+calls. Server Components render baseline content until a consented request permits server
+personalization, and the Web SDK picks the shared cookie up from `document.cookie` on hydration once
+continuity is allowed.
 
 ### 5. `<Link>` for SPA navigation
 
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/layout.tsx b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/layout.tsx
index 11ef83bb..21e3b211 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/layout.tsx
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/layout.tsx
@@ -26,18 +26,18 @@ export default async function RootLayout({
   const resolvedContentfulLocale = requireContentfulLocale(contentfulLocale)
   const optimizationData = await getOptimizationData(eventLocale, resolvedContentfulLocale)
   const htmlLang = getHtmlLang(resolvedContentfulLocale)
+  const defaults = optimizationData
+    ? {
+        profile: optimizationData.profile,
+        selectedOptimizations: optimizationData.selectedOptimizations,
+        changes: optimizationData.changes,
+      }
+    : undefined
 
   return (
     <html lang={htmlLang} className="h-full antialiased">
       <body className="min-h-full flex flex-col">
-        <ClientProviderWrapper
-          contentfulLocale={resolvedContentfulLocale}
-          defaults={{
-            profile: optimizationData.profile,
-            selectedOptimizations: optimizationData.selectedOptimizations,
-            changes: optimizationData.changes,
-          }}
-        >
+        <ClientProviderWrapper contentfulLocale={resolvedContentfulLocale} defaults={defaults}>
           {children}
         </ClientProviderWrapper>
       </body>
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/page.tsx b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/page.tsx
index 85efab41..535b759a 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/page.tsx
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/app/page.tsx
@@ -18,10 +18,9 @@ export default async function Home() {
   ])
 
   const resolvedEntries = baselineEntries.map((entry: ContentEntry) => {
-    const { entry: resolved } = sdk.resolveOptimizedEntry(
-      entry,
-      optimizationData.selectedOptimizations,
-    )
+    const { entry: resolved } = optimizationData
+      ? sdk.resolveOptimizedEntry(entry, optimizationData.selectedOptimizations)
+      : { entry }
     return resolved
   })
 
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/components/InteractiveControls.tsx b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/components/InteractiveControls.tsx
index d6f1c4f3..f43f937c 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/components/InteractiveControls.tsx
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/components/InteractiveControls.tsx
@@ -4,6 +4,13 @@ import { useOptimizationContext } from '@contentful/optimization-react-web'
 import type { Profile } from '@contentful/optimization-react-web/api-schemas'
 import { type JSX, useEffect, useMemo, useState } from 'react'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function setAppConsentCookie(consented: boolean): void {
+  const value = consented ? 'granted' : 'denied'
+  document.cookie = `${APP_PERSONALIZATION_CONSENT_COOKIE}=${value}; Path=/; SameSite=Lax`
+}
+
 export function InteractiveControls(): JSX.Element {
   const { sdk, isReady } = useOptimizationContext()
   const [consent, setConsent] = useState<boolean | undefined>(undefined)
@@ -16,6 +23,7 @@ export function InteractiveControls(): JSX.Element {
 
     const consentSub = sdk.states.consent.subscribe((value: boolean | undefined) => {
       setConsent(value)
+      if (typeof value === 'boolean') setAppConsentCookie(value)
     })
 
     const profileSub = sdk.states.profile.subscribe((value: Profile | undefined) => {
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/lib/optimization-server.ts b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/lib/optimization-server.ts
index a27019a7..478eb093 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/lib/optimization-server.ts
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/lib/optimization-server.ts
@@ -4,6 +4,8 @@ import { cookies, headers } from 'next/headers'
 import { cache } from 'react'
 import { optimizationConfig } from './config'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
 const sdk = new ContentfulOptimization({
   clientId: optimizationConfig.clientId,
   environment: optimizationConfig.environment,
@@ -19,18 +21,24 @@ const sdk = new ContentfulOptimization({
 const getOptimizationData = cache(async (eventLocale: string, contentfulLocale: string) => {
   const cookieStore = await cookies()
   const headerStore = await headers()
+  const appConsent = cookieStore.get(APP_PERSONALIZATION_CONSENT_COOKIE)?.value === 'granted'
+
+  if (!appConsent) return undefined
 
   const anonymousId = cookieStore.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
 
-  return sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
       userAgent: headerStore.get('user-agent') ?? 'next-js-server',
-      profile,
     },
-    { locale: contentfulLocale },
-  )
+    experienceOptions: { locale: contentfulLocale },
+    profile,
+  })
+
+  return requestOptimization.page()
 })
 
 function requireContentfulLocale(contentfulLocale: string | undefined): string {
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/middleware.ts b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/middleware.ts
index 2b130736..60820fdb 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/middleware.ts
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr-csr/middleware.ts
@@ -2,15 +2,35 @@ import { requireContentfulLocale, sdk } from '@/lib/optimization-server'
 import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { type NextRequest, NextResponse } from 'next/server'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function getAppConsent(request: NextRequest): boolean | undefined {
+  const consent = request.cookies.get(APP_PERSONALIZATION_CONSENT_COOKIE)?.value
+
+  if (consent === 'granted') return true
+  if (consent === 'denied') return false
+
+  return undefined
+}
+
 export async function middleware(request: NextRequest): Promise<NextResponse> {
+  const appConsent = getAppConsent(request)
+  const response = NextResponse.next()
+
+  if (appConsent !== true) {
+    response.cookies.delete(ANONYMOUS_ID_COOKIE)
+    return response
+  }
+
   const anonymousId = request.cookies.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(request)
   const resolvedContentfulLocale = requireContentfulLocale(contentfulLocale)
 
   const url = new URL(request.url)
-  const data = await sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
       userAgent: request.headers.get('user-agent') ?? 'next-js-server',
       page: {
@@ -20,14 +40,13 @@ export async function middleware(request: NextRequest): Promise<NextResponse> {
         search: url.search,
         url: request.url,
       },
-      profile,
     },
-    { locale: resolvedContentfulLocale },
-  )
-
-  const response = NextResponse.next()
+    experienceOptions: { locale: resolvedContentfulLocale },
+    profile,
+  })
+  const data = await requestOptimization.page()
 
-  if (data.profile.id) {
+  if (requestOptimization.canPersistProfile && data?.profile.id) {
     response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, {
       path: '/',
       sameSite: 'lax',
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr/AGENTS.md b/implementations/react-web-sdk+node-sdk_nextjs-ssr/AGENTS.md
index 436a41b1..639e2788 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr/AGENTS.md
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr/AGENTS.md
@@ -1,45 +1,24 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first.
+Next.js App Router SSR-primary reference implementation: Node SDK resolves personalized content on
+the server, while React Web SDK handles client tracking and interactive controls.
 
-## Scope
+## Rules
 
-This is the Next.js SSR hybrid reference implementation. The Node SDK resolves entries on the server
-(personalization is SSR). The React SDK hydrates on the client for event tracking and interactive
-controls (consent, identify, page views, clicks).
-
-This represents a customer setup where:
-
-- Personalized content is resolved server-side for fast first paint
-- Client-side JS is only used for tracking and interactive features
-- The same anonymous profile cookie bridges server and client
-
-## Key Paths
-
-- `app/` — Next.js App Router (single page, Server Component)
-- `lib/` — SDK config, Contentful client, Node SDK singleton
-- `components/` — ClientProviderWrapper (React SDK), InteractiveControls
-- `middleware.ts` — cookie lifecycle
-- `.env.example`
-
-## Local Rules
-
-- Next.js App Router only. No Pages Router.
-- Server Components must not import from `@contentful/optimization-react-web`.
-- Client components (`"use client"`) must not import from `@contentful/optimization-node`.
-- Use the SDK's `OptimizationRoot` directly — no custom provider wrappers around it.
-- If you changed a consumed package, run `pnpm build:pkgs` and reinstall before trusting results.
+- App Router only; no Pages Router.
+- Server Components import from `@contentful/optimization-node`, not
+  `@contentful/optimization-react-web`.
+- Client components (`"use client"`) import from `@contentful/optimization-react-web`, not
+  `@contentful/optimization-node`.
+- Use the SDK's `OptimizationRoot` directly; do not add custom provider wrappers around it.
+- If consumed packages changed, run `pnpm build:pkgs` and reinstall before trusting results.
 
 ## Commands
 
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr implementation:install`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr typecheck`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr build`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr dev`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr serve`
-- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr serve:stop`
+- `pnpm implementation:run -- react-web-sdk+node-sdk_nextjs-ssr <script>` with
+  `implementation:install`, `typecheck`, `build`, `dev`, `serve`, or `serve:stop`.
 
-## Usually Validate
+## Validate
 
 - Run `typecheck` for local code changes.
-- Run `build` when changing production bundling behavior.
+- Run `build` for production bundling changes.
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr/README.md b/implementations/react-web-sdk+node-sdk_nextjs-ssr/README.md
index 1fa20344..b5501d02 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr/README.md
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr/README.md
@@ -21,16 +21,16 @@ personalization decisions. The client owns all analytics and interactive concern
 
 ### Responsibility split
 
-| Concern                                          | Where it runs             | SDK used                                 |
-| ------------------------------------------------ | ------------------------- | ---------------------------------------- |
-| Anonymous ID cookie lifecycle                    | Middleware (Edge Runtime) | Node SDK                                 |
-| Profile resolution (`sdk.page()`)                | Server Component          | Node SDK                                 |
-| Entry variant resolution                         | Server Component          | Node SDK (`resolveOptimizedEntry`)       |
-| HTML rendering of personalized content           | Server Component          | None (plain React)                       |
-| Page view tracking                               | Client (after hydration)  | React Web SDK (`NextAppAutoPageTracker`) |
-| Entry interaction tracking (views/clicks/hovers) | Client (after hydration)  | React Web SDK (`trackEntryInteraction`)  |
-| Consent management                               | Client (after hydration)  | React Web SDK (`sdk.consent()`)          |
-| User identification                              | Client (after hydration)  | React Web SDK (`sdk.identify()`)         |
+| Concern                                           | Where it runs             | SDK used                                 |
+| ------------------------------------------------- | ------------------------- | ---------------------------------------- |
+| Anonymous ID cookie lifecycle                     | Middleware (Edge Runtime) | Node SDK                                 |
+| Profile resolution (`requestOptimization.page()`) | Server Component          | Node SDK                                 |
+| Entry variant resolution                          | Server Component          | Node SDK (`resolveOptimizedEntry`)       |
+| HTML rendering of personalized content            | Server Component          | None (plain React)                       |
+| Page view tracking                                | Client (after hydration)  | React Web SDK (`NextAppAutoPageTracker`) |
+| Entry interaction tracking (views/clicks/hovers)  | Client (after hydration)  | React Web SDK (`trackEntryInteraction`)  |
+| Consent management                                | Client (after hydration)  | React Web SDK (`sdk.consent()`)          |
+| User identification                               | Client (after hydration)  | React Web SDK (`sdk.identify()`)         |
 
 ### Behavioral expectations
 
@@ -64,18 +64,18 @@ for the entry contract.
 │ REQUEST PHASE (Server)                                              │
 │                                                                     │
 │  1. Middleware (Edge Runtime)                                       │
-│     ├─ Read `ctfl-opt-aid` cookie from request                     │
-│     ├─ Call Node SDK `sdk.page()` with request context + profile    │
-│     └─ Set `ctfl-opt-aid` cookie on response with profile.id       │
+│     ├─ Read consent + `ctfl-opt-aid` cookies from request          │
+│     ├─ Clear `ctfl-opt-aid` and skip SDK calls without app consent │
+│     └─ With consent, call `requestOptimization.page()` and persist ID │
 │                                                                     │
 │  2. Server Component (page.tsx)                                     │
-│     ├─ Read `ctfl-opt-aid` cookie (set by middleware in same cycle) │
+│     ├─ Read app consent + `ctfl-opt-aid` cookies                    │
 │     ├─ Fetch Contentful entries from CDA (in parallel)              │
-│     ├─ Call Node SDK `sdk.page()` → get selectedOptimizations       │
-│     ├─ For each entry: `sdk.resolveOptimizedEntry(entry, selected)` │
-│     └─ Render resolved entries as plain HTML                        │
+│     ├─ With consent, call `requestOptimization.page()`               │
+│     ├─ Without consent, keep baseline entries                       │
+│     └─ Render baseline or resolved entries as plain HTML            │
 │                                                                     │
-│  ↓ HTML response with personalized content                          │
+│  ↓ HTML response with baseline or personalized content              │
 └─────────────────────────────────────────────────────────────────────┘
 
 ┌─────────────────────────────────────────────────────────────────────┐
@@ -102,16 +102,33 @@ for the entry contract.
 
 ### 1. Cookie as the identity bridge
 
-The `ctfl-opt-aid` cookie is the **only shared state** between server and client. Middleware creates
-it, the Server Component reads it, and the Web SDK reads it from `document.cookie` after hydration.
-This ensures both sides operate on the same anonymous profile.
+The `ctfl-opt-aid` cookie is the shared profile-continuity state between server and client.
+Middleware creates it only when the application-owned consent cookie allows continuity, the Server
+Component reads it, and the Web SDK reads it from `document.cookie` after hydration. This ensures
+both sides operate on the same anonymous profile after consent allows that continuity.
 
 ```typescript
 // middleware.ts
+const appConsent = request.cookies.get('app-personalization-consent')?.value === 'granted'
+const response = NextResponse.next()
+
+if (!appConsent) {
+  response.cookies.delete(ANONYMOUS_ID_COOKIE)
+  return response
+}
+
 const anonymousId = request.cookies.get(ANONYMOUS_ID_COOKIE)?.value
 const profile = anonymousId ? { id: anonymousId } : undefined
-const data = await sdk.page({ ...requestContext, profile })
-response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, { path: '/', sameSite: 'lax' })
+const requestOptimization = sdk.forRequest({
+  consent: { events: true, persistence: true },
+  eventContext: requestContext,
+  profile,
+})
+const data = await requestOptimization.page()
+
+if (data.profile.id) {
+  response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, { path: '/', sameSite: 'lax' })
+}
 ```
 
 ### 2. Node SDK as a module-level singleton
@@ -163,7 +180,8 @@ automatically:
 
 | User action                                | Effect on displayed content             | When personalization updates |
 | ------------------------------------------ | --------------------------------------- | ---------------------------- |
-| First page load (anonymous)                | Baseline or variant per profile         | Immediate (server-resolved)  |
+| First page load without app consent        | Baseline content                        | Until consented request      |
+| First page load with app consent           | Baseline or variant per profile         | Immediate (server-resolved)  |
 | Grant/reject consent                       | No change to content                    | Next server request          |
 | Identify (`sdk.identify()`)                | No change to content                    | Next server request          |
 | Navigate to another page (full navigation) | New server-resolved content             | Immediate (new SSR)          |
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr/app/page.tsx b/implementations/react-web-sdk+node-sdk_nextjs-ssr/app/page.tsx
index bb86cb41..ea948ad0 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr/app/page.tsx
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr/app/page.tsx
@@ -6,6 +6,8 @@ import type { ContentEntry } from '@/types/contentful'
 import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { cookies, headers } from 'next/headers'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
 function getEntryText(entry: ContentEntry): string {
   return typeof entry.fields.text === 'string' ? entry.fields.text : 'No content'
 }
@@ -35,6 +37,7 @@ export default async function Home() {
   const headerStore = await headers()
 
   const anonymousId = cookieStore.get(ANONYMOUS_ID_COOKIE)?.value
+  const appConsent = cookieStore.get(APP_PERSONALIZATION_CONSENT_COOKIE)?.value === 'granted'
   const profile = anonymousId ? { id: anonymousId } : undefined
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(
     headerStore.get('accept-language'),
@@ -43,21 +46,25 @@ export default async function Home() {
 
   const [baselineEntries, optimizationData] = await Promise.all([
     fetchEntries(ENTRY_IDS, resolvedContentfulLocale),
-    sdk.page(
-      {
-        locale: eventLocale,
-        userAgent: headerStore.get('user-agent') ?? 'next-js-server',
-        profile,
-      },
-      { locale: resolvedContentfulLocale },
-    ),
+    appConsent
+      ? sdk
+          .forRequest({
+            consent: { events: true, persistence: true },
+            eventContext: {
+              locale: eventLocale,
+              userAgent: headerStore.get('user-agent') ?? 'next-js-server',
+            },
+            experienceOptions: { locale: resolvedContentfulLocale },
+            profile,
+          })
+          .page()
+      : undefined,
   ])
 
   const resolvedEntries = baselineEntries.map((entry) => {
-    const { entry: resolved } = sdk.resolveOptimizedEntry(
-      entry,
-      optimizationData.selectedOptimizations,
-    )
+    const { entry: resolved } = optimizationData
+      ? sdk.resolveOptimizedEntry(entry, optimizationData.selectedOptimizations)
+      : { entry }
     return resolved
   })
 
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr/components/InteractiveControls.tsx b/implementations/react-web-sdk+node-sdk_nextjs-ssr/components/InteractiveControls.tsx
index d6f1c4f3..f43f937c 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr/components/InteractiveControls.tsx
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr/components/InteractiveControls.tsx
@@ -4,6 +4,13 @@ import { useOptimizationContext } from '@contentful/optimization-react-web'
 import type { Profile } from '@contentful/optimization-react-web/api-schemas'
 import { type JSX, useEffect, useMemo, useState } from 'react'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function setAppConsentCookie(consented: boolean): void {
+  const value = consented ? 'granted' : 'denied'
+  document.cookie = `${APP_PERSONALIZATION_CONSENT_COOKIE}=${value}; Path=/; SameSite=Lax`
+}
+
 export function InteractiveControls(): JSX.Element {
   const { sdk, isReady } = useOptimizationContext()
   const [consent, setConsent] = useState<boolean | undefined>(undefined)
@@ -16,6 +23,7 @@ export function InteractiveControls(): JSX.Element {
 
     const consentSub = sdk.states.consent.subscribe((value: boolean | undefined) => {
       setConsent(value)
+      if (typeof value === 'boolean') setAppConsentCookie(value)
     })
 
     const profileSub = sdk.states.profile.subscribe((value: Profile | undefined) => {
diff --git a/implementations/react-web-sdk+node-sdk_nextjs-ssr/middleware.ts b/implementations/react-web-sdk+node-sdk_nextjs-ssr/middleware.ts
index 7bad7d8b..306fda80 100644
--- a/implementations/react-web-sdk+node-sdk_nextjs-ssr/middleware.ts
+++ b/implementations/react-web-sdk+node-sdk_nextjs-ssr/middleware.ts
@@ -2,17 +2,36 @@ import { requireContentfulLocale, sdk } from '@/lib/optimization-server'
 import { ANONYMOUS_ID_COOKIE } from '@contentful/optimization-node/constants'
 import { type NextRequest, NextResponse } from 'next/server'
 
+const APP_PERSONALIZATION_CONSENT_COOKIE = 'app-personalization-consent'
+
+function getAppConsent(request: NextRequest): boolean | undefined {
+  const consent = request.cookies.get(APP_PERSONALIZATION_CONSENT_COOKIE)?.value
+
+  if (consent === 'granted') return true
+  if (consent === 'denied') return false
+
+  return undefined
+}
+
 export async function middleware(request: NextRequest): Promise<NextResponse> {
+  const appConsent = getAppConsent(request)
+  const response = NextResponse.next()
+
+  if (appConsent !== true) {
+    response.cookies.delete(ANONYMOUS_ID_COOKIE)
+    return response
+  }
+
   const anonymousId = request.cookies.get(ANONYMOUS_ID_COOKIE)?.value
   const profile = anonymousId ? { id: anonymousId } : undefined
 
   const url = new URL(request.url)
   const { contentfulLocale, eventLocale } = sdk.resolveRequestLocale(request)
   const resolvedContentfulLocale = requireContentfulLocale(contentfulLocale)
-  const data = await sdk.page(
-    {
+  const requestOptimization = sdk.forRequest({
+    consent: { events: true, persistence: true },
+    eventContext: {
       locale: eventLocale,
-      userAgent: request.headers.get('user-agent') ?? 'next-js-server',
       page: {
         path: url.pathname,
         query: Object.fromEntries(url.searchParams),
@@ -20,14 +39,14 @@ export async function middleware(request: NextRequest): Promise<NextResponse> {
         search: url.search,
         url: request.url,
       },
-      profile,
+      userAgent: request.headers.get('user-agent') ?? 'next-js-server',
     },
-    { locale: resolvedContentfulLocale },
-  )
-
-  const response = NextResponse.next()
+    experienceOptions: { locale: resolvedContentfulLocale },
+    profile,
+  })
+  const data = await requestOptimization.page()
 
-  if (data.profile.id) {
+  if (requestOptimization.canPersistProfile && data?.profile.id) {
     response.cookies.set(ANONYMOUS_ID_COOKIE, data.profile.id, {
       path: '/',
       sameSite: 'lax',
diff --git a/implementations/react-web-sdk/AGENTS.md b/implementations/react-web-sdk/AGENTS.md
index 5f279429..6c6cb724 100644
--- a/implementations/react-web-sdk/AGENTS.md
+++ b/implementations/react-web-sdk/AGENTS.md
@@ -1,51 +1,24 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+React SPA reference implementation for the official `@contentful/optimization-react-web` surface.
 
-## Scope
+## Rules
 
-This is the React Web SDK reference implementation demonstrating
-`@contentful/optimization-react-web` usage in a React SPA. It is the counterpart to
-`implementations/web-sdk_react`, which builds its own adapter layer. This implementation uses the
-official React SDK surface directly — no local `src/optimization/` adapter directory.
-
-## Key paths
-
-- `src/`
-- `e2e/`
-- `scripts/`
-- `.env.example`
-
-## Local rules
-
-- Do not add a `src/optimization/` directory. All SDK usage comes from direct imports of
+- Do not add a local `src/optimization/` adapter; import SDK behavior directly from
   `@contentful/optimization-react-web`.
-- This implementation uses Rsbuild for consistency with the SDK toolchain.
-- Routing uses `createBrowserRouter` + `RouterProvider` (required by `ReactRouterAutoPageTracker`).
-  Do not switch to `BrowserRouter` + `Routes`.
-- `serve` uses PM2-managed processes. Use `serve:stop` when done.
-
-## Common failure modes
-
-- Playwright reports a missing browser or executable: run `pnpm playwright:install` before retrying
-  E2E.
-- The app or mocks fail to bind local ports such as `3000` or `8000`: stop only this
-  implementation's local processes with `pnpm implementation:run -- react-web-sdk serve:stop`.
+- This app is the counterpart to `web-sdk_react`, which builds its own adapter layer.
+- Routing uses `createBrowserRouter` + `RouterProvider`; do not switch to `BrowserRouter` +
+  `Routes`.
+- This implementation uses Rsbuild, and `serve` uses PM2-managed processes.
 
 ## Commands
 
-- `pnpm launch` or `./scripts/launch-reference-app.sh` — one-shot setup + dev server
-- `pnpm implementation:run -- react-web-sdk implementation:install`
-- `pnpm implementation:run -- react-web-sdk typecheck`
-- `pnpm implementation:run -- react-web-sdk build`
-- `pnpm implementation:run -- react-web-sdk dev`
-- `pnpm implementation:run -- react-web-sdk serve`
-- `pnpm implementation:run -- react-web-sdk serve:stop`
-- `pnpm implementation:run -- react-web-sdk implementation:test:e2e:run`
+- `pnpm launch` or `./scripts/launch-reference-app.sh`
+- `pnpm implementation:run -- react-web-sdk <script>` with `implementation:install`, `typecheck`,
+  `build`, `dev`, `serve`, `serve:stop`, or `implementation:test:e2e:run`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for local code changes.
-- Run `build` when changing production bundling behavior.
+- Run `build` for production bundling changes.
 - Run Playwright E2E for user-visible behavior, routing, event flow, or React integration changes.
-- There are no meaningful unit tests here.
diff --git a/implementations/react-web-sdk/e2e/displays-identified-user-variants.spec.ts b/implementations/react-web-sdk/e2e/displays-identified-user-variants.spec.ts
index af40aa26..da15b1f6 100644
--- a/implementations/react-web-sdk/e2e/displays-identified-user-variants.spec.ts
+++ b/implementations/react-web-sdk/e2e/displays-identified-user-variants.spec.ts
@@ -6,6 +6,9 @@ test.describe('identified user', () => {
     await page.waitForLoadState('domcontentloaded')
     await expect(page.getByRole('heading', { name: 'Utilities' })).toBeVisible()
 
+    await page.getByTestId('consent-button').click()
+    await expect(page.getByTestId('consent-status')).toHaveText('Consent: true')
+
     await page.getByTestId('live-updates-identify-button').click()
     await expect(page.getByTestId('live-updates-reset-button')).toBeVisible()
 
diff --git a/implementations/web-sdk/AGENTS.md b/implementations/web-sdk/AGENTS.md
index 34a49e24..e2522cb9 100644
--- a/implementations/web-sdk/AGENTS.md
+++ b/implementations/web-sdk/AGENTS.md
@@ -1,45 +1,21 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+Vanilla Web reference implementation for `@contentful/optimization-web`.
 
-## Scope
+## Rules
 
-This is the Web Vanilla reference implementation for `@contentful/optimization-web`.
-
-## Key paths
-
-- `public/`
-- `e2e/`
-- `nginx/`
-- `.env.example`
-- `docker-compose.yaml`
-
-## Local rules
-
-- Keep this app minimal and example-oriented. Reusable runtime logic belongs in
-  `packages/web/web-sdk`, not here.
+- Keep this app minimal and example-oriented; reusable runtime logic belongs in
+  `packages/web/web-sdk`.
 - `build` copies Web SDK and preview-panel assets into `public/dist`.
-- Docker is required for `serve:app` because the app is served through nginx on port `3000`.
-
-## Common failure modes
-
-- `serve` fails with Docker or container errors: confirm Docker is running before retrying.
-- Playwright reports a missing browser or executable: run `pnpm playwright:install` before retrying
-  E2E.
-- The app or mocks fail to bind local ports such as `3000` or `8000`: stop only this
-  implementation's local processes with `pnpm implementation:run -- web-sdk serve:stop`.
+- Docker is required for `serve:app`; nginx serves the app on port `3000`.
 
 ## Commands
 
-- `pnpm implementation:run -- web-sdk implementation:install`
-- `pnpm implementation:run -- web-sdk typecheck`
-- `pnpm implementation:run -- web-sdk build`
-- `pnpm implementation:run -- web-sdk serve`
-- `pnpm implementation:run -- web-sdk serve:stop`
-- `pnpm implementation:run -- web-sdk implementation:test:e2e:run`
+- `pnpm implementation:run -- web-sdk <script>` with `implementation:install`, `typecheck`, `build`,
+  `serve`, `serve:stop`, or `implementation:test:e2e:run`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for local changes.
-- Run `build` when changing static assets or SDK asset copying behavior.
+- Run `build` when changing static assets or SDK asset copying.
 - Run Playwright E2E for user-visible behavior, runtime tracking, or nginx-serving changes.
diff --git a/implementations/web-sdk/e2e/displays-identified-user-variants.spec.ts b/implementations/web-sdk/e2e/displays-identified-user-variants.spec.ts
index 028ec9cb..7bd0f6f5 100644
--- a/implementations/web-sdk/e2e/displays-identified-user-variants.spec.ts
+++ b/implementations/web-sdk/e2e/displays-identified-user-variants.spec.ts
@@ -6,6 +6,9 @@ test.describe('identified user', () => {
     await page.waitForLoadState('domcontentloaded')
     await page.waitForLoadState('networkidle')
 
+    await page.getByRole('button', { name: 'Accept Consent' }).click()
+    await expect(page.getByRole('button', { name: 'Reject Consent' })).toBeVisible()
+
     const identify = page.getByRole('button', { name: 'Identify' })
     await identify.click()
     await expect(page.getByRole('button', { name: 'Reset Profile' })).toBeVisible()
diff --git a/implementations/web-sdk_react/AGENTS.md b/implementations/web-sdk_react/AGENTS.md
index 368fa497..153eeccf 100644
--- a/implementations/web-sdk_react/AGENTS.md
+++ b/implementations/web-sdk_react/AGENTS.md
@@ -1,45 +1,21 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `implementations/AGENTS.md`, before this file.
+React reference implementation demonstrating direct `@contentful/optimization-web` usage in a React
+application.
 
-## Scope
+## Rules
 
-This is the React Web reference implementation used to demonstrate `@contentful/optimization-web`
-usage in a React application.
-
-## Key paths
-
-- `src/`
-- `e2e/`
-- `.env.example`
-
-## Local rules
-
-- Keep this app focused on example usage. Reusable React SDK abstractions belong in
-  `packages/web/frameworks/react-web-sdk`.
+- Keep reusable React SDK abstractions in `packages/web/frameworks/react-web-sdk`, not here.
 - This implementation uses Rsbuild for consistency with the SDK toolchain.
-- `serve` uses PM2-managed processes. Use `serve:stop` when done.
-
-## Common failure modes
-
-- Playwright reports a missing browser or executable: run `pnpm playwright:install` before retrying
-  E2E.
-- The app or mocks fail to bind local ports such as `3000` or `8000`: stop only this
-  implementation's local processes with `pnpm implementation:run -- web-sdk_react serve:stop`.
+- `serve` uses PM2-managed processes; use `serve:stop` when done.
 
 ## Commands
 
-- `pnpm implementation:run -- web-sdk_react implementation:install`
-- `pnpm implementation:run -- web-sdk_react typecheck`
-- `pnpm implementation:run -- web-sdk_react build`
-- `pnpm implementation:run -- web-sdk_react dev`
-- `pnpm implementation:run -- web-sdk_react serve`
-- `pnpm implementation:run -- web-sdk_react serve:stop`
-- `pnpm implementation:run -- web-sdk_react implementation:test:e2e:run`
+- `pnpm implementation:run -- web-sdk_react <script>` with `implementation:install`, `typecheck`,
+  `build`, `dev`, `serve`, `serve:stop`, or `implementation:test:e2e:run`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for local code changes.
-- Run `build` when changing production bundling behavior.
+- Run `build` for production bundling changes.
 - Run Playwright E2E for user-visible behavior, routing, event flow, or React integration changes.
-- There are no meaningful unit tests here.
diff --git a/implementations/web-sdk_react/e2e/displays-identified-user-variants.spec.ts b/implementations/web-sdk_react/e2e/displays-identified-user-variants.spec.ts
index af40aa26..da15b1f6 100644
--- a/implementations/web-sdk_react/e2e/displays-identified-user-variants.spec.ts
+++ b/implementations/web-sdk_react/e2e/displays-identified-user-variants.spec.ts
@@ -6,6 +6,9 @@ test.describe('identified user', () => {
     await page.waitForLoadState('domcontentloaded')
     await expect(page.getByRole('heading', { name: 'Utilities' })).toBeVisible()
 
+    await page.getByTestId('consent-button').click()
+    await expect(page.getByTestId('consent-status')).toHaveText('Consent: true')
+
     await page.getByTestId('live-updates-identify-button').click()
     await expect(page.getByTestId('live-updates-reset-button')).toBeVisible()
 
diff --git a/lib/build-tools/AGENTS.md b/lib/build-tools/AGENTS.md
index 8174f759..b8a9307f 100644
--- a/lib/build-tools/AGENTS.md
+++ b/lib/build-tools/AGENTS.md
@@ -1,35 +1,22 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first.
+Internal build helpers for package builds, declaration emission, build outputs, and bundle-size
+enforcement.
 
-## Scope
+## Rules
 
-This package contains internal build helpers used by workspace package builds, especially around
-build output, declaration emission, and shared bundle-size enforcement.
-
-## Key paths
-
-- `src/`
-- `bin/`
-
-## Local rules
-
-- Treat changes here as high-impact. Even a small helper change can affect many package builds.
-- Keep command-line interfaces and helper behavior stable unless the task explicitly changes them.
-- Prefer fixing build logic here rather than adding one-off build workarounds in downstream
-  packages.
-- Keep bundle-size logic centralized here. Package-specific thresholds belong in each package's
-  `package.json` under `buildTools.bundleSize.gzipBudgets`, not in duplicated scripts.
+- Treat changes here as high-impact; helper behavior can affect many packages.
+- Keep CLI contracts stable unless the task explicitly changes them.
+- Prefer fixing shared build logic here over downstream one-off workarounds.
+- Bundle-size thresholds belong in package `package.json` under `buildTools.bundleSize.gzipBudgets`.
 
 ## Commands
 
-- `pnpm --filter build-tools typecheck`
-- `pnpm --filter build-tools test:unit`
+- `pnpm --filter build-tools <script>` with `typecheck` or `test:unit`.
 
-## Usually validate
+## Validate
 
 - Always run `typecheck` and `test:unit`.
-- Also run at least one downstream package build, or `pnpm build`, when changing build behavior,
-  declaration emission, or bundle-size measurement logic.
-- Run `pnpm size:report` or `pnpm size:check` after changing bundle-size measurement logic or the
-  CLI contract.
+- Run at least one downstream package build, or `pnpm build`, for build behavior, declaration
+  emission, or bundle-size measurement changes.
+- Run `pnpm size:report` or `pnpm size:check` for bundle-size measurement or CLI-contract changes.
diff --git a/lib/mocks/AGENTS.md b/lib/mocks/AGENTS.md
index bb474e47..6dbe6f37 100644
--- a/lib/mocks/AGENTS.md
+++ b/lib/mocks/AGENTS.md
@@ -1,40 +1,24 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first.
+Shared mock fixtures, MSW handlers, mock server behavior, and Contentful test-space utilities used
+by unit tests and reference implementations.
 
-## Scope
-
-This package owns shared mock fixtures, MSW handlers, mock server behavior, and Contentful test
-space utilities used by unit tests and reference implementations.
-
-## Key paths
-
-- `src/`
-- `scripts/`
-- `.contentfulrc.json` for local Contentful credentials
-
-## Local rules
+## Rules
 
 - Keep mock contracts aligned with `@contentful/optimization-api-schemas`.
-- Server behavior changes here can affect multiple implementations at once. Broaden validation when
-  endpoint behavior or fixture shape changes.
+- Treat endpoint behavior and fixture-shape changes as cross-implementation changes.
 - Do not commit secrets or local credentials from `.contentfulrc.json`.
-- Do not run `upload:ctfl:space` unless the user explicitly asked for Contentful space mutation.
-- Keep `README.md` framed as internal testing support, not as a public SDK package. Preserve the
-  sections that explain when to use mocks in unit tests, local dev and E2E flows, fixture updates,
-  and Contentful test-space setup.
-- README commands must prefer repo-root wrappers such as `pnpm serve:mocks` for common flows and
-  package-filter commands only for package-specific fixture or Contentful space utilities.
+- Do not run `upload:ctfl:space` unless the user explicitly requested Contentful space mutation.
+- Keep `README.md` framed as internal testing support with mock usage, fixture updates, and
+  Contentful test-space setup. Prefer repo-root wrappers such as `pnpm serve:mocks` for common
+  flows.
 
 ## Commands
 
-- `pnpm --filter mocks serve`
-- `pnpm --filter mocks typecheck`
-- `pnpm --filter mocks test:unit`
-- `pnpm --filter mocks fetch:ctfl`
-- `pnpm --filter mocks generate:ctfl:types`
+- `pnpm --filter mocks <script>` with `serve`, `typecheck`, `test:unit`, `fetch:ctfl`, or
+  `generate:ctfl:types`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` and `test:unit` for code changes.
-- Run affected implementation E2E when mock server routes, fixtures, or API response shapes change.
+- Run affected implementation E2E when routes, fixtures, or API response shapes change.
diff --git a/packages/AGENTS.md b/packages/AGENTS.md
index d0757fa4..a21e0a68 100644
--- a/packages/AGENTS.md
+++ b/packages/AGENTS.md
@@ -1,101 +1,44 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md` first, then the nearest package-specific `AGENTS.md`.
+Applies to all workspace packages under `packages/`.
 
-These instructions apply to all workspace packages under `packages/`.
+## Boundaries
 
-For package README prose style, follow [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md). This file owns
-package boundaries, package README structure, and package validation rules.
-
-## Package boundaries
-
-- Published SDK behavior belongs in packages, not in `implementations/` reference apps.
-- Keep reusable cross-platform behavior in `packages/universal/core-sdk` unless it is clearly
-  platform-specific.
-- Keep package-local `dev/` harnesses and other development surfaces aligned with the current SDK
-  behavior they are meant to exercise.
-- When public SDK behavior changes, update the relevant TSDoc or JSDoc and the package README in the
+- Published SDK behavior belongs in packages; reference implementations only demonstrate it.
+- Shared cross-platform behavior usually belongs in `packages/universal/core-sdk` unless it is
+  clearly platform-specific.
+- Keep package-local `dev/` harnesses aligned with the SDK behavior they exercise.
+- When public SDK behavior changes, update relevant TSDoc/JSDoc and package README guidance in the
   same change.
 
-## Package README standards
-
-- Public package READMEs must open with the repository-standard centered Contentful header,
-  package-specific `<h3>`, navigation links to Guides, Reference, and Contributing, the pre-release
-  warning, and a short paragraph that states the package layer and the SDK suite relationship.
-- Package README header navigation must work in GitHub source browsing, TypeDoc project documents,
-  and npmjs package README rendering. Prefer canonical absolute URLs for generated Guides and
-  Reference links in that header; do not change them to repo-relative source links unless npm
-  publish rewriting and TypeDoc output have both been verified.
-- Include a collapsible table of contents for public package READMEs with more than a short status
-  note. Preserve `<!-- mtoc-start -->` and `<!-- mtoc-end -->` markers.
-- Application-facing SDK package READMEs, such as Web, React Web, React Native, and Node, must stay
-  orientation-first. Keep purpose, install, minimal initialization, common setup options, one or two
-  core workflows, critical runtime caveats, and links to guides, reference implementations, and
-  generated reference docs. Do not turn these READMEs into exhaustive API manuals.
-- Lower-level package READMEs, such as Core, API Client, API Schemas, preview-panel internals, and
-  bridge packages, must be maintainer-oriented. State who uses the package directly, explain where
-  it sits in the SDK stack, include only minimal usage or common options needed for successful
-  first-party work, and link to generated reference docs for exported APIs.
-- Prefer this public package section order unless the package has a clear local exception:
-  1. `## Getting started`
-  2. `## When to use this package`
-  3. reference implementation, harness, or usage-orientation sections when relevant
-  4. `## Configuration`
-  5. common workflows, runtime notes, or package-layer notes
-  6. `## Related`
-- In `Getting started`, show installation with `pnpm install`, then the smallest useful import and
-  initialization example. Mention CJS support only when the package supports it, but keep ESM
-  preferred.
-- Use tables for common option references with `Option`, `Required?`, `Default`, and `Description`
-  columns when those options are crucial to initial setup. Leave exhaustive config tables, callback
-  payload shapes, method argument lists, and exported type details to generated reference docs
-  unless they are needed to avoid an integration trap.
-- State "Most application code uses..." when documenting lower-level packages such as Core, API
-  Client, or API Schemas, so package hierarchy remains clear.
-- Link to repository reference implementations that exercise the package. Do not link to external
-  demos as the primary example source.
-- Body links to other source-of-truth repo files can stay repo-relative when TypeDoc can resolve
-  them and the package publish flow rewrites them for npm. If a package README link needs to work
-  without publish rewriting, use a stable absolute GitHub or generated-docs URL instead.
-- Placeholder platform package READMEs, such as planned native SDKs, must remain status markers:
-  `# Optimization <platform> SDK`, `## Current status`, and `## When to use this directory`. Do not
-  add install commands, exports, package scripts, or setup steps before the package exists.
-- Package-local dev harness README files must clearly distinguish the harness from the published SDK
-  surface and repo-level reference implementations. Prefer `## Quick start`, `## Prerequisites`,
-  `## Troubleshooting`, architecture, environment, and script sections when the harness has local
-  app workflows.
-- Internal sub-entry or support README files must use a plain Markdown title, identify the surface
-  as internal, state the narrow first-party use case, and avoid presenting the entry as an
-  application-facing SDK.
-
-## Generated and derived files
-
-- Edit package source, configuration, docs, tests, and harness files rather than generated outputs.
-- Do not hand-edit package `dist/`, `.rslib/`, `.rsdoctor/`, `coverage/`, or local `node_modules/`
-  artifacts.
-
-## Common pnpm commands
-
-For pnpm-managed packages with matching package scripts:
-
-- `pnpm --filter <package-name> typecheck`
-- `pnpm --filter <package-name> test:unit`
-- `pnpm --filter <package-name> build`
-- `pnpm --filter <package-name> size:check`
-- `pnpm --filter <package-name> size:report`
-
-## Usually validate
-
-- For pnpm-managed TypeScript or TSX packages, run the targeted package `typecheck`.
-- Run package unit tests when behavior, helpers, contracts, or test-covered code changed and a
-  meaningful test script exists.
-- Run the package `build` when exports, bundling, emitted declarations, runtime code, or packaging
-  changed and the package provides a build script.
-- Run `size:check` for runtime, export, dependency, bundler config, or bundle-shape changes when the
-  package provides that script. If it fails and broader bundle status matters, run `size:report`
-  before treating the first failure as complete coverage.
-- Validate the package-local harness itself when changing flows it is meant to demonstrate.
-- For package changes consumed by implementations, run `pnpm build:pkgs` before reinstalling or
-  running implementation tests.
-- Broaden validation to affected downstream SDKs or reference implementations when shared behavior,
-  public contracts, preview behavior, event flow, or platform integrations changed.
+## Package READMEs
+
+- Follow root Markdown rules and [`../STYLE_GUIDE.md`](../STYLE_GUIDE.md).
+- Public package READMEs use the repo-standard Contentful header, package-specific `<h3>`, Guides,
+  Reference, Contributing links, pre-release warning, and SDK-layer summary.
+- Application-facing READMEs stay orientation-first: install, minimal initialization, common setup,
+  critical caveats, and links to guides, reference implementations, and generated reference docs.
+- Lower-level package READMEs are maintainer-oriented: direct users, stack position, minimal
+  first-party usage, and generated reference links.
+- TypeDoc owns exhaustive signatures, callback payloads, method catalogs, and exported type detail.
+- Placeholder platform READMEs remain status markers until the package exists.
+- Dev harness READMEs must distinguish the harness from both the published SDK and repo reference
+  implementations.
+
+## Common commands
+
+For pnpm-managed packages with matching scripts, use `pnpm --filter <package-name> <script>` with
+`typecheck`, `test:unit`, `build`, `size:check`, or `size:report`.
+
+## Validate
+
+- Run targeted `typecheck` for TypeScript or TSX package changes.
+- Run unit tests when behavior, helpers, contracts, or tested code changed.
+- Run package `build` when exports, bundled runtime code, emitted declarations, or packaging
+  changed.
+- Run `size:check` for runtime, export, dependency, bundler config, or bundle-shape changes.
+- Validate package-local harnesses when changing flows they demonstrate.
+- For package changes consumed by implementations, run `pnpm build:pkgs` before implementation
+  install or tests.
+- Broaden to affected downstream SDKs or reference implementations for shared behavior, public
+  contracts, preview behavior, event flow, or platform integration changes.
diff --git a/packages/android/AGENTS.md b/packages/android/AGENTS.md
index 505c5c7e..75c65a1d 100644
--- a/packages/android/AGENTS.md
+++ b/packages/android/AGENTS.md
@@ -1,46 +1,23 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
-
-## Scope
-
-This directory owns native Android package work: the Kotlin Android library module under
-`ContentfulOptimization/`. The shared JS bridge it consumes lives under
+Native Android package work under `ContentfulOptimization/`; the shared QuickJS bridge comes from
 `packages/universal/optimization-js-bridge/`.
 
-## Key paths
-
-- `ContentfulOptimization/` — Android library module (AAR), public Kotlin API, native runtime,
-  Compose UI, preview panel, assets, and tests
-- `README.md` — package status and public-facing notes
-
-## Local rules
+## Rules
 
-- Keep Kotlin bridge calls, JSON payload shapes, and callback behavior aligned with
-  `packages/universal/optimization-js-bridge/src/index.ts`.
-- Keep the bridge bundle flow one-way: edit TypeScript bridge source, build the bridge package, and
-  let its build copy the generated UMD into Android assets.
+- Keep Kotlin bridge calls, JSON payloads, and callbacks aligned with the shared bridge source.
+- Bridge bundle flow is one-way: edit TypeScript bridge source, build the bridge package, and let
+  the build copy the UMD into Android assets.
 - Do not hand-edit `ContentfulOptimization/src/main/assets/optimization-android-bridge.umd.js`.
-- Native Kotlin SDK behavior belongs in `ContentfulOptimization/`. Shared optimization logic belongs
+- Native Kotlin SDK behavior belongs in `ContentfulOptimization/`; shared optimization logic belongs
   in `packages/universal/core-sdk`.
-- Keep Android preview-panel behavior aligned with iOS and React Native preview-panel behavior when
-  changing shared preview contracts.
-- The SDK ships **two** public UI adapter packages over the same `core` API:
-  - `com.contentful.optimization.compose` — Jetpack Compose adapter (`OptimizationRoot`,
-    `OptimizedEntry`, `ScreenTrackingEffect`, `OptimizationLazyColumn`, view/tap-tracking
-    Modifiers).
-  - `com.contentful.optimization.views` — XML Views adapter (`OptimizationManager`,
-    `OptimizedEntryView`, `ScreenTracker`, `TrackingRecyclerView`). Static-singleton client lookup
-    extends the previously-documented `PreviewPanelActivity.addFloatingButton` pattern; consumers
-    call `OptimizationManager.initialize` from `Application.onCreate` and read
-    `OptimizationManager.client` from any `Activity`/`Fragment`.
-  - Behavior parity between the two adapters is validated end-to-end by the Android E2E CI job
-    (`e2e-android-maestro` runs the same Maestro flow set against both reference impls via a per-app
-    matrix). A change in one adapter that drifts from the other fails that app's leg.
+- Keep Android preview-panel behavior aligned with iOS and React Native when changing shared preview
+  contracts.
+- The public Compose and XML Views adapters share the same `core` API; keep behavior parity because
+  Android E2E runs the same Maestro flows against both apps.
 
-## Cross-boundary validation
+## Validate
 
 - Use the nearest child `AGENTS.md` for bridge or Kotlin module commands.
 - Rebuild the bridge before relying on Kotlin or Android test results when bridge source changed.
-- The bridge source is shared at `packages/universal/optimization-js-bridge/src/index.ts` — one
-  `src/index.ts` builds both native bundles, so there is no per-platform bridge to keep in sync.
+- Validate both public UI adapters for shared UI, tracking, or preview behavior changes.
diff --git a/packages/android/ContentfulOptimization/AGENTS.md b/packages/android/ContentfulOptimization/AGENTS.md
index 03509ffe..cfc796b8 100644
--- a/packages/android/ContentfulOptimization/AGENTS.md
+++ b/packages/android/ContentfulOptimization/AGENTS.md
@@ -1,66 +1,43 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, then `packages/android/AGENTS.md`,
-before this file.
+Android library module (AAR) for the native Kotlin SDK: public API, QuickJS bridge integration,
+native bindings, persistence, lifecycle/network handlers, tracking, Compose UI, preview panel, and
+assets.
 
-## Scope
+## Rules
 
-This directory is the Android library module (AAR) for the Contentful Optimization SDK. It contains
-the Kotlin native runtime, QuickJS bridge integration (via `io.github.dokar3:quickjs-kt`), native
-polyfill bindings (URLSession/OkHttp/timers/UUID), and public API surface.
-
-## Key paths
-
-- `src/main/kotlin/com/contentful/optimization/bridge/` — QuickJS context manager and callback
-  manager
-- `src/main/kotlin/com/contentful/optimization/core/` — public API, data models, config
-- `src/main/kotlin/com/contentful/optimization/polyfills/` — native bindings exposed to JS
-  (`__nativeFetch`, `__nativeSetTimeout`, etc.); JS polyfill source lives in
-  `packages/universal/optimization-js-bridge/src/polyfills/` and is prepended into the UMD bundle
-- `src/main/kotlin/com/contentful/optimization/storage/` — SharedPreferences persistence
-- `src/main/kotlin/com/contentful/optimization/handlers/` — lifecycle and network handlers
-- `src/main/kotlin/com/contentful/optimization/tracking/` — view tracking state machine and metadata
-- `src/main/kotlin/com/contentful/optimization/compose/` — Jetpack Compose UI layer
-  (OptimizationRoot, OptimizedEntry, LazyColumn tracking, screen/click/view tracking)
-- `src/main/kotlin/com/contentful/optimization/preview/` — preview panel UI (theme, components,
-  overlay, ViewModel, Contentful client, Activity)
-- `src/main/assets/` — JS bridge UMD bundle (copied from the `@contentful/optimization-js-bridge`
-  build; polyfills are prepended into the bundle itself)
-
-## Local rules
-
-- All QuickJs access must go through `QuickJsContextManager`. Never call `quickJs.evaluate()` from
-  outside the manager.
-- All JS engine calls must happen on the dedicated `quickJsDispatcher` thread. The manager enforces
-  this.
-- Do not hand-edit files in `src/main/assets/`. The UMD bundle is copied from the bridge build,
-  which prepends polyfill sources from `packages/universal/optimization-js-bridge/src/polyfills/`.
-- Keep bridge call signatures and JSON payload shapes aligned with
+- All QuickJS access goes through `QuickJsContextManager` on the dedicated `quickJsDispatcher`
+  thread.
+- Do not hand-edit `src/main/assets/`; it is copied from the bridge build with shared polyfills
+  prepended.
+- Keep bridge signatures and JSON payload shapes aligned with
   `packages/universal/optimization-js-bridge/src/index.ts`.
-- Keep Compose UI components aligned with iOS SwiftUI views when changing shared tracking or preview
+- Keep Compose UI components aligned with iOS SwiftUI views for shared tracking or preview
   contracts.
-- `PreviewPanelActivity` uses static client references for View-based app integration. Keep this
-  pattern minimal and document the lifecycle implications.
-- `ViewTrackingController` uses `positionInRoot()` coordinates. The `ScrollContext.scrollY` is
-  always 0 because element positions already account for scroll offset.
+- `PreviewPanelActivity` uses static client references for View-based integration; keep the pattern
+  minimal and document lifecycle implications.
+- `ViewTrackingController` uses `positionInRoot()` coordinates; `ScrollContext.scrollY` stays `0`
+  because positions already include scroll offset.
 
 ## Commands
 
-- Gradle build commands require Android SDK. Use `./gradlew build` from this directory (the module
-  ships its own pinned wrapper, 8.10.2, and pins its plugin versions in `settings.gradle.kts`, so it
-  builds standalone — not only inside the demo's composite build).
-- Run `pnpm --filter @contentful/optimization-js-bridge build` to rebuild the JS bridge bundle
-  before Gradle build. `buildJsBridge` (wired into `preBuild`) also does this automatically.
+- From this directory: `./gradlew build`
+- Bridge build: `pnpm --filter @contentful/optimization-js-bridge build`
+- Local Maven smoke test:
+  `./gradlew publishToMavenLocal -Pcontentful.optimization.version=0.0.0-local`
+- Downstream Maestro after SDK runtime or UI adapter changes:
+  `pnpm implementation:run -- android-sdk test:e2e:compose -- --flow <suite>` and
+  `pnpm implementation:run -- android-sdk test:e2e:views -- --flow <suite>`.
 
 ## Releasing
 
-- Published to Maven Central (Sonatype Central Portal) as `com.contentful.java:optimization-android`
-  by `.github/workflows/publish-android.yaml` on each `v*` release, in parallel with the Swift
-  package. Version comes from the tag (`-Pcontentful.optimization.version` / `RELEASE_VERSION`); the
-  group reuses Contentful's existing verified namespace `com.contentful.java`.
-- Credentials are GitHub Actions secrets on `contentful/optimization`, provisioned and self-verified
-  by `scripts/setup-maven-central-credential.sh` (Central Portal token + GPG signing key). The
-  published artifacts are generated; nobody edits them by hand.
-- Smoke-test packaging locally with
-  `./gradlew publishToMavenLocal -Pcontentful.optimization.version=0.0.0-local` and consume it from
-  a real app via `mavenLocal()` — this is how the Android demo is verified before a real release.
+- Maven Central publishing uses `.github/workflows/publish-android.yaml` on `v*` tags with group
+  `com.contentful.java` and artifact `optimization-android`.
+- Published artifacts are generated; do not edit them by hand.
+
+## Validate
+
+- Rebuild the bridge before Gradle checks when bridge source changed.
+- Smoke-test packaging with `publishToMavenLocal` before release-sensitive changes.
+- Run targeted Android Maestro through the reference implementation runner for behavior that affects
+  persistence, lifecycle, tracking, preview-panel UI, or public Compose/XML Views adapters.
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/bridge/QuickJsContextManager.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/bridge/QuickJsContextManager.kt
index 2b4e2358..ef49fa03 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/bridge/QuickJsContextManager.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/bridge/QuickJsContextManager.kt
@@ -35,7 +35,7 @@ class QuickJsContextManager {
     var onEvent: ((Map<String, Any>) -> Unit)? = null
     var onOverridesChanged: ((PreviewState) -> Unit)? = null
 
-    suspend fun initialize(config: OptimizationConfig, assets: AssetManager) {
+    suspend fun initialize(config: OptimizationConfig, assets: AssetManager, anonymousId: String? = null) {
         withContext(quickJsDispatcher) {
             val qjs = QuickJs.create(quickJsDispatcher)
             val store = TimerStore()
@@ -92,7 +92,7 @@ class QuickJsContextManager {
 
             registerCallbacks(qjs)
 
-            val configJSON = config.toJSON()
+            val configJSON = config.toJSON(anonymousId = anonymousId)
             qjs.evaluate<Any?>("__bridge.initialize($configJSON)", "bridge-init.js")
 
             quickJs = qjs
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationClient.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationClient.kt
index 4b334514..872ff85b 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationClient.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationClient.kt
@@ -73,16 +73,30 @@ class OptimizationClient(private val applicationContext: Context) {
         log.setEnabled(config.debug)
         log.info { "[init] Starting SDK initialization (clientId=${config.clientId}, env=${config.environment})" }
 
-        store.load()
+        store.loadConsentState()
         val resolvedLocale = config.resolvedLocale(getRuntimeLocaleCandidates())
+        val configuredDefaultConsent = config.defaults?.consent
+        var storedAnonymousId: String? = null
         val mergedConfig = config.copy(
             locale = resolvedLocale,
             defaults = (config.defaults ?: StorageDefaults()).let { d ->
+                val requestedPersistenceConsent =
+                    d.persistenceConsent ?: configuredDefaultConsent ?: store.persistenceConsent ?: d.consent
+                val persistenceConsent = requestedPersistenceConsent
+                val canLoadPersistedContinuity = persistenceConsent == true
+                if (canLoadPersistedContinuity) {
+                    store.loadProfileContinuity()
+                    storedAnonymousId = store.anonymousId
+                } else if (persistenceConsent == false) {
+                    store.clearProfileContinuity()
+                }
+
                 d.copy(
                     consent = d.consent ?: store.consent,
-                    profile = d.profile ?: store.profile,
-                    changes = d.changes ?: store.changes,
-                    personalizations = d.personalizations ?: store.personalizations,
+                    persistenceConsent = persistenceConsent,
+                    profile = d.profile ?: if (canLoadPersistedContinuity) store.profile else null,
+                    changes = d.changes ?: if (canLoadPersistedContinuity) store.changes else null,
+                    personalizations = d.personalizations ?: if (canLoadPersistedContinuity) store.personalizations else null,
                 )
             }
         )
@@ -90,7 +104,7 @@ class OptimizationClient(private val applicationContext: Context) {
 
         bridge.onLog = { level, msg -> log.debug { "[js:$level] $msg" } }
 
-        bridge.initialize(mergedConfig, applicationContext.assets)
+        bridge.initialize(mergedConfig, applicationContext.assets, storedAnonymousId)
         _isInitialized.value = true
         log.info { "[init] SDK initialized successfully" }
 
@@ -147,10 +161,17 @@ class OptimizationClient(private val applicationContext: Context) {
         bridgeCallSyncWhenInitialized("consent", if (accept) "true" else "false")
     }
 
+    fun consent(events: Boolean? = null, persistence: Boolean? = null) {
+        val fields = mutableListOf<String>()
+        events?.let { fields.add("events: ${if (it) "true" else "false"}") }
+        persistence?.let { fields.add("persistence: ${if (it) "true" else "false"}") }
+        bridgeCallSyncWhenInitialized("consent", "{${fields.joinToString(",")}}")
+    }
+
     fun reset() {
         if (!_isInitialized.value) return
         bridgeCallSyncWhenInitialized("reset")
-        store.clear()
+        store.clearProfileContinuity()
     }
 
     fun setOnline(isOnline: Boolean) {
@@ -294,7 +315,6 @@ class OptimizationClient(private val applicationContext: Context) {
         _state.value = OptimizationState.EMPTY
         locale = null
         _selectedPersonalizations.value = null
-        store.clear()
     }
 
     private fun getRuntimeLocaleCandidates(): List<String> {
@@ -382,27 +402,34 @@ class OptimizationClient(private val applicationContext: Context) {
         @Suppress("UNCHECKED_CAST")
         val changes = extractJSONArray(dict["changes"]) as? List<Map<String, Any>>
         val consent = dict["consent"] as? Boolean
+        val persistenceConsent = dict["persistenceConsent"] as? Boolean
         val locale = dict["locale"] as? String
+        @Suppress("UNCHECKED_CAST")
+        val personalizations = extractJSONArray(dict["selectedPersonalizations"]) as? List<Map<String, Any>>
 
+        this.locale = locale
+
+        store.consent = consent
+        store.persistenceConsent = persistenceConsent
+        if (persistenceConsent == true) {
+            store.profile = profile
+            store.changes = changes
+            store.personalizations = personalizations
+            @Suppress("UNCHECKED_CAST")
+            store.anonymousId = (profile?.get("id") as? String) ?: store.anonymousId
+        } else if (persistenceConsent == false) {
+            store.clearProfileContinuity()
+        }
+
+        _selectedPersonalizations.value = personalizations
         _state.value = OptimizationState(
             profile = profile,
             consent = consent,
+            persistenceConsent = persistenceConsent,
             canPersonalize = dict["canPersonalize"] as? Boolean ?: false,
             changes = changes,
             locale = locale,
         )
-        this.locale = locale
-
-        @Suppress("UNCHECKED_CAST")
-        val personalizations = extractJSONArray(dict["selectedPersonalizations"]) as? List<Map<String, Any>>
-        _selectedPersonalizations.value = personalizations
-
-        store.profile = profile
-        store.consent = consent
-        store.changes = changes
-        store.personalizations = personalizations
-        @Suppress("UNCHECKED_CAST")
-        store.anonymousId = (profile?.get("id") as? String) ?: store.anonymousId
     }
 
     companion object {
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationConfig.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationConfig.kt
index 83153d5a..328a9dfb 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationConfig.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationConfig.kt
@@ -70,6 +70,7 @@ private fun getFallbackMatchKeys(matchKey: String): List<String> {
 
 data class StorageDefaults(
     var consent: Boolean? = null,
+    var persistenceConsent: Boolean? = null,
     var profile: Map<String, Any>? = null,
     var changes: List<Map<String, Any>>? = null,
     var personalizations: List<Map<String, Any>>? = null,
@@ -99,7 +100,7 @@ data class OptimizationConfig(
             contentfulLocales?.resolve(listOf(it)) ?: normalizeExplicitLocale(it, "locale")
         } ?: contentfulLocales?.resolve(candidates)
 
-    fun toJSON(): String {
+    internal fun toJSON(anonymousId: String? = null): String {
         val obj = JSONObject()
         obj.put("clientId", clientId)
         obj.put("environment", environment)
@@ -118,12 +119,15 @@ data class OptimizationConfig(
             obj.put("api", JSONObject().put("locale", normalizeExplicitLocale(it, "api.locale")))
         }
 
-        defaults?.let { d ->
+        if (defaults != null || anonymousId != null) {
             val defaultsObj = JSONObject()
-            d.consent?.let { defaultsObj.put("consent", it) }
-            d.profile?.let { defaultsObj.put("profile", JSONObject(it)) }
-            d.changes?.let { defaultsObj.put("changes", toJSONArray(it)) }
-            d.personalizations?.let { defaultsObj.put("optimizations", toJSONArray(it)) }
+            val d = defaults
+            d?.consent?.let { defaultsObj.put("consent", it) }
+            d?.persistenceConsent?.let { defaultsObj.put("persistenceConsent", it) }
+            d?.profile?.let { defaultsObj.put("profile", JSONObject(it)) }
+            d?.changes?.let { defaultsObj.put("changes", toJSONArray(it)) }
+            d?.personalizations?.let { defaultsObj.put("optimizations", toJSONArray(it)) }
+            anonymousId?.let { defaultsObj.put("anonymousId", it) }
             if (defaultsObj.length() > 0) {
                 obj.put("defaults", defaultsObj)
             }
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationState.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationState.kt
index 4c5a18bd..4c47569e 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationState.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/OptimizationState.kt
@@ -6,6 +6,7 @@ import org.json.JSONObject
 data class OptimizationState(
     val profile: Map<String, Any>? = null,
     val consent: Boolean? = null,
+    val persistenceConsent: Boolean? = null,
     val canPersonalize: Boolean = false,
     val changes: List<Map<String, Any>>? = null,
     val locale: String? = null,
@@ -19,6 +20,7 @@ data class OptimizationState(
         if (other !is OptimizationState) return false
         return sortedJson(profile) == sortedJson(other.profile) &&
             consent == other.consent &&
+            persistenceConsent == other.persistenceConsent &&
             canPersonalize == other.canPersonalize &&
             sortedJson(changes) == sortedJson(other.changes) &&
             locale == other.locale
@@ -27,6 +29,7 @@ data class OptimizationState(
     override fun hashCode(): Int {
         var result = sortedJson(profile).hashCode()
         result = 31 * result + (consent?.hashCode() ?: 0)
+        result = 31 * result + (persistenceConsent?.hashCode() ?: 0)
         result = 31 * result + canPersonalize.hashCode()
         result = 31 * result + sortedJson(changes).hashCode()
         result = 31 * result + (locale?.hashCode() ?: 0)
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/PreviewState.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/PreviewState.kt
index a7d5be27..2ac16d92 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/PreviewState.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/core/PreviewState.kt
@@ -6,6 +6,7 @@ import org.json.JSONObject
 data class PreviewState(
     val profile: JSONValue?,
     val consent: Boolean?,
+    val persistenceConsent: Boolean?,
     val canPersonalize: Boolean,
     val changes: List<PreviewChange>?,
     val selectedPersonalizations: List<SelectedPersonalization>?,
@@ -23,6 +24,7 @@ data class PreviewState(
                 PreviewState(
                     profile = if (obj.isNull("profile")) null else JSONValue.fromAny(obj.get("profile")),
                     consent = if (obj.isNull("consent")) null else obj.optBoolean("consent"),
+                    persistenceConsent = if (obj.isNull("persistenceConsent")) null else obj.optBoolean("persistenceConsent"),
                     canPersonalize = obj.optBoolean("canPersonalize", false),
                     changes = obj.optJSONArray("changes")?.let { parseChanges(it) },
                     selectedPersonalizations = obj.optJSONArray("selectedPersonalizations")?.let { parsePersonalizations(it) },
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/PersistentStore.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/PersistentStore.kt
index de16590d..6a45bd33 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/PersistentStore.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/PersistentStore.kt
@@ -3,11 +3,14 @@ package com.contentful.optimization.storage
 interface PersistentStore {
     var profile: Map<String, Any>?
     var consent: Boolean?
+    var persistenceConsent: Boolean?
     var changes: List<Map<String, Any>>?
     var personalizations: List<Map<String, Any>>?
     var anonymousId: String?
     var debug: Boolean
 
-    fun load()
+    fun loadConsentState()
+    fun loadProfileContinuity()
     fun clear()
+    fun clearProfileContinuity()
 }
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/SharedPreferencesStore.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/SharedPreferencesStore.kt
index aedc6fa8..74610fe5 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/SharedPreferencesStore.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/storage/SharedPreferencesStore.kt
@@ -3,6 +3,7 @@ package com.contentful.optimization.storage
 import android.content.Context
 import android.content.SharedPreferences
 import com.contentful.optimization.bridge.QuickJsContextManager
+import com.contentful.optimization.core.DiagnosticLogger
 import org.json.JSONArray
 import org.json.JSONObject
 
@@ -11,14 +12,24 @@ class SharedPreferencesStore(context: Context) : PersistentStore {
         context.getSharedPreferences("com.contentful.optimization", Context.MODE_PRIVATE)
     private val keyPrefix = "com.contentful.optimization."
     private val cache = mutableMapOf<String, Any?>()
+    private val consentStateKeys = listOf("consent", "persistenceConsent", "debug")
+    private val profileContinuityKeys = listOf("profile", "changes", "personalizations", "anonymousId")
+    private val keys = consentStateKeys + profileContinuityKeys
 
-    override fun load() {
-        val keys = listOf("profile", "consent", "changes", "personalizations", "anonymousId", "debug")
+    override fun loadConsentState() {
+        load(consentStateKeys)
+    }
+
+    override fun loadProfileContinuity() {
+        load(profileContinuityKeys)
+    }
+
+    private fun load(keys: List<String>) {
         for (key in keys) {
             val fullKey = keyPrefix + key
             val stored = prefs.getString(fullKey, null) ?: continue
             when (key) {
-                "consent" -> cache[key] = stored
+                "consent", "persistenceConsent" -> cache[key] = stored
                 "anonymousId" -> cache[key] = stored
                 "debug" -> cache[key] = stored == "true"
                 else -> {
@@ -33,15 +44,23 @@ class SharedPreferencesStore(context: Context) : PersistentStore {
     }
 
     override fun clear() {
-        val keys = listOf("profile", "consent", "changes", "personalizations", "anonymousId", "debug")
         val editor = prefs.edit()
         for (key in keys) {
             editor.remove(keyPrefix + key)
         }
-        editor.apply()
+        editor.commitPersistedUpdate("clear")
         cache.clear()
     }
 
+    override fun clearProfileContinuity() {
+        val editor = prefs.edit()
+        for (key in profileContinuityKeys) {
+            editor.remove(keyPrefix + key)
+            cache.remove(key)
+        }
+        editor.commitPersistedUpdate("clear profile continuity")
+    }
+
     override var profile: Map<String, Any>?
         get() {
             @Suppress("UNCHECKED_CAST")
@@ -66,6 +85,20 @@ class SharedPreferencesStore(context: Context) : PersistentStore {
             writeString(translated, "consent")
         }
 
+    override var persistenceConsent: Boolean?
+        get() {
+            return when (cache["persistenceConsent"] as? String) {
+                "accepted" -> true
+                "denied" -> false
+                else -> if (consent == true) true else null
+            }
+        }
+        set(value) {
+            val translated = value?.let { if (it) "accepted" else "denied" }
+            cache["persistenceConsent"] = translated
+            writeString(translated, "persistenceConsent")
+        }
+
     override var changes: List<Map<String, Any>>?
         get() {
             @Suppress("UNCHECKED_CAST")
@@ -108,18 +141,24 @@ class SharedPreferencesStore(context: Context) : PersistentStore {
                 is List<*> -> JSONArray(value).toString()
                 else -> value.toString()
             }
-            prefs.edit().putString(fullKey, json).apply()
+            prefs.edit().putString(fullKey, json).commitPersistedUpdate("write $key")
         } else {
-            prefs.edit().remove(fullKey).apply()
+            prefs.edit().remove(fullKey).commitPersistedUpdate("remove $key")
         }
     }
 
     private fun writeString(value: String?, key: String) {
         val fullKey = keyPrefix + key
         if (value != null) {
-            prefs.edit().putString(fullKey, value).apply()
+            prefs.edit().putString(fullKey, value).commitPersistedUpdate("write $key")
         } else {
-            prefs.edit().remove(fullKey).apply()
+            prefs.edit().remove(fullKey).commitPersistedUpdate("remove $key")
+        }
+    }
+
+    private fun SharedPreferences.Editor.commitPersistedUpdate(operation: String) {
+        if (!commit()) {
+            DiagnosticLogger.warning { "[storage] SharedPreferences commit failed during $operation" }
         }
     }
 
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/tracking/ViewTrackingController.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/tracking/ViewTrackingController.kt
index 80742f3e..2570048e 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/tracking/ViewTrackingController.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/tracking/ViewTrackingController.kt
@@ -13,6 +13,8 @@ import kotlinx.coroutines.delay
 import kotlinx.coroutines.launch
 import java.util.UUID
 
+internal const val VIEW_TRACKING_LOG_TAG = "ViewTracking"
+
 /**
  * The primary constructor is `internal` so JVM unit tests can supply a controlled
  * [CoroutineScope] (typically a `kotlinx-coroutines-test` `TestScope`), a fake [LifecycleOwner]
@@ -222,7 +224,7 @@ class ViewTrackingController internal constructor(
                 onTrackView(payload)
             } catch (e: Exception) {
                 Log.w(
-                    "ViewTracking",
+                    VIEW_TRACKING_LOG_TAG,
                     "trackView failed componentId=${metadata.componentId}: ${e.javaClass.simpleName}: ${e.message}",
                 )
             }
@@ -238,7 +240,7 @@ class ViewTrackingController internal constructor(
 }
 
 private inline fun trackingLog(message: () -> String) {
-    if (Log.isLoggable("ViewTracking", Log.DEBUG)) {
-        Log.d("ViewTracking", message())
+    if (Log.isLoggable(VIEW_TRACKING_LOG_TAG, Log.DEBUG)) {
+        Log.d(VIEW_TRACKING_LOG_TAG, message())
     }
 }
diff --git a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/views/OptimizedEntryView.kt b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/views/OptimizedEntryView.kt
index 049287e4..a456e0bb 100644
--- a/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/views/OptimizedEntryView.kt
+++ b/packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/views/OptimizedEntryView.kt
@@ -9,6 +9,7 @@ import android.widget.FrameLayout
 import com.contentful.optimization.core.PersonalizedResult
 import com.contentful.optimization.core.TrackClickPayload
 import com.contentful.optimization.tracking.TrackingMetadata
+import com.contentful.optimization.tracking.VIEW_TRACKING_LOG_TAG
 import com.contentful.optimization.tracking.ViewTrackingController
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -309,7 +310,7 @@ class OptimizedEntryView @JvmOverloads constructor(
 }
 
 private inline fun trackingLog(message: () -> String) {
-    if (android.util.Log.isLoggable("ViewTracking", android.util.Log.DEBUG)) {
-        android.util.Log.d("ViewTracking", message())
+    if (android.util.Log.isLoggable(VIEW_TRACKING_LOG_TAG, android.util.Log.DEBUG)) {
+        android.util.Log.d(VIEW_TRACKING_LOG_TAG, message())
     }
 }
diff --git a/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/core/OptimizationConfigTest.kt b/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/core/OptimizationConfigTest.kt
index f2b7da0a..71c39f54 100644
--- a/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/core/OptimizationConfigTest.kt
+++ b/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/core/OptimizationConfigTest.kt
@@ -70,6 +70,28 @@ class OptimizationConfigTest {
         assertEquals("fr-FR", json.getJSONObject("api").getString("locale"))
     }
 
+    @Test
+    fun `serializes persistence consent default`() {
+        val config = OptimizationConfig(
+            clientId = "test-client",
+            defaults = StorageDefaults(consent = true, persistenceConsent = false),
+        )
+
+        val defaults = JSONObject(config.toJSON()).getJSONObject("defaults")
+
+        assertEquals(true, defaults.getBoolean("consent"))
+        assertEquals(false, defaults.getBoolean("persistenceConsent"))
+    }
+
+    @Test
+    fun `serializes bridge-only anonymous id default`() {
+        val config = OptimizationConfig(clientId = "test-client")
+
+        val defaults = JSONObject(config.toJSON(anonymousId = "anonymous-id")).getJSONObject("defaults")
+
+        assertEquals("anonymous-id", defaults.getString("anonymousId"))
+    }
+
     @Test
     fun `checks exact matches before fallback matches`() {
         val config = OptimizationConfig(
diff --git a/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/storage/SharedPreferencesStoreTest.kt b/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/storage/SharedPreferencesStoreTest.kt
new file mode 100644
index 00000000..cebd6dd7
--- /dev/null
+++ b/packages/android/ContentfulOptimization/src/test/kotlin/com/contentful/optimization/storage/SharedPreferencesStoreTest.kt
@@ -0,0 +1,193 @@
+package com.contentful.optimization.storage
+
+import android.content.Context
+import android.content.ContextWrapper
+import android.content.SharedPreferences
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
+import org.junit.Test
+
+class SharedPreferencesStoreTest {
+    @Test
+    fun `clearProfileContinuity preserves consent values`() {
+        val context = StoreTestContext()
+        val store = SharedPreferencesStore(context)
+
+        store.consent = true
+        store.persistenceConsent = false
+        store.profile = mapOf("id" to "profile-id")
+        store.changes = listOf(mapOf("experienceId" to "experience-id"))
+        store.personalizations = listOf(mapOf("experienceId" to "personalization-id"))
+        store.anonymousId = "anonymous-id"
+
+        store.clearProfileContinuity()
+
+        assertEquals(true, store.consent)
+        assertEquals(false, store.persistenceConsent)
+        assertNull(store.profile)
+        assertNull(store.changes)
+        assertNull(store.personalizations)
+        assertNull(store.anonymousId)
+
+        val reloadedStore = SharedPreferencesStore(context)
+        reloadedStore.loadConsentState()
+
+        assertEquals(true, reloadedStore.consent)
+        assertEquals(false, reloadedStore.persistenceConsent)
+        assertNull(reloadedStore.profile)
+        assertNull(reloadedStore.changes)
+        assertNull(reloadedStore.personalizations)
+        assertNull(reloadedStore.anonymousId)
+    }
+
+    @Test
+    fun `loadConsentState does not load profile continuity`() {
+        val context = StoreTestContext()
+        val store = SharedPreferencesStore(context)
+
+        store.consent = true
+        store.persistenceConsent = true
+        store.profile = mapOf("id" to "profile-id")
+        store.changes = listOf(mapOf("experienceId" to "experience-id"))
+        store.personalizations = listOf(mapOf("experienceId" to "personalization-id"))
+        store.anonymousId = "anonymous-id"
+
+        val reloadedStore = SharedPreferencesStore(context)
+        reloadedStore.loadConsentState()
+
+        assertEquals(true, reloadedStore.consent)
+        assertEquals(true, reloadedStore.persistenceConsent)
+        assertNull(reloadedStore.profile)
+        assertNull(reloadedStore.changes)
+        assertNull(reloadedStore.personalizations)
+        assertNull(reloadedStore.anonymousId)
+
+        reloadedStore.loadProfileContinuity()
+
+        assertEquals("profile-id", reloadedStore.profile?.get("id"))
+        assertEquals("experience-id", reloadedStore.changes?.first()?.get("experienceId"))
+        assertEquals("personalization-id", reloadedStore.personalizations?.first()?.get("experienceId"))
+        assertEquals("anonymous-id", reloadedStore.anonymousId)
+    }
+}
+
+private class StoreTestContext : ContextWrapper(null) {
+    private val sharedPreferences = InMemorySharedPreferences()
+
+    override fun getSharedPreferences(name: String?, mode: Int): SharedPreferences {
+        require(name == "com.contentful.optimization")
+        require(mode == Context.MODE_PRIVATE)
+
+        return sharedPreferences
+    }
+}
+
+private class InMemorySharedPreferences : SharedPreferences {
+    private val values = mutableMapOf<String, Any?>()
+
+    override fun getAll(): MutableMap<String, *> = values.toMutableMap()
+
+    override fun getString(key: String?, defValue: String?): String? {
+        return values[key] as? String ?: defValue
+    }
+
+    override fun getStringSet(key: String?, defValues: MutableSet<String>?): MutableSet<String>? {
+        @Suppress("UNCHECKED_CAST")
+        return values[key] as? MutableSet<String> ?: defValues
+    }
+
+    override fun getInt(key: String?, defValue: Int): Int {
+        return values[key] as? Int ?: defValue
+    }
+
+    override fun getLong(key: String?, defValue: Long): Long {
+        return values[key] as? Long ?: defValue
+    }
+
+    override fun getFloat(key: String?, defValue: Float): Float {
+        return values[key] as? Float ?: defValue
+    }
+
+    override fun getBoolean(key: String?, defValue: Boolean): Boolean {
+        return values[key] as? Boolean ?: defValue
+    }
+
+    override fun contains(key: String?): Boolean {
+        return values.containsKey(key)
+    }
+
+    override fun edit(): SharedPreferences.Editor {
+        return Editor()
+    }
+
+    override fun registerOnSharedPreferenceChangeListener(
+        listener: SharedPreferences.OnSharedPreferenceChangeListener?,
+    ) {}
+
+    override fun unregisterOnSharedPreferenceChangeListener(
+        listener: SharedPreferences.OnSharedPreferenceChangeListener?,
+    ) {}
+
+    private inner class Editor : SharedPreferences.Editor {
+        private val edits = mutableMapOf<String, Any?>()
+        private val removals = mutableSetOf<String>()
+        private var clear = false
+
+        override fun putString(key: String?, value: String?): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = value
+        }
+
+        override fun putStringSet(
+            key: String?,
+            values: MutableSet<String>?,
+        ): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = values
+        }
+
+        override fun putInt(key: String?, value: Int): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = value
+        }
+
+        override fun putLong(key: String?, value: Long): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = value
+        }
+
+        override fun putFloat(key: String?, value: Float): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = value
+        }
+
+        override fun putBoolean(key: String?, value: Boolean): SharedPreferences.Editor = apply {
+            if (key != null) edits[key] = value
+        }
+
+        override fun remove(key: String?): SharedPreferences.Editor = apply {
+            if (key != null) removals.add(key)
+        }
+
+        override fun clear(): SharedPreferences.Editor = apply {
+            clear = true
+        }
+
+        override fun commit(): Boolean {
+            if (clear) values.clear()
+
+            for (key in removals) {
+                values.remove(key)
+            }
+
+            for ((key, value) in edits) {
+                if (value == null) {
+                    values.remove(key)
+                } else {
+                    values[key] = value
+                }
+            }
+
+            return true
+        }
+
+        override fun apply() {
+            error("SharedPreferencesStore must commit durable SDK state writes synchronously")
+        }
+    }
+}
diff --git a/packages/android/README.md b/packages/android/README.md
index 14275467..58c66f4f 100644
--- a/packages/android/README.md
+++ b/packages/android/README.md
@@ -39,6 +39,7 @@ UI.
 - [Configuration](#configuration)
   - [Common options](#common-options)
   - [Locale handling](#locale-handling)
+  - [Consent and persistence](#consent-and-persistence)
 - [Runtime notes](#runtime-notes)
 - [Related](#related)
 
@@ -81,7 +82,6 @@ val optimizationConfig = OptimizationConfig(
     clientId = "your-client-id",
     environment = "master",
     contentfulLocales = ContentfulLocales(default = "en-US"),
-    defaults = StorageDefaults(consent = true),
     debug = BuildConfig.DEBUG,
 )
 
@@ -185,15 +185,15 @@ tracking, screen tracking, live updates, preview-panel overrides, and shared moc
 
 ### Common options
 
-| Option              | Required? | Default  | Description                                                                                         |
-| ------------------- | --------- | -------- | --------------------------------------------------------------------------------------------------- |
-| `clientId`          | Yes       | None     | Optimization client identifier used for Experience API and Insights API calls.                      |
-| `environment`       | No        | `master` | Contentful environment name used by the Optimization APIs.                                          |
-| `contentfulLocales` | No        | `null`   | Contentful locale configuration used to resolve `client.locale` for app-owned CDA requests.         |
-| `locale`            | No        | Runtime  | Initial app/content locale candidate. When omitted, the SDK can resolve from `LocaleList`.          |
-| `api.locale`        | No        | `null`   | Explicit Experience API locale override for localized profile fields.                               |
-| `defaults`          | No        | `null`   | Initial persisted-state seeds such as consent or profile values, applied only when no value exists. |
-| `debug`             | No        | `false`  | Enables SDK diagnostic logging.                                                                     |
+| Option              | Required? | Default  | Description                                                                                 |
+| ------------------- | --------- | -------- | ------------------------------------------------------------------------------------------- |
+| `clientId`          | Yes       | None     | Optimization client identifier used for Experience API and Insights API calls.              |
+| `environment`       | No        | `master` | Contentful environment name used by the Optimization APIs.                                  |
+| `contentfulLocales` | No        | `null`   | Contentful locale configuration used to resolve `client.locale` for app-owned CDA requests. |
+| `locale`            | No        | Runtime  | Initial app/content locale candidate. When omitted, the SDK can resolve from `LocaleList`.  |
+| `api.locale`        | No        | `null`   | Explicit Experience API locale override for localized profile fields.                       |
+| `defaults`          | No        | `null`   | Initial persisted-state seeds such as consent, persistence consent, or profile values.      |
+| `debug`             | No        | `false`  | Enables SDK diagnostic logging.                                                             |
 
 `OptimizationRoot` and `OptimizationManager.initialize(...)` also accept global `trackViews`,
 `trackTaps`, and `liveUpdates` defaults. `OptimizedEntry` and `OptimizedEntryView` can override
@@ -238,13 +238,37 @@ For the full locale model, see
 For the single-locale CDA entry contract, see
 [Entry personalization and variant resolution](../../documentation/concepts/entry-personalization-and-variant-resolution.md#single-locale-cda-entry-contract).
 
+### Consent and persistence
+
+SDK state is persisted with `SharedPreferences`. For default-on application policies that do not
+render an end-user consent UI, set `defaults = StorageDefaults(consent = true)` on
+`OptimizationConfig`:
+
+```kotlin
+val config = OptimizationConfig(
+    clientId = "your-client-id",
+    defaults = StorageDefaults(consent = true),
+)
+```
+
+When application policy depends on user choice, leave consent unset and call `client.consent(true)`
+or `client.consent(false)` from the application-owned control. Boolean consent calls control both
+event emission and durable profile-continuity persistence by default. Use
+`client.consent(events = true, persistence = false)` when events are allowed but continuity should
+stay session-only. For cross-SDK consent guidance, see
+[Consent management in the Optimization SDK Suite](../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+When durable profile-continuity persistence is allowed, the Android SDK settles the
+`SharedPreferences` write for profile, changes, personalizations, and anonymous ID before publishing
+the corresponding client state. Application code and E2E tests can wait for SDK-derived state rather
+than adding storage-timing delays before relaunching.
+
 ## Runtime notes
 
 - The SDK library manifest declares the required network permissions and the non-exported preview
   panel Activity.
 - No JavaScript bridge setup is required in consuming applications. The generated QuickJS bundle is
   packaged inside the AAR.
-- SDK state is persisted with `SharedPreferences`.
 - Analytics events queue while the device is offline and flush when connectivity returns or the app
   moves toward the background.
 - For bridge architecture and maintainer build details, see
diff --git a/packages/ios/AGENTS.md b/packages/ios/AGENTS.md
index 3ad13ce6..c2db4e7c 100644
--- a/packages/ios/AGENTS.md
+++ b/packages/ios/AGENTS.md
@@ -1,36 +1,24 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
+Native iOS package work under `ContentfulOptimization/`; the shared JavaScriptCore bridge comes from
+`packages/universal/optimization-js-bridge/`.
 
-## Scope
+## Rules
 
-This directory owns native iOS package work: the Swift Package under `ContentfulOptimization/`. The
-shared JavaScriptCore bridge it consumes lives under `packages/universal/optimization-js-bridge/`.
-
-## Key paths
-
-- `ContentfulOptimization/` - Swift Package, public Swift API, native runtime, resources, and tests
-- `CODE_MAP.md` - current architecture map for native iOS work
-- `README.md` - package status and public-facing notes
-
-## Local rules
-
-- Keep Swift bridge calls, JSON payload shapes, and callback behavior aligned with
-  `packages/universal/optimization-js-bridge/src/index.ts`.
-- Keep the bridge bundle flow one-way: edit TypeScript bridge source, build the bridge package, and
-  let its build copy the generated UMD into Swift package resources.
+- Keep Swift bridge calls, JSON payloads, and callbacks aligned with the shared bridge source.
+- Bridge bundle flow is one-way: edit TypeScript bridge source, build the bridge package, and let
+  the build copy the UMD into Swift package resources.
 - Do not hand-edit
   `ContentfulOptimization/Sources/ContentfulOptimization/Resources/optimization-ios-bridge.umd.js`.
-- Native Swift SDK behavior belongs in `ContentfulOptimization/`. Shared optimization logic belongs
+- Native Swift SDK behavior belongs in `ContentfulOptimization/`; shared optimization logic belongs
   in `packages/universal/core-sdk`.
-- Keep iOS preview-panel behavior aligned with React Native preview-panel behavior when changing
-  shared preview contracts.
-- Keep `README.md` and `CODE_MAP.md` aligned with current repository reality when touching iOS
-  package structure or public status.
+- Keep iOS preview-panel behavior aligned with React Native and Android when changing shared preview
+  contracts.
+- Keep `README.md` and `CODE_MAP.md` current when touching iOS package structure or public status.
 
-## Cross-boundary validation
+## Validate
 
 - Use the nearest child `AGENTS.md` for bridge or Swift package commands.
 - Rebuild the bridge before relying on Swift or XCUITest results when bridge source changed.
-- Validate `implementations/ios-sdk` XCUITest flows when runtime tracking, preview-panel behavior,
-  JavaScriptCore integration, or cross-platform preview contracts change.
+- Validate `implementations/ios-sdk` XCUITest flows for runtime tracking, preview-panel behavior,
+  JavaScriptCore integration, or cross-platform preview contract changes.
diff --git a/packages/ios/ContentfulOptimization/AGENTS.md b/packages/ios/ContentfulOptimization/AGENTS.md
index b95340e1..39268e9c 100644
--- a/packages/ios/ContentfulOptimization/AGENTS.md
+++ b/packages/ios/ContentfulOptimization/AGENTS.md
@@ -1,47 +1,34 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/ios/AGENTS.md` before this
-file.
+Swift Package for the native iOS and macOS SDK layer: public Swift API, SwiftUI helpers, tracking,
+persistence, JavaScriptCore lifecycle, preview-panel UI, native polyfills, resources, and tests.
 
-## Scope
+## Rules
 
-This Swift Package owns the native iOS and macOS SDK layer: public Swift API, SwiftUI helpers,
-tracking, persistence, JavaScriptCore lifecycle, preview-panel UI, native polyfills, resources, and
-Swift tests.
-
-## Key paths
-
-- `Sources/ContentfulOptimization/`
-- `Sources/ContentfulOptimization/Resources/`
-- `Tests/ContentfulOptimizationTests/`
-- `Package.swift`
-
-## Local rules
-
-- Keep native runtime concerns here. TypeScript bridge behavior belongs in
-  `../../universal/optimization-js-bridge/`; shared optimization behavior belongs in
+- Keep native runtime concerns here; TypeScript bridge behavior belongs in
+  `../../universal/optimization-js-bridge/`, and shared optimization behavior belongs in
   `packages/universal/core-sdk`.
-- Treat `Resources/optimization-ios-bridge.umd.js` as generated bridge output. It is gitignored and
-  not committed; build it by running `@contentful/optimization-js-bridge` (`pnpm run ios:bridge`)
-  before `swift build`/`swift test`, and never hand-edit the copied file.
-- This package is published to the generated distribution repo `contentful/optimization.swift` by
-  `.github/workflows/publish-spm.yaml` on each `v*` release. The mirror is generated output; nobody
-  pushes to it by hand. Files in this directory (sources, `Package.swift`, polyfills, `README.md`,
-  `LICENSE`) are what ships, so keep them consumer-facing and free of monorepo-internal references.
-- Keep Swift payload models and bridge method expectations aligned with
-  `../../universal/optimization-js-bridge/src/index.ts`.
-- Keep resource additions reflected in `Package.swift` when they must ship with the Swift package.
-- Preserve the package platform constraints in `Package.swift` unless the task explicitly changes
-  supported platforms.
-- Validate the native iOS reference app when public SwiftUI, preview-panel, tracking, storage,
-  network, or JavaScriptCore lifecycle behavior changes.
+- Treat `Resources/optimization-ios-bridge.umd.js` as generated, gitignored bridge output. Build
+  `@contentful/optimization-js-bridge` (`pnpm ios:bridge`) before Swift build/test and never
+  hand-edit the copied file.
+- This directory is what ships to the generated `contentful/optimization.swift` distribution repo;
+  keep shipped files consumer-facing and free of monorepo-internal references.
+- Keep Swift payload models and bridge methods aligned with the shared bridge source.
+- Keep resource additions reflected in `Package.swift` and preserve platform constraints unless the
+  task explicitly changes supported platforms.
 
 ## Commands
 
 - From `packages/ios/ContentfulOptimization/`: `swift test`
-- `pnpm --filter @contentful/optimization-js-bridge build`
-
-## Usually validate
+- Bridge build: `pnpm --filter @contentful/optimization-js-bridge build`
+- Downstream XCUITest after SDK runtime or UI adapter changes:
+  `pnpm implementation:run -- ios-sdk test:e2e:ios:build:release`, then
+  `IOS_SCHEME=SwiftUI pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`, and
+  `IOS_SCHEME=UIKit pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`.
+- Target a suite with
+  `IOS_SCHEME=SwiftUI IOS_ONLY_TESTING=<target-or-class> pnpm implementation:run -- ios-sdk test:e2e:ios:run:release`.
+
+## Validate
 
 - Run Swift package tests for Swift source or resource changes.
 - Rebuild the bridge before Swift tests when the copied JavaScriptCore bridge resource changed.
diff --git a/packages/ios/ContentfulOptimization/README.md b/packages/ios/ContentfulOptimization/README.md
index 9120abb3..28ce47bf 100644
--- a/packages/ios/ContentfulOptimization/README.md
+++ b/packages/ios/ContentfulOptimization/README.md
@@ -100,6 +100,35 @@ try client.initialize(
 let result = try await client.screen(name: "Home")
 ```
 
+## Consent
+
+Consent policy remains application-owned. Boolean consent controls both event emission and durable
+profile-continuity persistence by default:
+
+```swift
+let config = OptimizationConfig(
+    clientId: "<your-client-id>",
+    defaults: StorageDefaults(consent: true)
+)
+```
+
+Use that default when application policy permits Optimization by default and no end-user consent UI
+is rendered. When application policy depends on user choice, call consent from the app's controls:
+
+```swift
+client.consent(true)
+client.consent(false)
+```
+
+Use split consent when events are allowed but profile continuity should stay session-only:
+
+```swift
+client.consent(events: true, persistence: false)
+```
+
+For cross-SDK consent policy guidance, see
+[Consent management in the Optimization SDK Suite](https://contentful.github.io/optimization/documents/Documentation.Concepts.Consent_management_in_the_Optimization_SDK_Suite.html).
+
 ## Locale handling
 
 For a single-locale app, configure the Contentful locale default only:
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Bridge/JSContextManager.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Bridge/JSContextManager.swift
index e22f5e95..31e8c183 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Bridge/JSContextManager.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Bridge/JSContextManager.swift
@@ -15,7 +15,7 @@ final class JSContextManager {
     var onOverridesChanged: ((PreviewState) -> Void)?
 
     /// Creates the JSContext, loads polyfills and the UMD bundle, and calls `__bridge.initialize()`.
-    func initialize(config: OptimizationConfig) throws {
+    func initialize(config: OptimizationConfig, anonymousId: String? = nil) throws {
         // Create context
         guard let ctx = JSContext() else {
             throw OptimizationError.bridgeError("Failed to create JSContext")
@@ -72,7 +72,7 @@ final class JSContextManager {
         // Initialize the bridge
         let configJSON: String
         do {
-            configJSON = try config.toJSON()
+            configJSON = try config.toJSON(anonymousId: anonymousId)
         } catch {
             throw OptimizationError.configError("Failed to serialize config: \(error)")
         }
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationClient.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationClient.swift
index f349da22..68c3ac24 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationClient.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationClient.swift
@@ -85,23 +85,42 @@ public final class OptimizationClient: ObservableObject {
             log.debug("[init] experienceBaseUrl=<default>")
         }
 
-        // Load persisted state and merge into config defaults
-        store.load()
+        // Load consent state before touching profile-continuity storage.
+        store.loadConsentState()
         var mergedConfig = config
+        let configuredDefaultConsent = config.defaults?.consent
         if mergedConfig.defaults == nil {
             mergedConfig.defaults = StorageDefaults()
         }
         if mergedConfig.defaults?.consent == nil, let storedConsent = store.consent {
             mergedConfig.defaults?.consent = storedConsent
         }
-        if mergedConfig.defaults?.profile == nil, let storedProfile = store.profile {
-            mergedConfig.defaults?.profile = storedProfile
-        }
-        if mergedConfig.defaults?.changes == nil, let storedChanges = store.changes {
-            mergedConfig.defaults?.changes = storedChanges
-        }
-        if mergedConfig.defaults?.personalizations == nil, let storedP = store.personalizations {
-            mergedConfig.defaults?.personalizations = storedP
+        let requestedPersistenceConsent =
+            mergedConfig.defaults?.persistenceConsent
+            ?? configuredDefaultConsent
+            ?? store.persistenceConsent
+            ?? mergedConfig.defaults?.consent
+        mergedConfig.defaults?.persistenceConsent = requestedPersistenceConsent
+        let canLoadPersistedContinuity = mergedConfig.defaults?.persistenceConsent == true
+        let storedAnonymousId: String?
+        if canLoadPersistedContinuity {
+            store.loadProfileContinuity()
+            storedAnonymousId = store.anonymousId
+
+            if mergedConfig.defaults?.profile == nil, let storedProfile = store.profile {
+                mergedConfig.defaults?.profile = storedProfile
+            }
+            if mergedConfig.defaults?.changes == nil, let storedChanges = store.changes {
+                mergedConfig.defaults?.changes = storedChanges
+            }
+            if mergedConfig.defaults?.personalizations == nil, let storedP = store.personalizations {
+                mergedConfig.defaults?.personalizations = storedP
+            }
+        } else {
+            storedAnonymousId = nil
+            if mergedConfig.defaults?.persistenceConsent == false {
+                store.clearProfileContinuity()
+            }
         }
         locale = try mergedConfig.resolvedLocale()
 
@@ -110,7 +129,7 @@ public final class OptimizationClient: ObservableObject {
             self?.log.debug("[js:\(level)] \(msg)")
         }
 
-        try bridge.initialize(config: mergedConfig)
+        try bridge.initialize(config: mergedConfig, anonymousId: storedAnonymousId)
         isInitialized = true
         log.info("[init] SDK initialized successfully")
 
@@ -177,11 +196,23 @@ public final class OptimizationClient: ObservableObject {
         bridgeCallSyncWhenInitialized(method: "consent", args: accept ? "true" : "false")
     }
 
+    /// Set event and profile-continuity persistence consent independently.
+    public func consent(events: Bool? = nil, persistence: Bool? = nil) {
+        var fields: [String] = []
+        if let events {
+            fields.append("events: \(events ? "true" : "false")")
+        }
+        if let persistence {
+            fields.append("persistence: \(persistence ? "true" : "false")")
+        }
+        bridgeCallSyncWhenInitialized(method: "consent", args: "{\(fields.joined(separator: ","))}")
+    }
+
     /// Reset the SDK state (clears profile, changes, selected personalizations).
     public func reset() {
         guard isInitialized else { return }
         bridgeCallSyncWhenInitialized(method: "reset")
-        store.clear()
+        store.clearProfileContinuity()
     }
 
     /// Set the online/offline state.
@@ -393,7 +424,6 @@ public final class OptimizationClient: ObservableObject {
         state = .empty
         locale = nil
         selectedPersonalizations = nil
-        store.clear()
     }
 
     // MARK: - Testing
@@ -465,7 +495,9 @@ public final class OptimizationClient: ObservableObject {
         let profile = Self.extractJSONValue(dict["profile"])
         let changes = Self.extractJSONArray(dict["changes"])
         let consent = dict["consent"] as? Bool
+        let persistenceConsent = dict["persistenceConsent"] as? Bool
         let locale = dict["locale"] as? String
+        let personalizations = Self.extractJSONArray(dict["selectedPersonalizations"])
 
         if let profile = profile {
             log.info("[state] Profile updated with \(profile.keys.sorted().joined(separator: ", "))")
@@ -473,18 +505,8 @@ public final class OptimizationClient: ObservableObject {
             log.debug("[state] State update received (profile=nil, consent=\(consent.map(String.init) ?? "nil"), canPersonalize=\(dict["canPersonalize"] as? Bool ?? false))")
         }
 
-        state = OptimizationState(
-            profile: profile,
-            consent: consent,
-            canPersonalize: dict["canPersonalize"] as? Bool ?? false,
-            changes: changes,
-            locale: locale
-        )
         self.locale = locale
 
-        let personalizations = Self.extractJSONArray(dict["selectedPersonalizations"])
-        self.selectedPersonalizations = personalizations
-
         if let changes = changes {
             log.debug("[state] Changes: \(changes.count) entries")
         }
@@ -493,11 +515,26 @@ public final class OptimizationClient: ObservableObject {
         }
 
         // Persist state to storage
-        store.profile = profile
         store.consent = consent
-        store.changes = changes
-        store.personalizations = personalizations
-        store.anonymousId = (profile?["id"] as? String) ?? store.anonymousId
+        store.persistenceConsent = persistenceConsent
+        if persistenceConsent == true {
+            store.profile = profile
+            store.changes = changes
+            store.personalizations = personalizations
+            store.anonymousId = (profile?["id"] as? String) ?? store.anonymousId
+        } else if persistenceConsent == false {
+            store.clearProfileContinuity()
+        }
+
+        self.selectedPersonalizations = personalizations
+        state = OptimizationState(
+            profile: profile,
+            consent: consent,
+            persistenceConsent: persistenceConsent,
+            canPersonalize: dict["canPersonalize"] as? Bool ?? false,
+            changes: changes,
+            locale: locale
+        )
     }
 
     /// Extracts a JSON-compatible dictionary from a value that may be NSNull, nil, or a dict.
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationConfig.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationConfig.swift
index a38d627e..9b3ba12f 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationConfig.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationConfig.swift
@@ -90,17 +90,20 @@ private func getFallbackMatchKeys(_ matchKey: String) -> [String] {
 /// Defaults that can be restored from persistent storage.
 public struct StorageDefaults {
     public var consent: Bool?
+    public var persistenceConsent: Bool?
     public var profile: [String: Any]?
     public var changes: [[String: Any]]?
     public var personalizations: [[String: Any]]?
 
     public init(
         consent: Bool? = nil,
+        persistenceConsent: Bool? = nil,
         profile: [String: Any]? = nil,
         changes: [[String: Any]]? = nil,
         personalizations: [[String: Any]]? = nil
     ) {
         self.consent = consent
+        self.persistenceConsent = persistenceConsent
         self.profile = profile
         self.changes = changes
         self.personalizations = personalizations
@@ -172,7 +175,10 @@ public struct OptimizationConfig {
     }
 
     /// Serializes config to a JSON string for passing to the JS bridge.
-    func toJSON(localeCandidates: [String] = Locale.preferredLanguages) throws -> String {
+    func toJSON(
+        localeCandidates: [String] = Locale.preferredLanguages,
+        anonymousId: String? = nil
+    ) throws -> String {
         var dict: [String: Any] = [
             "clientId": clientId,
             "environment": environment,
@@ -196,21 +202,26 @@ public struct OptimizationConfig {
             let apiLocale = try normalizeExplicitLocale(configuredApiLocale, name: "api.locale")
             dict["api"] = ["locale": apiLocale]
         }
-
-        if let defaults = defaults {
+        if defaults != nil || anonymousId != nil {
             var defaultsDict: [String: Any] = [:]
-            if let consent = defaults.consent {
+            if let consent = defaults?.consent {
                 defaultsDict["consent"] = consent
             }
-            if let profile = defaults.profile {
+            if let persistenceConsent = defaults?.persistenceConsent {
+                defaultsDict["persistenceConsent"] = persistenceConsent
+            }
+            if let profile = defaults?.profile {
                 defaultsDict["profile"] = profile
             }
-            if let changes = defaults.changes {
+            if let changes = defaults?.changes {
                 defaultsDict["changes"] = changes
             }
-            if let personalizations = defaults.personalizations {
+            if let personalizations = defaults?.personalizations {
                 defaultsDict["optimizations"] = personalizations
             }
+            if let anonymousId {
+                defaultsDict["anonymousId"] = anonymousId
+            }
             if !defaultsDict.isEmpty {
                 dict["defaults"] = defaultsDict
             }
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationState.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationState.swift
index e0a2f17f..3e828f8c 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationState.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/OptimizationState.swift
@@ -4,6 +4,7 @@ import Foundation
 public struct OptimizationState: Equatable {
     public var profile: [String: Any]?
     public var consent: Bool?
+    public var persistenceConsent: Bool? = nil
     public var canPersonalize: Bool
     public var changes: [[String: Any]]?
     public var locale: String? = nil
@@ -11,6 +12,7 @@ public struct OptimizationState: Equatable {
     public static let empty = OptimizationState(
         profile: nil,
         consent: nil,
+        persistenceConsent: nil,
         canPersonalize: false,
         changes: nil,
         locale: nil
@@ -25,6 +27,7 @@ public struct OptimizationState: Equatable {
 
         return lhsProfile == rhsProfile
             && lhs.consent == rhs.consent
+            && lhs.persistenceConsent == rhs.persistenceConsent
             && lhs.canPersonalize == rhs.canPersonalize
             && lhsChanges == rhsChanges
             && lhs.locale == rhs.locale
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/PreviewState.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/PreviewState.swift
index ee3b2f88..3d506d5d 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/PreviewState.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/PreviewState.swift
@@ -7,6 +7,7 @@ import Foundation
 public struct PreviewState: Codable, Sendable {
     public let profile: JSONValue?
     public let consent: Bool?
+    public let persistenceConsent: Bool?
     public let canPersonalize: Bool
     public let changes: [PreviewChange]?
     public let selectedPersonalizations: [SelectedPersonalization]?
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/PersistentStore.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/PersistentStore.swift
index 3d97c4da..2f99e7df 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/PersistentStore.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/PersistentStore.swift
@@ -4,11 +4,14 @@ import Foundation
 protocol PersistentStore {
     var profile: [String: Any]? { get set }
     var consent: Bool? { get set }
+    var persistenceConsent: Bool? { get set }
     var changes: [[String: Any]]? { get set }
     var personalizations: [[String: Any]]? { get set }
     var anonymousId: String? { get set }
     var debug: Bool { get set }
 
-    func load()
+    func loadConsentState()
+    func loadProfileContinuity()
     func clear()
+    func clearProfileContinuity()
 }
diff --git a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/UserDefaultsStore.swift b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/UserDefaultsStore.swift
index 524cd8db..85688dfe 100644
--- a/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/UserDefaultsStore.swift
+++ b/packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Storage/UserDefaultsStore.swift
@@ -9,19 +9,29 @@ final class UserDefaultsStore: PersistentStore {
     private let keyPrefix = "com.contentful.optimization."
 
     private var cache: [String: Any] = [:]
+    private let consentStateKeys = ["consent", "persistenceConsent", "debug"]
+    private let profileContinuityKeys = ["profile", "changes", "personalizations", "anonymousId"]
+    private var keys: [String] { consentStateKeys + profileContinuityKeys }
 
     init(suiteName: String = "com.contentful.optimization") {
         self.defaults = UserDefaults(suiteName: suiteName) ?? .standard
     }
 
-    func load() {
-        let keys = ["profile", "consent", "changes", "personalizations", "anonymousId", "debug"]
+    func loadConsentState() {
+        load(keys: consentStateKeys)
+    }
+
+    func loadProfileContinuity() {
+        load(keys: profileContinuityKeys)
+    }
+
+    private func load(keys: [String]) {
         for key in keys {
             let fullKey = keyPrefix + key
             guard let data = defaults.data(forKey: fullKey) else { continue }
 
             switch key {
-            case "consent":
+            case "consent", "persistenceConsent":
                 if let str = String(data: data, encoding: .utf8) {
                     cache[key] = str
                 }
@@ -42,13 +52,19 @@ final class UserDefaultsStore: PersistentStore {
     }
 
     func clear() {
-        let keys = ["profile", "consent", "changes", "personalizations", "anonymousId", "debug"]
         for key in keys {
             defaults.removeObject(forKey: keyPrefix + key)
         }
         cache.removeAll()
     }
 
+    func clearProfileContinuity() {
+        for key in profileContinuityKeys {
+            defaults.removeObject(forKey: keyPrefix + key)
+            cache.removeValue(forKey: key)
+        }
+    }
+
     // MARK: - Properties
 
     var profile: [String: Any]? {
@@ -75,6 +91,24 @@ final class UserDefaultsStore: PersistentStore {
         }
     }
 
+    var persistenceConsent: Bool? {
+        get {
+            guard let str = cache["persistenceConsent"] as? String else {
+                return consent == true ? true : nil
+            }
+            switch str {
+            case "accepted": return true
+            case "denied": return false
+            default: return nil
+            }
+        }
+        set {
+            let translated: String? = newValue.map { $0 ? "accepted" : "denied" }
+            cache["persistenceConsent"] = translated
+            writeString(translated, forKey: "persistenceConsent")
+        }
+    }
+
     var changes: [[String: Any]]? {
         get { cache["changes"] as? [[String: Any]] }
         set {
diff --git a/packages/ios/ContentfulOptimization/Tests/ContentfulOptimizationTests/OptimizationClientTests.swift b/packages/ios/ContentfulOptimization/Tests/ContentfulOptimizationTests/OptimizationClientTests.swift
index ee052a32..ee141002 100644
--- a/packages/ios/ContentfulOptimization/Tests/ContentfulOptimizationTests/OptimizationClientTests.swift
+++ b/packages/ios/ContentfulOptimization/Tests/ContentfulOptimizationTests/OptimizationClientTests.swift
@@ -5,6 +5,16 @@ import XCTest
 
 final class OptimizationClientTests: XCTestCase {
 
+    override func setUp() {
+        super.setUp()
+        UserDefaultsStore().clear()
+    }
+
+    override func tearDown() {
+        UserDefaultsStore().clear()
+        super.tearDown()
+    }
+
     // MARK: - Config Tests
 
     func testConfigToJSON() throws {
@@ -27,6 +37,32 @@ final class OptimizationClientTests: XCTestCase {
         XCTAssertEqual(dict["locale"] as? String, "en-US")
     }
 
+    func testConfigToJSONSerializesPersistenceConsentDefault() throws {
+        let config = OptimizationConfig(
+            clientId: "test-client",
+            defaults: StorageDefaults(consent: true, persistenceConsent: false)
+        )
+
+        let json = try config.toJSON()
+        let data = json.data(using: .utf8)!
+        let dict = try JSONSerialization.jsonObject(with: data) as! [String: Any]
+        let defaults = dict["defaults"] as? [String: Any]
+
+        XCTAssertEqual(defaults?["consent"] as? Bool, true)
+        XCTAssertEqual(defaults?["persistenceConsent"] as? Bool, false)
+    }
+
+    func testConfigToJSONSerializesBridgeOnlyAnonymousIdDefault() throws {
+        let config = OptimizationConfig(clientId: "test-client")
+
+        let json = try config.toJSON(anonymousId: "anonymous-id")
+        let data = json.data(using: .utf8)!
+        let dict = try JSONSerialization.jsonObject(with: data) as! [String: Any]
+        let defaults = dict["defaults"] as? [String: Any]
+
+        XCTAssertEqual(defaults?["anonymousId"] as? String, "anonymous-id")
+    }
+
     func testConfigToJSONResolvesContentfulLocales() throws {
         let config = OptimizationConfig(
             clientId: "test-client",
@@ -390,7 +426,8 @@ final class OptimizationClientTests: XCTestCase {
         if let data = stateStr.data(using: .utf8),
            let dict = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
         {
-            XCTAssertTrue(dict.keys.contains("consent"))
+            XCTAssertNil(dict["consent"])
+            XCTAssertNil(dict["persistenceConsent"])
             XCTAssertTrue(dict.keys.contains("canPersonalize"))
             XCTAssertTrue(dict.keys.contains("selectedPersonalizations"))
         } else {
@@ -508,6 +545,7 @@ final class OptimizationClientTests: XCTestCase {
 
         // Should not throw
         client.consent(true)
+        client.consent(events: true, persistence: false)
         client.consent(false)
     }
 
@@ -527,6 +565,152 @@ final class OptimizationClientTests: XCTestCase {
         client.reset()
     }
 
+    @MainActor
+    func testClientResetPreservesConsentAndClearsProfileContinuity() async throws {
+        let client = OptimizationClient()
+        try client.initialize(config: OptimizationConfig(
+            clientId: "test-client",
+            environment: "master",
+            experienceBaseUrl: "http://localhost:8000/experience/",
+            insightsBaseUrl: "http://localhost:8000/insights/",
+            defaults: StorageDefaults(
+                consent: true,
+                persistenceConsent: true,
+                profile: ["id": "profile-before-reset", "stableId": "sid", "random": "r"],
+                changes: [["key": "hero.title", "type": "Variable", "value": "Hello"]],
+                personalizations: [["experienceId": "exp-1", "variantIndex": 1]]
+            )
+        ))
+
+        try await Task.sleep(nanoseconds: 200_000_000)
+        client.reset()
+
+        let store = UserDefaultsStore()
+        store.loadConsentState()
+        store.loadProfileContinuity()
+        XCTAssertEqual(store.consent, true)
+        XCTAssertEqual(store.persistenceConsent, true)
+        XCTAssertNil(store.profile)
+        XCTAssertNil(store.changes)
+        XCTAssertNil(store.personalizations)
+        XCTAssertNil(store.anonymousId)
+    }
+
+    @MainActor
+    func testClientDestroyPreservesStoredConsentAndProfileContinuity() async throws {
+        let client = OptimizationClient()
+        try client.initialize(config: OptimizationConfig(
+            clientId: "test-client",
+            environment: "master",
+            experienceBaseUrl: "http://localhost:8000/experience/",
+            insightsBaseUrl: "http://localhost:8000/insights/",
+            defaults: StorageDefaults(
+                consent: true,
+                persistenceConsent: true,
+                profile: ["id": "profile-before-destroy", "stableId": "sid", "random": "r"],
+                changes: [["key": "hero.title", "type": "Variable", "value": "Hello"]],
+                personalizations: [["experienceId": "exp-1", "variantIndex": 1]]
+            )
+        ))
+
+        try await Task.sleep(nanoseconds: 200_000_000)
+        client.destroy()
+
+        let store = UserDefaultsStore()
+        store.loadConsentState()
+        store.loadProfileContinuity()
+        XCTAssertEqual(store.consent, true)
+        XCTAssertEqual(store.persistenceConsent, true)
+        XCTAssertEqual(store.profile?["id"] as? String, "profile-before-destroy")
+        XCTAssertNotNil(store.changes)
+        XCTAssertNotNil(store.personalizations)
+        XCTAssertEqual(store.anonymousId, "profile-before-destroy")
+    }
+
+    func testStoreLoadConsentStateDoesNotLoadProfileContinuity() {
+        let store = UserDefaultsStore()
+        store.consent = true
+        store.persistenceConsent = true
+        store.profile = ["id": "profile-id", "stableId": "sid", "random": "r"]
+        store.changes = [["key": "hero.title", "type": "Variable", "value": "Hello"]]
+        store.personalizations = [["experienceId": "exp-1", "variantIndex": 1]]
+        store.anonymousId = "anonymous-id"
+
+        let reloadedStore = UserDefaultsStore()
+        reloadedStore.loadConsentState()
+
+        XCTAssertEqual(reloadedStore.consent, true)
+        XCTAssertEqual(reloadedStore.persistenceConsent, true)
+        XCTAssertNil(reloadedStore.profile)
+        XCTAssertNil(reloadedStore.changes)
+        XCTAssertNil(reloadedStore.personalizations)
+        XCTAssertNil(reloadedStore.anonymousId)
+
+        reloadedStore.loadProfileContinuity()
+
+        XCTAssertEqual(reloadedStore.profile?["id"] as? String, "profile-id")
+        XCTAssertEqual(reloadedStore.changes?.first?["key"] as? String, "hero.title")
+        XCTAssertEqual(reloadedStore.personalizations?.first?["experienceId"] as? String, "exp-1")
+        XCTAssertEqual(reloadedStore.anonymousId, "anonymous-id")
+    }
+
+    @MainActor
+    func testClientInitializationClearsDeniedPersistedProfileContinuity() throws {
+        let store = UserDefaultsStore()
+        store.consent = true
+        store.persistenceConsent = false
+        store.profile = ["id": "stored-profile", "stableId": "sid", "random": "r"]
+        store.changes = [["key": "hero.title", "type": "Variable", "value": "Hello"]]
+        store.personalizations = [["experienceId": "exp-1", "variantIndex": 1]]
+        store.anonymousId = "anonymous-id"
+
+        let client = OptimizationClient()
+        defer { client.destroy() }
+
+        try client.initialize(config: OptimizationConfig(
+            clientId: "test-client",
+            environment: "master",
+            experienceBaseUrl: "http://localhost:8000/experience/",
+            insightsBaseUrl: "http://localhost:8000/insights/"
+        ))
+
+        XCTAssertNil(client.getProfile())
+
+        let reloadedStore = UserDefaultsStore()
+        reloadedStore.loadConsentState()
+        reloadedStore.loadProfileContinuity()
+
+        XCTAssertEqual(reloadedStore.consent, true)
+        XCTAssertEqual(reloadedStore.persistenceConsent, false)
+        XCTAssertNil(reloadedStore.profile)
+        XCTAssertNil(reloadedStore.changes)
+        XCTAssertNil(reloadedStore.personalizations)
+        XCTAssertNil(reloadedStore.anonymousId)
+    }
+
+    @MainActor
+    func testClientInitializationRestoresAcceptedPersistedProfileContinuity() throws {
+        let store = UserDefaultsStore()
+        store.consent = true
+        store.persistenceConsent = true
+        store.profile = ["id": "stored-profile", "stableId": "sid", "random": "r"]
+        store.changes = [["key": "hero.title", "type": "Variable", "value": "Hello"]]
+        store.personalizations = [["experienceId": "exp-1", "variantIndex": 1]]
+        store.anonymousId = "anonymous-id"
+
+        let client = OptimizationClient()
+        defer { client.destroy() }
+
+        try client.initialize(config: OptimizationConfig(
+            clientId: "test-client",
+            environment: "master",
+            experienceBaseUrl: "http://localhost:8000/experience/",
+            insightsBaseUrl: "http://localhost:8000/insights/"
+        ))
+
+        XCTAssertEqual(client.getProfile()?["id"] as? String, "stored-profile")
+    }
+
     @MainActor
     func testClientSetOnlineCallsThrough() throws {
         let client = OptimizationClient()
@@ -1301,7 +1485,7 @@ final class OptimizationClientTests: XCTestCase {
             environment: "master",
             experienceBaseUrl: "http://localhost:8000/experience/",
             insightsBaseUrl: "http://localhost:8000/insights/",
-            defaults: StorageDefaults(profile: [
+            defaults: StorageDefaults(persistenceConsent: true, profile: [
                 "id": "abc-123", "stableId": "sid", "random": "r"
             ])
         ))
@@ -1322,7 +1506,7 @@ final class OptimizationClientTests: XCTestCase {
             environment: "master",
             experienceBaseUrl: "http://localhost:8000/experience/",
             insightsBaseUrl: "http://localhost:8000/insights/",
-            defaults: StorageDefaults(profile: [
+            defaults: StorageDefaults(persistenceConsent: true, profile: [
                 "id": "first-id", "stableId": "sid", "random": "r"
             ])
         ))
@@ -1337,6 +1521,7 @@ final class OptimizationClientTests: XCTestCase {
                 experienceBaseUrl: "http://localhost:8000/experience/",
                 insightsBaseUrl: "http://localhost:8000/insights/",
                 defaults: {
+                    persistenceConsent: true,
                     profile: { stableId: "sid", random: "r" }
                 }
             });
diff --git a/packages/ios/README.md b/packages/ios/README.md
index 7dcb8a55..a601ba42 100644
--- a/packages/ios/README.md
+++ b/packages/ios/README.md
@@ -91,6 +91,8 @@ locally before `swift build`/`swift test` with `pnpm run ios:bridge`, or use the
 ## Related
 
 - [iOS SDK code map](./CODE_MAP.md) - Maintainer architecture map for the native iOS package
+- [Consent management in the Optimization SDK Suite](../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md) -
+  Cross-SDK consent policy guidance
 - [Native bridge architecture](../universal/optimization-js-bridge/BRIDGE_ARCHITECTURE.md) - Shared
   bridge runtime and build notes
 - [iOS reference app](../../implementations/ios-sdk/README.md) - Native app and XCUITest surface for
diff --git a/packages/node/node-sdk/AGENTS.md b/packages/node/node-sdk/AGENTS.md
index 77f50574..90c3917a 100644
--- a/packages/node/node-sdk/AGENTS.md
+++ b/packages/node/node-sdk/AGENTS.md
@@ -1,41 +1,21 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
+Owns Node-specific SDK behavior built on `@contentful/optimization-core`.
 
-## Scope
+## Rules
 
-This package owns Node-specific SDK behavior built on top of `@contentful/optimization-core`.
-
-## Key paths
-
-- `src/`
-- `dev/`
-- `dev/server.ts`
-- `dev/index.ejs`
-- `.env.example`
-- `README.md`
-
-## Local rules
-
-- Keep this package Node-oriented. Do not add browser-only assumptions or DOM dependencies.
-- Reusable cross-platform behavior belongs in `core-sdk`.
-- The package-local harness under `dev/` is a maintained development surface, not throwaway
-  scaffolding.
-- The dev harness reads `.env` from this package directory and expects the repo-standard
-  `PUBLIC_...` keys shown in `.env.example`.
-- Keep the `dev` flow relevant and up-to-date when SDK initialization, server integration behavior,
-  or developer-facing package flows change.
+- Keep this package Node-oriented; do not add browser-only assumptions or DOM dependencies.
+- Put reusable cross-platform behavior in `core-sdk`.
+- Keep `dev/` as a maintained server-integration harness. It reads `.env` from this package and
+  expects the repo-standard `PUBLIC_...` keys in `.env.example`.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-node typecheck`
-- `pnpm --filter @contentful/optimization-node test:unit`
-- `pnpm --filter @contentful/optimization-node build`
-- `pnpm --filter @contentful/optimization-node size:check`
-- `pnpm --filter @contentful/optimization-node dev`
+- `pnpm --filter @contentful/optimization-node <script>` with `typecheck`, `test:unit`, `build`,
+  `size:check`, or `dev`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck`, `test:unit`, and `build`.
-- Validate the package-local `dev` flow itself when changing flows it is meant to exercise.
-- Validate `implementations/node-sdk` E2E when runtime or SSR behavior changes.
+- Validate the package-local `dev` flow when changing flows it exercises.
+- Validate `implementations/node-sdk` E2E for runtime or SSR behavior changes.
diff --git a/packages/node/node-sdk/README.md b/packages/node/node-sdk/README.md
index b60a3668..415fb8b1 100644
--- a/packages/node/node-sdk/README.md
+++ b/packages/node/node-sdk/README.md
@@ -60,8 +60,7 @@ Import the Optimization class; both CJS and ESM module systems are supported, ES
 import ContentfulOptimization from '@contentful/optimization-node'
 ```
 
-Create the SDK once per module or process, then pass request-scoped event context inside each
-incoming request:
+Create the SDK once per module or process, then bind consent and request context in each route:
 
 ```ts
 const optimization = new ContentfulOptimization({
@@ -72,14 +71,26 @@ const optimization = new ContentfulOptimization({
   },
 })
 
-async function renderRequest(req: { headers: { 'accept-language'?: string } }, profileId: string) {
+function appPolicyAllowsOptimizationEvent(req: { cookies?: Record<string, string> }): boolean {
+  return req.cookies?.['app-personalization-consent'] === 'granted'
+}
+
+async function renderRequest(
+  req: { cookies?: Record<string, string>; headers: { 'accept-language'?: string } },
+  profileId: string,
+) {
   const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
+  const requestOptimization = optimization.forRequest({
+    consent: {
+      events: appPolicyAllowsOptimizationEvent(req),
+      persistence: appPolicyAllowsOptimizationEvent(req),
+    },
+    eventContext: { locale: eventLocale },
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile: { id: profileId },
+  })
 
-  return await optimization.page(
-    { locale: eventLocale, profile: { id: profileId } },
-    requestOptions,
-  )
+  return await requestOptimization.page()
 }
 ```
 
@@ -93,18 +104,20 @@ are part of the same application.
 ## Common configuration
 
 The Node SDK is stateless. It does not maintain consent, profile, or browser persistence state
-between requests.
-
-| Option              | Required? | Default               | Description                                                 |
-| ------------------- | --------- | --------------------- | ----------------------------------------------------------- |
-| `clientId`          | Yes       | N/A                   | Shared API key for Experience API and Insights API requests |
-| `environment`       | No        | `'main'`              | Contentful environment identifier                           |
-| `api`               | No        | See API options below | Experience API and Insights API endpoint options            |
-| `app`               | No        | `undefined`           | Application metadata attached to outgoing event context     |
-| `contentfulLocales` | No        | `undefined`           | Contentful locale codes used by `resolveRequestLocale()`    |
-| `fetchOptions`      | No        | SDK defaults          | Fetch timeout and retry behavior                            |
-| `eventBuilder`      | No        | Node SDK defaults     | Event metadata overrides for SDK-layer authors              |
-| `logLevel`          | No        | `'error'`             | Minimum log level for the default console sink              |
+between requests. For cross-SDK consent guidance, see
+[Consent management in the Optimization SDK Suite](../../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+| Option              | Required? | Default                | Description                                                 |
+| ------------------- | --------- | ---------------------- | ----------------------------------------------------------- |
+| `clientId`          | Yes       | N/A                    | Shared API key for Experience API and Insights API requests |
+| `environment`       | No        | `'main'`               | Contentful environment identifier                           |
+| `api`               | No        | See API options below  | Experience API and Insights API endpoint options            |
+| `app`               | No        | `undefined`            | Application metadata attached to outgoing event context     |
+| `contentfulLocales` | No        | `undefined`            | Contentful locale codes used by `resolveRequestLocale()`    |
+| `fetchOptions`      | No        | SDK defaults           | Fetch timeout and retry behavior                            |
+| `allowedEventTypes` | No        | `['identify', 'page']` | Event types allowed before request event consent is granted |
+| `eventBuilder`      | No        | Node SDK defaults      | Event metadata overrides for SDK-layer authors              |
+| `logLevel`          | No        | `'error'`              | Minimum log level for the default console sink              |
 
 Common `api` options:
 
@@ -114,7 +127,8 @@ Common `api` options:
 | `insightsBaseUrl`   | No        | `'https://ingest.insights.ninetailed.co/'` | Base URL for the Insights API                    |
 | `enabledFeatures`   | No        | `['ip-enrichment', 'location']`            | Experience API features to apply to each request |
 
-Request-scoped Experience options belong in the final argument to stateless event methods:
+Request-scoped Experience options belong in `experienceOptions` when creating the request-bound
+client:
 
 | Option      | Description                                                   |
 | ----------- | ------------------------------------------------------------- |
@@ -157,30 +171,57 @@ For every option, callback payload, and exported type, use the generated
 
 ### Request-scoped events
 
-Build event context from the incoming request, then call `page()`, `identify()`, `screen()`,
-`track()`, or sticky `trackView()` when optimization data is needed:
+Build event context from the incoming request, bind application-owned consent state with
+`forRequest()`, then call `page()`, `identify()`, `screen()`, `track()`, or sticky `trackView()` on
+the returned request object:
 
 ```ts
 import type { Request } from 'express'
 
 app.get('/products/:slug', async (req, res) => {
   const { contentfulLocale, eventLocale } = optimization.resolveRequestLocale(req)
-  const requestOptions = contentfulLocale ? { locale: contentfulLocale } : undefined
-  const optimizationData = await optimization.page(
-    {
+  const requestOptimization = optimization.forRequest({
+    consent: {
+      events: appPolicyAllowsOptimizationEvent(req),
+      persistence: appPolicyAllowsOptimizationEvent(req),
+    },
+    eventContext: {
       locale: eventLocale,
-      profile: { id: req.cookies.profileId },
-      properties: { path: req.path },
     },
-    requestOptions,
-  )
+    experienceOptions: contentfulLocale ? { locale: contentfulLocale } : undefined,
+    profile: { id: req.cookies.profileId },
+  })
+  const optimizationData = await requestOptimization.page({
+    properties: { path: req.path },
+  })
+
+  if (requestOptimization.canPersistProfile && optimizationData?.profile.id) {
+    persistProfileId(res, optimizationData.profile.id)
+  }
 
   res.render('product', { optimizationData })
 })
 ```
 
-In stateless runtimes, Insights-backed methods require a profile for delivery. Non-sticky
-`trackView`, `trackClick`, `trackHover`, and `trackFlagView` require `payload.profile.id`.
+For default-on application policies that do not render an end-user consent UI, replace the
+request-specific consent lookup with accepted consent:
+
+```ts
+const requestOptimization = optimization.forRequest({
+  consent: { events: true, persistence: true },
+  eventContext: { locale: eventLocale },
+  profile,
+})
+```
+
+Node SDK event calls fail closed except for the default pre-consent allowlist, `identify` and
+`page`. Those allowlisted events are sent with `context.gdpr.isConsentGiven: false` when request
+event consent is not granted. Pass `allowedEventTypes: []` to require strict opt-in for all
+stateless event methods.
+
+In stateless runtimes, Insights-backed methods require a request-bound profile for delivery.
+Non-sticky `trackView`, `trackClick`, `trackHover`, and `trackFlagView` require a profile ID passed
+to `forRequest()`.
 
 ### Content resolution
 
diff --git a/packages/node/node-sdk/dev/server.ts b/packages/node/node-sdk/dev/server.ts
index a22206b2..d3f4a151 100644
--- a/packages/node/node-sdk/dev/server.ts
+++ b/packages/node/node-sdk/dev/server.ts
@@ -7,7 +7,7 @@ import rateLimit from 'express-rate-limit'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import ContentfulOptimization from '../src'
-import type { OptimizationData, PartialProfile, SelectedOptimization } from '../src/api-schemas'
+import type { PartialProfile, Profile, SelectedOptimization } from '../src/api-schemas'
 import { isMergeTagEntry } from '../src/api-schemas'
 
 /* eslint-disable @typescript-eslint/naming-convention -- standardized var names */
@@ -151,35 +151,83 @@ function resetState(profileId?: unknown): void {
   profileState.set(profileId.trim(), { consent: false })
 }
 
-app.get('/', limiter, async (req, res) => {
-  let profileId = isNonEmptyString(req.query.profileId) ? req.query.profileId.trim() : undefined
+function applyRequestState({
+  consent,
+  profileId,
+  reset,
+  userId,
+}: {
+  consent?: unknown
+  profileId?: unknown
+  reset?: unknown
+  userId?: unknown
+}): string | undefined {
+  const requestProfileId = isNonEmptyString(profileId) ? profileId.trim() : undefined
 
-  if (req.query.reset === 'true') {
-    resetState(profileId)
-    profileId = undefined
-  } else {
-    updateState({
-      profileId,
-      consent: req.query.consent,
-      userId: req.query.userId,
-    })
+  if (reset === 'true') {
+    resetState(requestProfileId)
+    return undefined
   }
 
-  const { consent, userId } = profileId ? (profileState.get(profileId) ?? {}) : {}
+  updateState({
+    profileId: requestProfileId,
+    consent,
+    userId,
+  })
 
+  return requestProfileId
+}
+
+async function getRequestOptimizationData({
+  consent,
+  profileId,
+  userId,
+}: {
+  consent?: boolean
+  profileId?: string
+  userId?: string
+}): Promise<{
+  profile: Profile | undefined
+  selectedOptimizations: SelectedOptimization[] | undefined
+}> {
   const requestProfile: PartialProfile | undefined =
     typeof profileId === 'string' ? { id: profileId } : undefined
 
-  let apiResponse: OptimizationData = await sdk.page({ profile: requestProfile })
+  const requestOptimization = sdk.forRequest({
+    consent: { events: consent === true, persistence: consent === true },
+    profile: requestProfile,
+  })
+  let apiResponse = await requestOptimization.page()
 
   if (isNonEmptyString(userId)) {
-    apiResponse = await sdk.identify({
+    apiResponse = await requestOptimization.identify({ userId })
+  }
+
+  const profile = apiResponse?.profile
+  const selectedOptimizations = apiResponse?.selectedOptimizations
+
+  if (requestOptimization.canPersistProfile && profile?.id !== undefined) {
+    updateState({
+      profileId: profile.id,
+      consent: consent === true ? 'true' : undefined,
       userId,
-      profile: requestProfile,
     })
   }
 
-  const { profile, selectedOptimizations } = apiResponse
+  return {
+    profile,
+    selectedOptimizations,
+  }
+}
+
+app.get('/', limiter, async (req, res) => {
+  const profileId = applyRequestState(req.query)
+  const { consent, userId } = profileId ? (profileState.get(profileId) ?? {}) : {}
+  const { profile, selectedOptimizations } = await getRequestOptimizationData({
+    consent,
+    profileId,
+    userId,
+  })
 
   const entryIds: string[] = [
     '1MwiFl4z7gkwqGYdvCmr8c', // Rich Text field Entry with Merge Tag
diff --git a/packages/node/node-sdk/package.json b/packages/node/node-sdk/package.json
index 8737fa7d..3ee1b838 100644
--- a/packages/node/node-sdk/package.json
+++ b/packages/node/node-sdk/package.json
@@ -80,8 +80,8 @@
   "buildTools": {
     "bundleSize": {
       "gzipBudgets": {
-        "index.cjs": 1800,
-        "index.mjs": 1300
+        "index.cjs": 2000,
+        "index.mjs": 1500
       }
     }
   },
@@ -90,7 +90,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "dev": "tsx watch --env-file=.env ./dev/server.ts",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
diff --git a/packages/node/node-sdk/src/ContentfulOptimization.test.ts b/packages/node/node-sdk/src/ContentfulOptimization.test.ts
index 1ddd912f..1b61960b 100644
--- a/packages/node/node-sdk/src/ContentfulOptimization.test.ts
+++ b/packages/node/node-sdk/src/ContentfulOptimization.test.ts
@@ -1,5 +1,5 @@
 import type { CoreConfig } from '@contentful/optimization-core'
-import ContentfulOptimization from './ContentfulOptimization'
+import ContentfulOptimization, { type OptimizationNodeConfig } from './ContentfulOptimization'
 import { OPTIMIZATION_NODE_SDK_NAME } from './constants'
 
 const CLIENT_ID = 'key_123'
@@ -10,6 +10,34 @@ const config: CoreConfig = {
   environment: ENVIRONMENT,
 }
 
+const OPTIMIZATION_DATA = {
+  changes: [],
+  selectedOptimizations: [],
+  profile: {
+    id: 'profile-id',
+    stableId: 'profile-id',
+    random: 1,
+    audiences: [],
+    traits: {},
+    location: {},
+    session: {
+      id: 'session-id',
+      isReturningVisitor: false,
+      landingPage: {
+        path: '/',
+        query: {},
+        referrer: '',
+        search: '',
+        title: '',
+        url: 'https://example.test/',
+      },
+      count: 1,
+      activeSessionLength: 0,
+      averageSessionLength: 0,
+    },
+  },
+}
+
 describe('ContentfulOptimization', () => {
   it('gives itself a name', () => {
     const node = new ContentfulOptimization(config)
@@ -18,6 +46,20 @@ describe('ContentfulOptimization', () => {
     expect(node.eventBuilder.library.name).toEqual(OPTIMIZATION_NODE_SDK_NAME)
   })
 
+  it('keeps constructor-level event consent out of normal Node config', () => {
+    const nodeConfig: OptimizationNodeConfig = {
+      clientId: CLIENT_ID,
+      eventBuilder: {
+        // @ts-expect-error Use forRequest() for request-scoped Node consent.
+        getConsent: () => true,
+      },
+    }
+
+    expect(nodeConfig.eventBuilder).toEqual(
+      expect.objectContaining({ getConsent: expect.any(Function) }),
+    )
+  })
+
   it('resolves request locale pairs from Accept-Language quality weights', () => {
     const node = new ContentfulOptimization({
       ...config,
@@ -140,44 +182,144 @@ describe('ContentfulOptimization', () => {
     })
   })
 
-  it('forwards request options through direct stateless event methods', async () => {
+  it('keeps unbound direct event methods unavailable from the public Node SDK', () => {
     const node = new ContentfulOptimization(config)
-    const upsertProfile = rs.spyOn(node.api.experience, 'upsertProfile').mockResolvedValue({
-      changes: [],
-      selectedOptimizations: [],
-      profile: {
-        id: 'profile-id',
-        stableId: 'profile-id',
-        random: 1,
-        audiences: [],
-        traits: {},
-        location: {},
-        session: {
-          id: 'session-id',
-          isReturningVisitor: false,
-          landingPage: {
-            path: '/',
-            query: {},
-            referrer: '',
-            search: '',
-            title: '',
-            url: 'https://example.test/',
-          },
-          count: 1,
-          activeSessionLength: 0,
-          averageSessionLength: 0,
-        },
-      },
+    // @ts-expect-error Use forRequest() before calling event methods.
+    const directPage = node.page
+
+    expect(directPage).toBeUndefined()
+  })
+
+  it('defaults request-bound Node pre-consent allowlist to identify and page', async () => {
+    const node = new ContentfulOptimization(config)
+    const upsertProfile = rs
+      .spyOn(node.api.experience, 'upsertProfile')
+      .mockResolvedValue(OPTIMIZATION_DATA)
+    const sendBatchEvents = rs.spyOn(node.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = node.forRequest({
+      consent: false,
+      profile: { id: 'profile-id' },
+    })
+
+    await requestOptimization.identify({ userId: 'user-123' })
+    await requestOptimization.page()
+    await requestOptimization.trackClick({ componentId: 'hero-banner' })
+
+    expect(node.allowedEventTypes).toEqual(['identify', 'page'])
+    expect(upsertProfile).toHaveBeenCalledTimes(2)
+    expect(
+      upsertProfile.mock.calls.map((call) => call[0].events[0]?.context.gdpr.isConsentGiven),
+    ).toEqual([false, false])
+    expect(sendBatchEvents).not.toHaveBeenCalled()
+  })
+
+  it('forwards request options through request-bound stateless event methods', async () => {
+    const node = new ContentfulOptimization(config)
+    const upsertProfile = rs
+      .spyOn(node.api.experience, 'upsertProfile')
+      .mockResolvedValue(OPTIMIZATION_DATA)
+    const requestOptimization = node.forRequest({
+      consent: true,
+      experienceOptions: { locale: 'de-DE', preflight: true },
+      profile: { id: 'profile-id' },
     })
 
-    await node.page({ profile: { id: 'profile-id' } }, { locale: 'de-DE', preflight: true })
+    await requestOptimization.page()
 
     expect(upsertProfile).toHaveBeenCalledWith(
       expect.objectContaining({
         profileId: 'profile-id',
-        events: [expect.objectContaining({ type: 'page' })],
+        events: [
+          expect.objectContaining({
+            context: expect.objectContaining({
+              gdpr: expect.objectContaining({ isConsentGiven: true }),
+            }),
+            type: 'page',
+          }),
+        ],
       }),
       expect.objectContaining({ locale: 'de-DE', preflight: true }),
     )
   })
+
+  it('uses request-bound event consent for Experience calls', async () => {
+    const node = new ContentfulOptimization(config)
+    const upsertProfile = rs
+      .spyOn(node.api.experience, 'upsertProfile')
+      .mockResolvedValue(OPTIMIZATION_DATA)
+
+    await node
+      .forRequest({ consent: true, profile: { id: 'profile-id' } })
+      .page({ locale: 'en-US' })
+    await node
+      .forRequest({ consent: false, profile: { id: 'profile-id' } })
+      .page({ locale: 'en-US' })
+
+    expect(
+      upsertProfile.mock.calls.map((call) => call[0].events[0]?.context.gdpr.isConsentGiven),
+    ).toEqual([true, false])
+  })
+
+  it('applies request-bound event consent to Insights-only calls', async () => {
+    const node = new ContentfulOptimization({
+      ...config,
+      allowedEventTypes: ['component_hover'],
+    })
+    const sendBatchEvents = rs.spyOn(node.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+
+    await node
+      .forRequest({
+        consent: true,
+        profile: { id: 'profile-id' },
+      })
+      .trackClick({ componentId: 'hero-banner' })
+    await node
+      .forRequest({
+        consent: false,
+        profile: { id: 'profile-id' },
+      })
+      .trackHover({
+        componentId: 'hero-banner',
+        hoverDurationMs: 1000,
+        hoverId: 'hover-id',
+      })
+
+    expect(
+      sendBatchEvents.mock.calls.map(([[batch]]) => batch?.events[0]?.context.gdpr.isConsentGiven),
+    ).toEqual([true, false])
+  })
+
+  it('can override the Node pre-consent allowlist', async () => {
+    const node = new ContentfulOptimization({ ...config, allowedEventTypes: [] })
+    const upsertProfile = rs
+      .spyOn(node.api.experience, 'upsertProfile')
+      .mockResolvedValue(OPTIMIZATION_DATA)
+    const requestOptimization = node.forRequest({
+      consent: false,
+      profile: { id: 'profile-id' },
+    })
+
+    await requestOptimization.page()
+
+    expect(node.allowedEventTypes).toEqual([])
+    expect(upsertProfile).not.toHaveBeenCalled()
+  })
+
+  it('ignores runtime eventBuilder getConsent overrides', async () => {
+    const eventBuilder: NonNullable<OptimizationNodeConfig['eventBuilder']> = {}
+
+    Reflect.set(eventBuilder, 'getConsent', () => false)
+
+    const node = new ContentfulOptimization({
+      ...config,
+      eventBuilder,
+    })
+    const upsertProfile = rs
+      .spyOn(node.api.experience, 'upsertProfile')
+      .mockResolvedValue(OPTIMIZATION_DATA)
+
+    await node.forRequest({ consent: true, profile: { id: 'profile-id' } }).page()
+
+    expect(upsertProfile.mock.calls[0]?.[0].events[0]?.context.gdpr.isConsentGiven).toBe(true)
+  })
 })
diff --git a/packages/node/node-sdk/src/ContentfulOptimization.ts b/packages/node/node-sdk/src/ContentfulOptimization.ts
index 7708d134..c534c22d 100644
--- a/packages/node/node-sdk/src/ContentfulOptimization.ts
+++ b/packages/node/node-sdk/src/ContentfulOptimization.ts
@@ -3,6 +3,7 @@ import {
   normalizeLocale,
   resolveContentfulLocale,
   type CoreStatelessConfig,
+  type EventType,
 } from '@contentful/optimization-core'
 import type { App } from '@contentful/optimization-core/api-schemas'
 import { OPTIMIZATION_NODE_SDK_NAME, OPTIMIZATION_NODE_SDK_VERSION } from './constants'
@@ -10,8 +11,10 @@ import { OPTIMIZATION_NODE_SDK_NAME, OPTIMIZATION_NODE_SDK_VERSION } from './con
 const DEFAULT_RUNTIME_LOCALE = 'en-US'
 const DEFAULT_ACCEPT_LANGUAGE_QUALITY = 1
 const QUALITY_PARAM_PATTERN = /;\s*q=/
+const DEFAULT_NODE_ALLOWED_EVENT_TYPES: EventType[] = ['identify', 'page']
 
 type NodeEventBuilderConfig = Partial<Omit<NonNullable<CoreStatelessConfig['eventBuilder']>, 'app'>>
+type PublicNodeEventBuilderConfig = Omit<NodeEventBuilderConfig, 'getConsent'>
 
 interface HeaderRequestLike {
   acceptsLanguages?: () => string[]
@@ -64,10 +67,13 @@ export interface OptimizationNodeConfig extends Omit<CoreStatelessConfig, 'event
    *
    * @remarks
    * Any provided fields are merged with the default Node SDK metadata.
+   * Request-scoped consent should be bound with `forRequest()`, not configured
+   * on the SDK singleton.
+   *
    * This differs from {@link CoreStatelessConfig} eventBuilder, which expects
    * a full configuration object.
    */
-  eventBuilder?: NodeEventBuilderConfig
+  eventBuilder?: PublicNodeEventBuilderConfig
 }
 
 function normalizeHeaderValue(header: unknown): string | undefined {
@@ -173,9 +179,13 @@ function getRequestLocaleCandidates(input: RequestLocaleInput): string[] {
  *   logLevel: 'info',
  * })
  *
- * const requestOptions = { locale: 'fr-CA' }
+ * const requestOptimization = sdk.forRequest({
+ *   consent: true,
+ *   experienceOptions: { locale: 'fr-CA' },
+ *   profile: { id: 'profile-id' },
+ * })
  *
- * await sdk.page({ profile: { id: 'profile-id' } }, requestOptions)
+ * await requestOptimization.page()
  * ```
  *
  * @see {@link CoreStateless}
@@ -196,11 +206,16 @@ class ContentfulOptimization extends CoreStateless {
    * const optimization = new ContentfulOptimization({ clientId: 'my-client-id' })
    * ```
    */
-  constructor({ app, eventBuilder, ...config }: OptimizationNodeConfig) {
-    const { library, ...eventBuilderConfig } = eventBuilder ?? {}
+  constructor({ app, allowedEventTypes, eventBuilder, ...config }: OptimizationNodeConfig) {
+    const {
+      library,
+      getConsent: _getConsent,
+      ...eventBuilderConfig
+    } = (eventBuilder ?? {}) as NodeEventBuilderConfig
 
     super({
       ...config,
+      allowedEventTypes: allowedEventTypes ?? DEFAULT_NODE_ALLOWED_EVENT_TYPES,
       eventBuilder: {
         app,
         channel: 'server',
@@ -209,6 +224,7 @@ class ContentfulOptimization extends CoreStateless {
           version: OPTIMIZATION_NODE_SDK_VERSION,
           ...library,
         },
+        getConsent: () => false,
         ...eventBuilderConfig,
       },
     })
diff --git a/packages/react-native-sdk/AGENTS.md b/packages/react-native-sdk/AGENTS.md
index 01b8bd29..75297693 100644
--- a/packages/react-native-sdk/AGENTS.md
+++ b/packages/react-native-sdk/AGENTS.md
@@ -1,44 +1,28 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
+Owns the React Native SDK and package-local development harness.
 
-## Scope
+## Rules
 
-This package owns the React Native SDK and its package-local development harness under `dev/`.
-
-## Key paths
-
-- `src/`
-- `dev/`
-- `__mocks__/`
-- `README.md`
-
-## Local rules
-
-- Keep reusable React Native SDK logic here rather than in `implementations/react-native-sdk`.
-- `dev/` is a package-local harness, not the published SDK surface, but it is still a maintained
-  verification and development surface.
-- Keep the `dev/` harness relevant and up-to-date when SDK behavior, initialization,
-  developer-facing flows, preview behavior, navigation behavior, or configuration changes.
-- Do not let the harness drift into a stale demo that no longer exercises the important package
-  paths.
+- Keep reusable React Native SDK logic here, not in `implementations/react-native-sdk`.
+- `dev/` is a maintained harness, not the published SDK surface.
+- Keep `dev/` current for SDK behavior, initialization, preview behavior, navigation behavior,
+  configuration, and developer-facing flows.
 - Preserve optional peer dependency behavior unless the task explicitly changes it.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-react-native typecheck`
-- `pnpm --filter @contentful/optimization-react-native test:unit`
-- `pnpm --filter @contentful/optimization-react-native build`
-- `pnpm --filter @contentful/optimization-react-native size:check`
-- `pnpm --filter @contentful/optimization-react-native dev:test`
-- `pnpm --filter @contentful/optimization-react-native dev:start`
-- `pnpm --filter @contentful/optimization-react-native dev:android`
-- `pnpm --filter @contentful/optimization-react-native dev:ios`
+- `pnpm --filter @contentful/optimization-react-native <script>` with `typecheck`, `test:unit`,
+  `build`, `size:check`, `dev:test`, `dev:start`, `dev:android`, or `dev:ios`.
+- Downstream Android Detox after SDK runtime changes: `pnpm build:pkgs`, then
+  `pnpm implementation:run -- react-native-sdk implementation:install`, then
+  `pnpm implementation:run -- react-native-sdk test:e2e:android:full -- --test-file <file>`.
+- The React Native implementation's `test` script is not an E2E substitute; use
+  `test:e2e:android:full` for local Detox validation.
 
-## Usually validate
+## Validate
 
 - Run `typecheck`, `test:unit`, and `build`.
-- Run `dev:test` when changing package-local harness behavior.
-- Validate the `dev/` harness itself when changing SDK flows it is supposed to demonstrate.
-- Validate `implementations/react-native-sdk` when runtime tracking, storage, navigation, offline,
-  or preview behavior changes.
+- Run `dev:test` for harness behavior changes.
+- Validate `dev/` or `implementations/react-native-sdk` when SDK flows, runtime tracking, storage,
+  navigation, offline behavior, or preview behavior changes.
diff --git a/packages/react-native-sdk/README.md b/packages/react-native-sdk/README.md
index ab6c9919..3e2b0d23 100644
--- a/packages/react-native-sdk/README.md
+++ b/packages/react-native-sdk/README.md
@@ -40,6 +40,7 @@ source of truth for exported API signatures.
 - [Common configuration](#common-configuration)
 - [Core workflows](#core-workflows)
   - [Provider lifecycle](#provider-lifecycle)
+  - [Consent and persistence](#consent-and-persistence)
   - [Render optimized entries](#render-optimized-entries)
   - [Track entry interactions](#track-entry-interactions)
   - [Track screens](#track-screens)
@@ -119,7 +120,7 @@ Only `clientId` is required.
 | `api`                   | No        | See API options below                         | Experience API and Insights API endpoint and request options                          |
 | `contentfulLocales`     | No        | `undefined`                                   | Contentful locale codes used for SDK-assisted CDA locale resolution                   |
 | `locale`                | No        | `undefined` unless `contentfulLocales` is set | Initial app/content locale candidate; changing this prop updates the owned SDK locale |
-| `defaults`              | No        | `undefined`                                   | Initial state, commonly including consent or profile values                           |
+| `defaults`              | No        | `undefined`                                   | Initial state, commonly including consent, persistence consent, or profile values     |
 | `allowedEventTypes`     | No        | `['identify', 'screen']`                      | Event types allowed before consent is explicitly set                                  |
 | `trackEntryInteraction` | No        | `{ views: true, taps: false }`                | Default view and tap tracking for `OptimizedEntry` components                         |
 | `liveUpdates`           | No        | `false`                                       | Whether optimized entries react continuously to SDK state changes                     |
@@ -187,6 +188,40 @@ state setup is pending, runs any `onStatesReady` callback, and only then renders
 This matches the React Web provider contract, but React Native uses async effect scheduling because
 storage and platform setup cannot be completed before paint.
 
+When persistence consent permits durable profile continuity, SDK state from an Experience response
+is published only after the corresponding AsyncStorage write for that same response snapshot has
+settled or failed gracefully. AsyncStorage hydrates continuity during initialization and mirrors
+changes for the next launch; after startup, `sdk.states`, entry rendering, and tracking metadata
+read from in-memory SDK state. Application code can wait for `sdk.states.profile`,
+`sdk.states.selectedOptimizations`, or rendered SDK-derived UI instead of adding storage-timing
+delays before a relaunch-sensitive action.
+
+### Consent and persistence
+
+Consent policy remains application-owned. For default-on application policies that do not render an
+end-user consent prompt, set `defaults: { consent: true }` on `OptimizationRoot`:
+
+```tsx
+<OptimizationRoot clientId="your-client-id" defaults={{ consent: true }}>
+  <YourApp />
+</OptimizationRoot>
+```
+
+When application policy depends on user choice, leave `defaults.consent` unset and call
+`consent(true | false)` from the application-owned control. Boolean consent calls control both event
+emission and durable profile-continuity persistence by default. Use
+`consent({ events: true, persistence: false })` when events are allowed but continuity should stay
+session-only.
+
+Do not use a component effect to grant default consent for an app that has no consent prompt.
+Seeding `defaults.consent` during SDK initialization applies the persistence policy before child
+effects, screen tracking, or manual `identify()` calls can run.
+
+AsyncStorage persists consent and, when persistence consent permits it, profile-continuity state
+across app launches. It is not consulted for every live state read after initialization. For
+cross-SDK consent guidance, see
+[Consent management in the Optimization SDK Suite](../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md).
+
 ### Render optimized entries
 
 `OptimizedEntry` resolves optimized Contentful entries and passes non-optimized entries through
@@ -324,14 +359,13 @@ Enable the preview panel only in authoring or development flows and provide a Co
 
 ### Offline support
 
-AsyncStorage persists SDK state across app launches. When NetInfo is installed, the SDK can queue
-events while the device is offline and flush them after connectivity returns. Tune queue bounds and
-retry behavior with `queuePolicy` when the defaults are not appropriate for your app.
+When NetInfo is installed, the SDK can queue events while the device is offline and flush them after
+connectivity returns. When the app moves to the background or inactive state, the SDK also flushes
+queued events and drains pending AsyncStorage persistence. Tune queue bounds and retry behavior with
+`queuePolicy` when the defaults are not appropriate for your app.
 
 ## Runtime notes
 
-- Consent policy remains application-owned. The SDK stores consent and blocks non-allowed events
-  until consent is accepted.
 - `ContentfulOptimization.create(...)` is asynchronous. Prefer `OptimizationRoot` when React needs
   to own initialization.
 - View tracking defaults to enabled; tap tracking defaults to disabled.
diff --git a/packages/react-native-sdk/dev/utils/sdkHelpers.ts b/packages/react-native-sdk/dev/utils/sdkHelpers.ts
index 90b9d999..94946047 100644
--- a/packages/react-native-sdk/dev/utils/sdkHelpers.ts
+++ b/packages/react-native-sdk/dev/utils/sdkHelpers.ts
@@ -18,7 +18,7 @@ export async function initializeSDK(
       api: { experienceBaseUrl, insightsBaseUrl },
     } = ENV_CONFIG
 
-    await AsyncStorageStore.initialize()
+    await AsyncStorageStore.initializeConsentState()
     AsyncStorageStore.consent = true
 
     const sdkInstance = await ContentfulOptimization.create({
diff --git a/packages/react-native-sdk/package.json b/packages/react-native-sdk/package.json
index 90007930..be9634a2 100644
--- a/packages/react-native-sdk/package.json
+++ b/packages/react-native-sdk/package.json
@@ -131,7 +131,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
     "test:unit": "rstest run --coverage",
diff --git a/packages/react-native-sdk/src/ContentfulOptimization.test.ts b/packages/react-native-sdk/src/ContentfulOptimization.test.ts
index b6db0f83..d262ac6a 100644
--- a/packages/react-native-sdk/src/ContentfulOptimization.test.ts
+++ b/packages/react-native-sdk/src/ContentfulOptimization.test.ts
@@ -1,22 +1,45 @@
-import { describe, expect, it, rs } from '@rstest/core'
+import { batch, signals } from '@contentful/optimization-core'
+import type { OptimizationData, Profile } from '@contentful/optimization-core/api-schemas'
+import {
+  ANONYMOUS_ID_KEY,
+  CHANGES_CACHE_KEY,
+  CONSENT_KEY,
+  DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
+  PROFILE_CACHE_KEY,
+  SELECTED_OPTIMIZATIONS_CACHE_KEY,
+} from '@contentful/optimization-core/constants'
+import { beforeEach, describe, expect, it, rs } from '@rstest/core'
+
+let appStateChangeHandler: ((nextAppState: string) => void) | undefined = undefined
 
 rs.mock('react-native', () => ({
   AppState: {
-    addEventListener: rs.fn(() => ({
-      remove: rs.fn(),
-    })),
+    addEventListener: rs.fn((_event: string, handler: (nextAppState: string) => void) => {
+      appStateChangeHandler = handler
+      return {
+        remove: rs.fn(),
+      }
+    }),
   },
   Dimensions: { get: rs.fn(() => ({ width: 375, height: 667 })) },
   NativeModules: {},
   Platform: { OS: 'ios' },
 }))
 
+const asyncStorageMock = {
+  getItem: rs.fn(),
+  multiGet: rs.fn().mockResolvedValue([]),
+  multiRemove: rs.fn().mockResolvedValue(undefined),
+  multiSet: rs.fn().mockResolvedValue(undefined),
+}
+
 rs.mock('@react-native-async-storage/async-storage', () => ({
   default: {
-    getItem: rs.fn(),
-    multiGet: rs.fn().mockResolvedValue([]),
-    removeItem: rs.fn().mockResolvedValue(undefined),
-    setItem: rs.fn().mockResolvedValue(undefined),
+    getItem: asyncStorageMock.getItem,
+    multiGet: asyncStorageMock.multiGet,
+    multiRemove: asyncStorageMock.multiRemove,
+    multiSet: asyncStorageMock.multiSet,
   },
 }))
 
@@ -28,6 +51,133 @@ rs.mock('@react-native-community/netinfo', () => ({
 
 let restoreRuntimeLocale: (() => void) | undefined = undefined
 
+const DEFAULT_PROFILE: Profile = {
+  id: 'profile-id',
+  stableId: 'profile-id',
+  random: 1,
+  audiences: [],
+  traits: {},
+  location: {},
+  session: {
+    id: 'session-id',
+    isReturningVisitor: false,
+    landingPage: {
+      path: '/',
+      query: {},
+      referrer: '',
+      search: '',
+      title: '',
+      url: 'https://example.test/',
+    },
+    count: 1,
+    activeSessionLength: 0,
+    averageSessionLength: 0,
+  },
+}
+
+const IDENTIFIED_PROFILE: Profile = {
+  ...DEFAULT_PROFILE,
+  id: 'identified-profile-id',
+  stableId: 'identified-profile-id',
+  traits: { identified: true },
+}
+
+const IDENTIFIED_OPTIMIZATION_DATA: OptimizationData = {
+  changes: [],
+  profile: IDENTIFIED_PROFILE,
+  selectedOptimizations: [],
+}
+
+interface AnonymousIdProvider {
+  getAnonymousId: () => string | undefined
+}
+
+interface AsyncStorageStoreForTest {
+  drainPersistence: () => Promise<void>
+}
+
+function hasAnonymousIdProvider(value: unknown): value is AnonymousIdProvider {
+  if (typeof value !== 'object' || value === null) return false
+
+  const getAnonymousId = Reflect.get(value, 'getAnonymousId') as unknown
+
+  return typeof getAnonymousId === 'function'
+}
+
+async function resetAsyncStorageStore(): Promise<void> {
+  const module = await import('./storage/AsyncStorageStore')
+  const store = module.default
+
+  const cache: unknown = Reflect.get(store, 'cache')
+
+  Reflect.set(store, 'consentStateInitialized', false)
+  Reflect.set(store, 'persistenceQueue', Promise.resolve())
+  Reflect.set(store, 'profileContinuityInitialized', false)
+  if (cache instanceof Map) cache.clear()
+}
+
+async function getAsyncStorageStore(): Promise<AsyncStorageStoreForTest> {
+  const module = await import('./storage/AsyncStorageStore')
+  return module.default
+}
+
+async function drainAsyncStorageStore(): Promise<void> {
+  const store = await getAsyncStorageStore()
+  await store.drainPersistence()
+}
+
+function createDeferred(): { promise: Promise<void>; resolve: () => void } {
+  let deferredResolve: (() => void) | undefined
+  const promise = new Promise<void>((resolve) => {
+    deferredResolve = resolve
+  })
+
+  return {
+    promise,
+    resolve: () => {
+      deferredResolve?.()
+    },
+  }
+}
+
+async function flushPromises(): Promise<void> {
+  await Promise.resolve()
+  await Promise.resolve()
+}
+
+function hasProfileCacheEntry(entries: ReadonlyArray<[string, string]>): boolean {
+  return entries.some(([key]) => key === PROFILE_CACHE_KEY)
+}
+
+function isStorageEntries(value: unknown): value is ReadonlyArray<[string, string]> {
+  return (
+    Array.isArray(value) &&
+    value.every(
+      (entry): entry is [string, string] =>
+        Array.isArray(entry) && typeof entry[0] === 'string' && typeof entry[1] === 'string',
+    )
+  )
+}
+
+function getProfileWriteCalls(): Array<ReadonlyArray<[string, string]>> {
+  const calls: unknown = asyncStorageMock.multiSet.mock.calls
+  if (!Array.isArray(calls)) return []
+
+  const entries = calls
+    .filter((call): call is readonly [unknown, ...unknown[]] => Array.isArray(call))
+    .map(([value]) => value)
+
+  return entries.filter(isStorageEntries).filter(hasProfileCacheEntry)
+}
+
+function getAppStateChangeHandler(): (nextAppState: string) => void {
+  if (!appStateChangeHandler) {
+    throw new Error('Expected AppState change handler to be registered')
+  }
+
+  return appStateChangeHandler
+}
+
 function mockRuntimeLocale(locale: string): void {
   const formatter = new Intl.DateTimeFormat(locale)
   const dateTimeFormatSpy = rs.spyOn(Intl, 'DateTimeFormat').mockImplementation(() => formatter)
@@ -40,6 +190,27 @@ function mockRuntimeLocale(locale: string): void {
 describe('ContentfulOptimization locale resolution', () => {
   let optimization: { destroy: () => void } | undefined
 
+  beforeEach(async () => {
+    await resetAsyncStorageStore()
+    appStateChangeHandler = undefined
+    batch(() => {
+      signals.blockedEvent.value = undefined
+      signals.changes.value = undefined
+      signals.consent.value = undefined
+      signals.event.value = undefined
+      signals.locale.value = undefined
+      signals.online.value = true
+      signals.persistenceConsent.value = undefined
+      signals.previewPanelAttached.value = false
+      signals.previewPanelOpen.value = false
+      signals.profile.value = undefined
+      signals.selectedOptimizations.value = undefined
+    })
+    asyncStorageMock.multiGet.mockResolvedValue([])
+    asyncStorageMock.multiRemove.mockResolvedValue(undefined)
+    asyncStorageMock.multiSet.mockResolvedValue(undefined)
+  })
+
   afterEach(() => {
     optimization?.destroy()
     optimization = undefined
@@ -140,4 +311,223 @@ describe('ContentfulOptimization locale resolution', () => {
     expect(Reflect.get(created.api.experience, 'locale')).toBe('de-DE')
     expect(screen).not.toHaveBeenCalled()
   })
+
+  it('defaults allowedEventTypes to identify/screen for React Native', async () => {
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+    })
+    optimization = created
+
+    expect(Reflect.get(created, 'allowedEventTypes')).toEqual(['identify', 'screen'])
+  })
+
+  it('keeps explicit default profile in memory until persistence consent is granted', async () => {
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+      defaults: {
+        profile: DEFAULT_PROFILE,
+      },
+    })
+    optimization = created
+
+    expect(created.states.profile.current).toEqual(DEFAULT_PROFILE)
+    expect(getProfileWriteCalls()).toHaveLength(0)
+
+    created.consent({ persistence: true })
+    await drainAsyncStorageStore()
+
+    expect(getProfileWriteCalls()).toEqual([
+      expect.arrayContaining([[PROFILE_CACHE_KEY, JSON.stringify(DEFAULT_PROFILE)]]),
+    ])
+  })
+
+  it('does not load persisted profile continuity when persistence consent is denied', async () => {
+    asyncStorageMock.multiGet.mockResolvedValue([
+      [PERSISTENCE_CONSENT_KEY, 'denied'],
+      [PROFILE_CACHE_KEY, JSON.stringify(DEFAULT_PROFILE)],
+    ])
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+    })
+    optimization = created
+
+    expect(created.states.profile.current).toBeUndefined()
+    expect(asyncStorageMock.multiGet).toHaveBeenCalledWith([
+      CONSENT_KEY,
+      PERSISTENCE_CONSENT_KEY,
+      DEBUG_FLAG_KEY,
+    ])
+    expect(asyncStorageMock.multiGet).not.toHaveBeenCalledWith([
+      ANONYMOUS_ID_KEY,
+      CHANGES_CACHE_KEY,
+      PROFILE_CACHE_KEY,
+      SELECTED_OPTIMIZATIONS_CACHE_KEY,
+    ])
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([
+      ANONYMOUS_ID_KEY,
+      CHANGES_CACHE_KEY,
+      PROFILE_CACHE_KEY,
+      SELECTED_OPTIMIZATIONS_CACHE_KEY,
+    ])
+  })
+
+  it('loads persisted profile continuity when persistence consent is accepted', async () => {
+    asyncStorageMock.multiGet.mockImplementation(async (keys: string[]) => {
+      if (keys.includes(PROFILE_CACHE_KEY)) {
+        return await Promise.resolve([[PROFILE_CACHE_KEY, JSON.stringify(DEFAULT_PROFILE)]])
+      }
+
+      return await Promise.resolve([[PERSISTENCE_CONSENT_KEY, 'accepted']])
+    })
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+    })
+    optimization = created
+
+    expect(asyncStorageMock.multiGet).toHaveBeenNthCalledWith(1, [
+      CONSENT_KEY,
+      PERSISTENCE_CONSENT_KEY,
+      DEBUG_FLAG_KEY,
+    ])
+    expect(asyncStorageMock.multiGet).toHaveBeenNthCalledWith(2, [
+      ANONYMOUS_ID_KEY,
+      CHANGES_CACHE_KEY,
+      PROFILE_CACHE_KEY,
+      SELECTED_OPTIMIZATIONS_CACHE_KEY,
+    ])
+    expect(created.states.profile.current).toEqual(DEFAULT_PROFILE)
+  })
+
+  it('uses stored anonymous ID only while persistence consent is accepted', async () => {
+    asyncStorageMock.multiGet.mockImplementation(async (keys: string[]) => {
+      if (keys.includes(ANONYMOUS_ID_KEY)) {
+        return await Promise.resolve([[ANONYMOUS_ID_KEY, 'stored-anonymous-id']])
+      }
+
+      return await Promise.resolve([[PERSISTENCE_CONSENT_KEY, 'accepted']])
+    })
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+    })
+    optimization = created
+
+    const experienceQueue = Reflect.get(created, 'experienceQueue') as unknown
+
+    expect(hasAnonymousIdProvider(experienceQueue)).toBe(true)
+    if (!hasAnonymousIdProvider(experienceQueue)) throw new Error('Missing anonymous ID provider')
+
+    const { getAnonymousId } = experienceQueue
+
+    expect(getAnonymousId()).toBe('stored-anonymous-id')
+
+    created.consent({ persistence: false })
+
+    expect(getAnonymousId()).toBeUndefined()
+  })
+
+  it('waits for profile-continuity persistence before publishing identified state', async () => {
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+      defaults: { consent: true },
+    })
+    optimization = created
+
+    asyncStorageMock.multiSet.mockClear()
+    const profileWrite = createDeferred()
+    asyncStorageMock.multiSet.mockImplementation(
+      async (entries: ReadonlyArray<[string, string]>) => {
+        if (hasProfileCacheEntry(entries)) await profileWrite.promise
+      },
+    )
+    rs.spyOn(created.api.experience, 'upsertProfile').mockResolvedValue(
+      IDENTIFIED_OPTIMIZATION_DATA,
+    )
+
+    let identifyResolved = false
+    const identify = created.identify({ userId: 'known-user' }).then(() => {
+      identifyResolved = true
+    })
+
+    await flushPromises()
+
+    expect(created.states.profile.current).toBeUndefined()
+    expect(identifyResolved).toBe(false)
+
+    profileWrite.resolve()
+    await identify
+
+    expect(created.states.profile.current).toEqual(IDENTIFIED_PROFILE)
+    expect(getProfileWriteCalls()).toEqual([
+      expect.arrayContaining([
+        [ANONYMOUS_ID_KEY, IDENTIFIED_PROFILE.id],
+        [PROFILE_CACHE_KEY, JSON.stringify(IDENTIFIED_PROFILE)],
+      ]),
+    ])
+  })
+
+  it('publishes identified state after failed profile-continuity persistence is handled', async () => {
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+      defaults: { consent: true },
+    })
+    optimization = created
+
+    asyncStorageMock.multiSet.mockImplementation(
+      async (entries: ReadonlyArray<[string, string]>) => {
+        if (hasProfileCacheEntry(entries)) {
+          await Promise.resolve()
+          throw new Error('storage blocked')
+        }
+      },
+    )
+    rs.spyOn(created.api.experience, 'upsertProfile').mockResolvedValue(
+      IDENTIFIED_OPTIMIZATION_DATA,
+    )
+
+    await expect(created.identify({ userId: 'known-user' })).resolves.toEqual(
+      IDENTIFIED_OPTIMIZATION_DATA,
+    )
+    expect(created.states.profile.current).toEqual(IDENTIFIED_PROFILE)
+  })
+
+  it('drains pending AsyncStorage persistence when the app backgrounds', async () => {
+    const { default: ContentfulOptimization } = await import('./ContentfulOptimization')
+    const store = await getAsyncStorageStore()
+
+    const created = await ContentfulOptimization.create({
+      clientId: 'test-client-id',
+      environment: 'main',
+      defaults: { consent: true },
+    })
+    optimization = created
+    const flush = rs.spyOn(created, 'flush').mockResolvedValue(undefined)
+    const drainPersistence = rs.spyOn(store, 'drainPersistence').mockResolvedValue(undefined)
+
+    getAppStateChangeHandler()('background')
+    await flushPromises()
+
+    expect(flush).toHaveBeenCalled()
+    expect(drainPersistence).toHaveBeenCalled()
+  })
 })
diff --git a/packages/react-native-sdk/src/ContentfulOptimization.ts b/packages/react-native-sdk/src/ContentfulOptimization.ts
index 2c850815..00df2b5a 100644
--- a/packages/react-native-sdk/src/ContentfulOptimization.ts
+++ b/packages/react-native-sdk/src/ContentfulOptimization.ts
@@ -1,10 +1,11 @@
 import {
+  type ConsentInput,
   type CoreStatefulConfig,
   CoreStateful,
-  effect,
   resolveContentfulLocale,
   signals,
 } from '@contentful/optimization-core'
+import type { OptimizationData } from '@contentful/optimization-core/api-schemas'
 import { merge } from 'es-toolkit'
 import {
   OPTIMIZATION_REACT_NATIVE_SDK_NAME,
@@ -18,34 +19,70 @@ function getRuntimeLocaleCandidates(): string[] {
   return [locale]
 }
 
+function resolvePersistedDefault<T>(
+  configured: T | undefined,
+  canLoadPersistedContinuity: boolean,
+  readPersistedValue: () => T | undefined,
+): T | undefined {
+  if (configured !== undefined) return configured
+  if (!canLoadPersistedContinuity) return undefined
+
+  return readPersistedValue()
+}
+
+function resolveStorageDefaults(
+  defaults: CoreStatefulConfig['defaults'] | undefined,
+): NonNullable<CoreStatefulConfig['defaults']> {
+  const consent = defaults?.consent ?? AsyncStorageStore.consent
+  const persistenceConsent =
+    defaults?.persistenceConsent ?? defaults?.consent ?? AsyncStorageStore.persistenceConsent
+  const canLoadPersistedContinuity = persistenceConsent === true
+  const profile = resolvePersistedDefault(
+    defaults?.profile,
+    canLoadPersistedContinuity,
+    () => AsyncStorageStore.profile,
+  )
+  const changes = resolvePersistedDefault(
+    defaults?.changes,
+    canLoadPersistedContinuity,
+    () => AsyncStorageStore.changes,
+  )
+  const selectedOptimizations = resolvePersistedDefault(
+    defaults?.selectedOptimizations,
+    canLoadPersistedContinuity,
+    () => AsyncStorageStore.selectedOptimizations,
+  )
+
+  return { consent, persistenceConsent, profile, changes, selectedOptimizations }
+}
+
 async function mergeConfig({
   allowedEventTypes,
   defaults,
   logLevel,
   ...config
 }: CoreStatefulConfig): Promise<CoreStatefulConfig> {
-  await AsyncStorageStore.initialize()
+  await AsyncStorageStore.initializeConsentState()
+  const persistenceConsent =
+    defaults?.persistenceConsent ?? defaults?.consent ?? AsyncStorageStore.persistenceConsent
+
+  if (persistenceConsent === true) {
+    await AsyncStorageStore.initializeProfileContinuity()
+  } else if (persistenceConsent === false) {
+    await AsyncStorageStore.clearProfileContinuity()
+  }
+
   const locale = resolveContentfulLocale({
     candidates: getRuntimeLocaleCandidates(),
     contentfulLocales: config.contentfulLocales,
     locale: config.locale,
   })
 
-  const {
-    consent = AsyncStorageStore.consent,
-    profile = AsyncStorageStore.profile,
-    changes = AsyncStorageStore.changes,
-    selectedOptimizations = AsyncStorageStore.selectedOptimizations,
-  } = defaults ?? {}
+  const storageDefaults = resolveStorageDefaults(defaults)
 
   const mergedConfig = merge(
     {
-      defaults: {
-        consent,
-        profile,
-        changes,
-        selectedOptimizations,
-      },
+      defaults: storageDefaults,
       eventBuilder: {
         channel: 'mobile',
         library: {
@@ -54,6 +91,12 @@ async function mergeConfig({
         },
       },
       logLevel: AsyncStorageStore.debug ? 'debug' : logLevel,
+      getAnonymousId:
+        config.getAnonymousId ??
+        (() =>
+          AsyncStorageStore.persistenceConsent === true
+            ? AsyncStorageStore.anonymousId
+            : undefined),
     },
     config,
   )
@@ -67,6 +110,52 @@ async function mergeConfig({
 
 let activeOptimizationInstance: ContentfulOptimization | undefined = undefined
 
+async function enqueueConsentStatePersistence(): Promise<void> {
+  await AsyncStorageStore.writeConsentState({
+    consent: signals.consent.value,
+    persistenceConsent: signals.persistenceConsent.value,
+  })
+}
+
+async function enqueueCurrentProfileContinuityPersistence(): Promise<void> {
+  await AsyncStorageStore.writeProfileContinuity({
+    changes: signals.changes.value,
+    profile: signals.profile.value,
+    selectedOptimizations: signals.selectedOptimizations.value,
+  })
+}
+
+async function enqueueContinuityWriteForPolicy(data?: OptimizationData): Promise<void> {
+  switch (signals.persistenceConsent.value) {
+    case true:
+      await (data
+        ? AsyncStorageStore.writeProfileContinuity(data)
+        : enqueueCurrentProfileContinuityPersistence())
+      break
+    case false:
+      await AsyncStorageStore.clearProfileContinuity()
+      break
+    default:
+      await AsyncStorageStore.drainPersistence()
+  }
+}
+
+async function persistCurrentStateForPolicy(): Promise<void> {
+  const consentWrite = enqueueConsentStatePersistence()
+  const continuityWrite = enqueueContinuityWriteForPolicy()
+
+  await consentWrite
+  await continuityWrite
+}
+
+async function persistOptimizationData(data: OptimizationData): Promise<void> {
+  const consentWrite = enqueueConsentStatePersistence()
+  const continuityWrite = enqueueContinuityWriteForPolicy(data)
+
+  await consentWrite
+  await continuityWrite
+}
+
 /**
  * Main entry point for the Contentful Optimization React Native SDK.
  *
@@ -103,51 +192,23 @@ class ContentfulOptimization extends CoreStateful {
 
   private readonly cleanupAppStateListener: () => void
 
+  private readonly statePersistenceInterceptorId: number
+
   private constructor(config: CoreStatefulConfig) {
     super(config)
 
+    this.statePersistenceInterceptorId = this.interceptors.state.add(async (data) => {
+      await persistOptimizationData(data)
+      return data
+    })
+
     this.cleanupOnlineListener = createOnlineChangeListener((isOnline) => {
       this.online = isOnline
     })
 
     this.cleanupAppStateListener = createAppStateChangeListener(async () => {
       await this.flush()
-    })
-
-    effect(() => {
-      const {
-        changes: { value },
-      } = signals
-
-      AsyncStorageStore.changes = value
-    })
-
-    effect(() => {
-      const {
-        consent: { value },
-      } = signals
-
-      AsyncStorageStore.consent = value
-    })
-
-    effect(() => {
-      const {
-        profile: { value },
-      } = signals
-
-      AsyncStorageStore.profile = value
-
-      const { anonymousId: storedAnonymousId } = AsyncStorageStore
-
-      AsyncStorageStore.anonymousId = value?.id ?? storedAnonymousId
-    })
-
-    effect(() => {
-      const {
-        selectedOptimizations: { value },
-      } = signals
-
-      AsyncStorageStore.selectedOptimizations = value
+      await AsyncStorageStore.drainPersistence()
     })
   }
 
@@ -177,11 +238,30 @@ class ContentfulOptimization extends CoreStateful {
     const mergedConfig = await mergeConfig(config)
 
     const instance = new ContentfulOptimization(mergedConfig)
+
     activeOptimizationInstance = instance
+    try {
+      await persistCurrentStateForPolicy()
+    } catch (error: unknown) {
+      activeOptimizationInstance = undefined
+      instance.destroy()
+      throw error
+    }
 
     return instance
   }
 
+  override consent(accept: ConsentInput): void {
+    super.consent(accept)
+
+    void persistCurrentStateForPolicy()
+  }
+
+  override reset(): void {
+    void AsyncStorageStore.clearProfileContinuity()
+    super.reset()
+  }
+
   /**
    * Cleans up event listeners and resources.
    *
@@ -198,12 +278,14 @@ class ContentfulOptimization extends CoreStateful {
   destroy(): void {
     this.cleanupOnlineListener()
     this.cleanupAppStateListener()
+    this.interceptors.state.remove(this.statePersistenceInterceptorId)
 
     if (activeOptimizationInstance === this) {
       activeOptimizationInstance = undefined
     }
 
     super.destroy()
+    void AsyncStorageStore.drainPersistence()
   }
 }
 
diff --git a/packages/react-native-sdk/src/storage/AsyncStorageStore.test.ts b/packages/react-native-sdk/src/storage/AsyncStorageStore.test.ts
index 3e5cb17f..9903ec55 100644
--- a/packages/react-native-sdk/src/storage/AsyncStorageStore.test.ts
+++ b/packages/react-native-sdk/src/storage/AsyncStorageStore.test.ts
@@ -1,21 +1,40 @@
 import {
+  ANONYMOUS_ID_KEY,
   CHANGES_CACHE_KEY,
+  CONSENT_KEY,
+  DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
   PROFILE_CACHE_KEY,
   SELECTED_OPTIMIZATIONS_CACHE_KEY,
 } from '@contentful/optimization-core/constants'
 import { beforeEach, describe, expect, it, rs } from '@rstest/core'
 
 interface AsyncStorageStoreInstance {
-  initialize: () => Promise<void>
+  initializeConsentState: () => Promise<void>
+  initializeProfileContinuity: () => Promise<void>
+  anonymousId: string | undefined
   readonly changes: unknown
+  consent: boolean | undefined
+  persistenceConsent: boolean | undefined
   readonly profile: unknown
   readonly selectedOptimizations: unknown
+  clearProfileContinuity: () => Promise<void>
+  drainPersistence: () => Promise<void>
+  writeConsentState: (state: {
+    consent: boolean | undefined
+    persistenceConsent: boolean | undefined
+  }) => Promise<void>
+  writeProfileContinuity: (state: {
+    changes: unknown
+    profile: { id?: string } | undefined
+    selectedOptimizations: unknown
+  }) => Promise<void>
 }
 
 const asyncStorageMock = {
   multiGet: rs.fn(),
-  removeItem: rs.fn(),
-  setItem: rs.fn(),
+  multiRemove: rs.fn(),
+  multiSet: rs.fn(),
 }
 
 rs.mock('@react-native-async-storage/async-storage', () => ({
@@ -25,9 +44,13 @@ rs.mock('@react-native-async-storage/async-storage', () => ({
 function isAsyncStorageStoreInstance(value: unknown): value is AsyncStorageStoreInstance {
   if (typeof value !== 'object' || value === null) return false
 
-  const initialize = Reflect.get(value, 'initialize')
+  const initializeConsentState = Reflect.get(value, 'initializeConsentState')
+  const initializeProfileContinuity = Reflect.get(value, 'initializeProfileContinuity')
 
-  return typeof initialize === 'function'
+  return (
+    typeof initializeConsentState === 'function' &&
+    typeof initializeProfileContinuity === 'function'
+  )
 }
 
 async function getStore(): Promise<AsyncStorageStoreInstance> {
@@ -55,35 +78,60 @@ describe('AsyncStorageStore', () => {
     rs.clearAllMocks()
 
     asyncStorageMock.multiGet.mockResolvedValue([])
-    asyncStorageMock.removeItem.mockResolvedValue(undefined)
-    asyncStorageMock.setItem.mockResolvedValue(undefined)
+    asyncStorageMock.multiRemove.mockResolvedValue(undefined)
+    asyncStorageMock.multiSet.mockResolvedValue(undefined)
 
     const store = await getStore()
-    Reflect.set(store, 'initialized', false)
+    Reflect.set(store, 'consentStateInitialized', false)
+    Reflect.set(store, 'persistenceQueue', Promise.resolve())
+    Reflect.set(store, 'profileContinuityInitialized', false)
     const cache = getCache(store)
     cache.clear()
   })
 
-  it('deletes malformed JSON cache values during initialization', async () => {
+  it('loads only consent state during consent initialization', async () => {
+    asyncStorageMock.multiGet.mockResolvedValue([
+      [CONSENT_KEY, 'accepted'],
+      [PERSISTENCE_CONSENT_KEY, 'denied'],
+      [PROFILE_CACHE_KEY, JSON.stringify({ foo: 'bar' })],
+    ])
+
+    const store = await getStore()
+    await store.initializeConsentState()
+
+    expect(asyncStorageMock.multiGet).toHaveBeenCalledWith([
+      CONSENT_KEY,
+      PERSISTENCE_CONSENT_KEY,
+      DEBUG_FLAG_KEY,
+    ])
+    expect(store.consent).toBe(true)
+    expect(store.persistenceConsent).toBe(false)
+    expect(store.profile).toBeUndefined()
+    expect(asyncStorageMock.multiRemove).not.toHaveBeenCalledWith([PROFILE_CACHE_KEY])
+  })
+
+  it('deletes malformed JSON cache values during profile-continuity initialization', async () => {
     asyncStorageMock.multiGet.mockResolvedValue([[CHANGES_CACHE_KEY, '{bad-json']])
 
     const store = await getStore()
-    await store.initialize()
+    await store.initializeProfileContinuity()
 
     expect(store.changes).toBeUndefined()
-    expect(asyncStorageMock.removeItem).toHaveBeenCalledWith(CHANGES_CACHE_KEY)
+    await store.drainPersistence()
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([CHANGES_CACHE_KEY])
   })
 
-  it('deletes cache values that fail schema validation during initialization', async () => {
+  it('deletes cache values that fail schema validation during profile-continuity initialization', async () => {
     asyncStorageMock.multiGet.mockResolvedValue([
       [PROFILE_CACHE_KEY, JSON.stringify({ foo: 'bar' })],
     ])
 
     const store = await getStore()
-    await store.initialize()
+    await store.initializeProfileContinuity()
 
     expect(store.profile).toBeUndefined()
-    expect(asyncStorageMock.removeItem).toHaveBeenCalledWith(PROFILE_CACHE_KEY)
+    await store.drainPersistence()
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([PROFILE_CACHE_KEY])
   })
 
   it('deletes in-memory structured cache values that fail schema validation', async () => {
@@ -93,12 +141,13 @@ describe('AsyncStorageStore', () => {
     cache.set(SELECTED_OPTIMIZATIONS_CACHE_KEY, { foo: 'bar' })
 
     expect(store.selectedOptimizations).toBeUndefined()
+    await store.drainPersistence()
     expect(cache.has(SELECTED_OPTIMIZATIONS_CACHE_KEY)).toBe(false)
-    expect(asyncStorageMock.removeItem).toHaveBeenCalledWith(SELECTED_OPTIMIZATIONS_CACHE_KEY)
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([SELECTED_OPTIMIZATIONS_CACHE_KEY])
   })
 
   it('swallows AsyncStorage.removeItem failures when invalidating bad cache', async () => {
-    asyncStorageMock.removeItem.mockRejectedValueOnce(new Error('storage blocked'))
+    asyncStorageMock.multiRemove.mockRejectedValueOnce(new Error('storage blocked'))
 
     const store = await getStore()
     const cache = getCache(store)
@@ -108,8 +157,105 @@ describe('AsyncStorageStore', () => {
     expect(() => {
       void store.selectedOptimizations
     }).not.toThrow()
-    await Promise.resolve()
+    await store.drainPersistence()
     expect(cache.has(SELECTED_OPTIMIZATIONS_CACHE_KEY)).toBe(false)
-    expect(asyncStorageMock.removeItem).toHaveBeenCalledWith(SELECTED_OPTIMIZATIONS_CACHE_KEY)
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([SELECTED_OPTIMIZATIONS_CACHE_KEY])
+  })
+
+  it('translates persistence consent and falls back to accepted legacy consent', async () => {
+    const store = await getStore()
+
+    store.persistenceConsent = true
+    await store.drainPersistence()
+    expect(asyncStorageMock.multiSet).toHaveBeenCalledWith([[PERSISTENCE_CONSENT_KEY, 'accepted']])
+    expect(store.persistenceConsent).toBe(true)
+
+    store.persistenceConsent = false
+    await store.drainPersistence()
+    expect(asyncStorageMock.multiSet).toHaveBeenCalledWith([[PERSISTENCE_CONSENT_KEY, 'denied']])
+    expect(store.persistenceConsent).toBe(false)
+
+    store.persistenceConsent = undefined
+    store.consent = true
+    await store.drainPersistence()
+    expect(store.persistenceConsent).toBe(true)
+  })
+
+  it('clears profile-continuity keys without clearing consent keys', async () => {
+    const store = await getStore()
+    const cache = getCache(store)
+
+    cache.set(ANONYMOUS_ID_KEY, 'profile-id')
+    cache.set(CHANGES_CACHE_KEY, [])
+    cache.set(PROFILE_CACHE_KEY, {})
+    cache.set(SELECTED_OPTIMIZATIONS_CACHE_KEY, [])
+    cache.set(CONSENT_KEY, 'accepted')
+    cache.set(PERSISTENCE_CONSENT_KEY, 'accepted')
+
+    await store.clearProfileContinuity()
+
+    expect(cache.has(ANONYMOUS_ID_KEY)).toBe(false)
+    expect(cache.has(CHANGES_CACHE_KEY)).toBe(false)
+    expect(cache.has(PROFILE_CACHE_KEY)).toBe(false)
+    expect(cache.has(SELECTED_OPTIMIZATIONS_CACHE_KEY)).toBe(false)
+    expect(cache.get(CONSENT_KEY)).toBe('accepted')
+    expect(cache.get(PERSISTENCE_CONSENT_KEY)).toBe('accepted')
+    expect(asyncStorageMock.multiRemove).toHaveBeenCalledWith([
+      ANONYMOUS_ID_KEY,
+      CHANGES_CACHE_KEY,
+      PROFILE_CACHE_KEY,
+      SELECTED_OPTIMIZATIONS_CACHE_KEY,
+    ])
+  })
+
+  it('batches profile-continuity writes through AsyncStorage.multiSet', async () => {
+    const store = await getStore()
+    const profile = { id: 'profile-id' }
+
+    await store.writeProfileContinuity({
+      changes: [],
+      profile,
+      selectedOptimizations: [],
+    })
+
+    expect(asyncStorageMock.multiSet).toHaveBeenCalledWith([
+      [ANONYMOUS_ID_KEY, 'profile-id'],
+      [CHANGES_CACHE_KEY, '[]'],
+      [PROFILE_CACHE_KEY, JSON.stringify(profile)],
+      [SELECTED_OPTIMIZATIONS_CACHE_KEY, '[]'],
+    ])
+  })
+
+  it('serializes profile-continuity writes so later clears win', async () => {
+    const store = await getStore()
+    let resolveFirstWrite: (() => void) | undefined
+
+    asyncStorageMock.multiSet.mockImplementationOnce(async () => {
+      await new Promise<void>((resolve) => {
+        resolveFirstWrite = resolve
+      })
+    })
+
+    const write = store.writeProfileContinuity({
+      changes: [],
+      profile: { id: 'profile-id' },
+      selectedOptimizations: [],
+    })
+    const clear = store.clearProfileContinuity()
+
+    await Promise.resolve()
+    await Promise.resolve()
+    expect(asyncStorageMock.multiSet).toHaveBeenCalledTimes(1)
+    expect(asyncStorageMock.multiRemove).not.toHaveBeenCalled()
+
+    resolveFirstWrite?.()
+    await Promise.all([write, clear])
+
+    expect(asyncStorageMock.multiRemove).toHaveBeenLastCalledWith([
+      ANONYMOUS_ID_KEY,
+      CHANGES_CACHE_KEY,
+      PROFILE_CACHE_KEY,
+      SELECTED_OPTIMIZATIONS_CACHE_KEY,
+    ])
   })
 })
diff --git a/packages/react-native-sdk/src/storage/AsyncStorageStore.ts b/packages/react-native-sdk/src/storage/AsyncStorageStore.ts
index 457e726f..1a136a35 100644
--- a/packages/react-native-sdk/src/storage/AsyncStorageStore.ts
+++ b/packages/react-native-sdk/src/storage/AsyncStorageStore.ts
@@ -8,6 +8,7 @@ import {
   CHANGES_CACHE_KEY,
   CONSENT_KEY,
   DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
   PROFILE_CACHE_KEY,
   SELECTED_OPTIMIZATIONS_CACHE_KEY,
 } from '@contentful/optimization-core/constants'
@@ -21,7 +22,57 @@ const STRUCTURED_CACHE_PARSERS: Record<string, z.ZodMiniType> = {
   [PROFILE_CACHE_KEY]: Profile,
   [SELECTED_OPTIMIZATIONS_CACHE_KEY]: SelectedOptimizationArray,
 }
-const STRING_CACHE_KEYS = new Set([ANONYMOUS_ID_KEY, CONSENT_KEY, DEBUG_FLAG_KEY])
+const STRING_CACHE_KEYS = new Set([
+  ANONYMOUS_ID_KEY,
+  CONSENT_KEY,
+  DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
+])
+const CONSENT_STATE_KEYS = [CONSENT_KEY, PERSISTENCE_CONSENT_KEY, DEBUG_FLAG_KEY]
+const PROFILE_CONTINUITY_KEYS = [
+  ANONYMOUS_ID_KEY,
+  CHANGES_CACHE_KEY,
+  PROFILE_CACHE_KEY,
+  SELECTED_OPTIMIZATIONS_CACHE_KEY,
+]
+
+interface ProfileContinuityState {
+  changes: ChangeArray | undefined
+  profile: Profile | undefined
+  selectedOptimizations: SelectedOptimizationArray | undefined
+}
+
+interface ConsentState {
+  consent: boolean | undefined
+  persistenceConsent: boolean | undefined
+}
+
+type CacheEntry = readonly [key: string, data: unknown]
+
+async function removeKeys(keys: readonly string[], label: string): Promise<void> {
+  if (keys.length === 0) return
+
+  try {
+    await AsyncStorage.multiRemove([...keys])
+  } catch (error: unknown) {
+    logger.error(`Failed to remove ${keys.join(', ')} from ${label}:`, error)
+  }
+}
+
+async function setEntries(entries: ReadonlyArray<[string, string]>): Promise<void> {
+  if (entries.length === 0) return
+
+  try {
+    await AsyncStorage.multiSet([...entries])
+  } catch (error: unknown) {
+    logger.error(`Failed to set ${entries.map(([key]) => key).join(', ')} in AsyncStorage:`, error)
+  }
+}
+
+function translateConsent(consent: boolean | undefined): string | undefined {
+  if (consent === undefined) return undefined
+  return consent ? 'accepted' : 'denied'
+}
 
 /**
  * Persistent storage adapter backed by `@react-native-async-storage/async-storage`.
@@ -33,59 +84,45 @@ const STRING_CACHE_KEYS = new Set([ANONYMOUS_ID_KEY, CONSENT_KEY, DEBUG_FLAG_KEY
  */
 class AsyncStorageStore {
   private readonly cache = new Map<string, unknown>()
-  private initialized = false
+  private consentStateInitialized = false
+  private persistenceQueue: Promise<void> = Promise.resolve()
+  private profileContinuityInitialized = false
 
   /**
-   * Loads all known keys from AsyncStorage into the in-memory cache.
+   * Loads consent, persistence consent, and debug preference state into memory.
    *
    * @returns A promise that resolves when initialization is complete
    *
    * @internal
    */
-  async initialize(): Promise<void> {
-    if (this.initialized) return
+  async initializeConsentState(): Promise<void> {
+    if (this.consentStateInitialized) return
 
     try {
-      const keys = [
-        ANONYMOUS_ID_KEY,
-        CONSENT_KEY,
-        CHANGES_CACHE_KEY,
-        DEBUG_FLAG_KEY,
-        PROFILE_CACHE_KEY,
-        SELECTED_OPTIMIZATIONS_CACHE_KEY,
-      ]
-      const values = await AsyncStorage.multiGet(keys)
-
-      for (const [key, value] of values) {
-        if (!value) continue
-
-        if (STRING_CACHE_KEYS.has(key)) {
-          this.cache.set(key, value)
-          continue
-        }
-
-        const { [key]: parser } = STRUCTURED_CACHE_PARSERS
-        if (!parser) continue
-
-        let json: unknown = undefined
-        try {
-          json = JSON.parse(value)
-        } catch {
-          this.invalidateCacheKey(key, 'malformed JSON')
-          continue
-        }
-
-        const parsed = parser.safeParse(json)
-        if (parsed.success) {
-          this.cache.set(key, parsed.data)
-        } else {
-          this.invalidateCacheKey(key, 'schema validation failed')
-        }
-      }
+      await this.drainPersistence()
+      await this.loadKeys(CONSENT_STATE_KEYS)
+      this.consentStateInitialized = true
+    } catch (error: unknown) {
+      logger.error('Failed to initialize AsyncStorageStore consent state:', error)
+    }
+  }
 
-      this.initialized = true
+  /**
+   * Loads profile-continuity state into memory after persistence consent allows it.
+   *
+   * @returns A promise that resolves when initialization is complete
+   *
+   * @internal
+   */
+  async initializeProfileContinuity(): Promise<void> {
+    if (this.profileContinuityInitialized) return
+
+    try {
+      await this.drainPersistence()
+      await this.loadKeys(PROFILE_CONTINUITY_KEYS)
+      this.profileContinuityInitialized = true
     } catch (error: unknown) {
-      logger.error('Failed to initialize AsyncStorageStore:', error)
+      logger.error('Failed to initialize AsyncStorageStore profile continuity:', error)
     }
   }
 
@@ -98,7 +135,7 @@ class AsyncStorageStore {
   }
 
   set anonymousId(id: string | undefined) {
-    this.setCache(ANONYMOUS_ID_KEY, id)
+    void this.setCache(ANONYMOUS_ID_KEY, id)
   }
 
   /**
@@ -120,7 +157,26 @@ class AsyncStorageStore {
 
   set consent(consent: boolean | undefined) {
     const translated = consent ? 'accepted' : 'denied'
-    this.setCache(CONSENT_KEY, consent === undefined ? undefined : translated)
+    void this.setCache(CONSENT_KEY, consent === undefined ? undefined : translated)
+  }
+
+  get persistenceConsent(): boolean | undefined {
+    const value = this.cache.get(PERSISTENCE_CONSENT_KEY)
+    const consent = typeof value === 'string' ? value : undefined
+
+    switch (consent) {
+      case 'accepted':
+        return true
+      case 'denied':
+        return false
+      default:
+        return this.consent === true ? true : undefined
+    }
+  }
+
+  set persistenceConsent(consent: boolean | undefined) {
+    const translated = consent ? 'accepted' : 'denied'
+    void this.setCache(PERSISTENCE_CONSENT_KEY, consent === undefined ? undefined : translated)
   }
 
   /**
@@ -133,7 +189,7 @@ class AsyncStorageStore {
   }
 
   set debug(debug: boolean | undefined) {
-    this.setCache(DEBUG_FLAG_KEY, debug)
+    void this.setCache(DEBUG_FLAG_KEY, debug)
   }
 
   /**
@@ -144,7 +200,7 @@ class AsyncStorageStore {
   }
 
   set changes(changes: ChangeArray | undefined) {
-    this.setCache(CHANGES_CACHE_KEY, changes)
+    void this.setCache(CHANGES_CACHE_KEY, changes)
   }
 
   /**
@@ -155,7 +211,7 @@ class AsyncStorageStore {
   }
 
   set profile(profile: Profile | undefined) {
-    this.setCache(PROFILE_CACHE_KEY, profile)
+    void this.setCache(PROFILE_CACHE_KEY, profile)
   }
 
   /**
@@ -166,7 +222,35 @@ class AsyncStorageStore {
   }
 
   set selectedOptimizations(selectedOptimizations: SelectedOptimizationArray | undefined) {
-    this.setCache(SELECTED_OPTIMIZATIONS_CACHE_KEY, selectedOptimizations)
+    void this.setCache(SELECTED_OPTIMIZATIONS_CACHE_KEY, selectedOptimizations)
+  }
+
+  async writeConsentState({ consent, persistenceConsent }: ConsentState): Promise<void> {
+    await this.setCacheEntries([
+      [CONSENT_KEY, translateConsent(consent)],
+      [PERSISTENCE_CONSENT_KEY, translateConsent(persistenceConsent)],
+    ])
+  }
+
+  async writeProfileContinuity({
+    changes,
+    profile,
+    selectedOptimizations,
+  }: ProfileContinuityState): Promise<void> {
+    await this.setCacheEntries([
+      [ANONYMOUS_ID_KEY, profile?.id ?? this.anonymousId],
+      [CHANGES_CACHE_KEY, changes],
+      [PROFILE_CACHE_KEY, profile],
+      [SELECTED_OPTIMIZATIONS_CACHE_KEY, selectedOptimizations],
+    ])
+  }
+
+  async clearProfileContinuity(): Promise<void> {
+    await this.setCacheEntries(PROFILE_CONTINUITY_KEYS.map((key) => [key, undefined] as const))
+  }
+
+  async drainPersistence(): Promise<void> {
+    await this.persistenceQueue
   }
 
   getCache<T extends z.ZodMiniType>(key: string, parser: T): z.output<T> | undefined {
@@ -181,27 +265,76 @@ class AsyncStorageStore {
     return undefined
   }
 
-  setCache(key: string, data: unknown): void {
-    if (data === undefined) {
-      this.cache.delete(key)
-      AsyncStorage.removeItem(key).catch((error: unknown) => {
-        logger.error(`Failed to remove ${key} from AsyncStorage:`, error)
-      })
-    } else {
-      const value = typeof data === 'string' ? data : JSON.stringify(data)
-      this.cache.set(key, typeof data === 'string' ? data : data)
-      AsyncStorage.setItem(key, value).catch((error: unknown) => {
-        logger.error(`Failed to set ${key} in AsyncStorage:`, error)
-      })
-    }
+  async setCache(key: string, data: unknown): Promise<void> {
+    await this.setCacheEntries([[key, data]])
   }
 
   private invalidateCacheKey(key: string, reason: string): void {
     this.cache.delete(key)
-    AsyncStorage.removeItem(key).catch((error: unknown) => {
-      logger.error(`Failed to remove invalid ${key} from AsyncStorage (${reason}):`, error)
+    void this.enqueuePersistence(async () => {
+      await removeKeys([key], `invalid ${key} from AsyncStorage (${reason})`)
     })
   }
+
+  private async enqueuePersistence(operation: () => Promise<void>): Promise<void> {
+    const queued = this.persistenceQueue.then(operation, operation)
+    this.persistenceQueue = queued.catch(() => undefined)
+    await queued
+  }
+
+  private async setCacheEntries(entries: readonly CacheEntry[]): Promise<void> {
+    const keysToRemove: string[] = []
+    const entriesToSet: Array<[string, string]> = []
+
+    for (const [key, data] of entries) {
+      if (data === undefined) {
+        this.cache.delete(key)
+        keysToRemove.push(key)
+        continue
+      }
+
+      this.cache.set(key, data)
+      entriesToSet.push([key, typeof data === 'string' ? data : JSON.stringify(data)])
+    }
+
+    await this.enqueuePersistence(async () => {
+      await removeKeys(keysToRemove, 'AsyncStorage')
+      await setEntries(entriesToSet)
+    })
+  }
+
+  private async loadKeys(keys: readonly string[]): Promise<void> {
+    const values = await AsyncStorage.multiGet(keys)
+    const requestedKeys = new Set(keys)
+
+    for (const [key, value] of values) {
+      if (!requestedKeys.has(key)) continue
+      if (!value) continue
+
+      if (STRING_CACHE_KEYS.has(key)) {
+        this.cache.set(key, value)
+        continue
+      }
+
+      const { [key]: parser } = STRUCTURED_CACHE_PARSERS
+      if (!parser) continue
+
+      let json: unknown = undefined
+      try {
+        json = JSON.parse(value)
+      } catch {
+        this.invalidateCacheKey(key, 'malformed JSON')
+        continue
+      }
+
+      const parsed = parser.safeParse(json)
+      if (parsed.success) {
+        this.cache.set(key, parsed.data)
+      } else {
+        this.invalidateCacheKey(key, 'schema validation failed')
+      }
+    }
+  }
 }
 
 const store = new AsyncStorageStore()
diff --git a/packages/universal/AGENTS.md b/packages/universal/AGENTS.md
index 65475823..9d298d59 100644
--- a/packages/universal/AGENTS.md
+++ b/packages/universal/AGENTS.md
@@ -1,26 +1,22 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
+Platform-agnostic packages under `packages/universal/`.
 
-These instructions apply to platform-agnostic packages under `packages/universal/`.
-
-## Layer boundaries
+## Boundaries
 
 - `api-schemas` owns runtime schemas, inferred types, and schema helpers. Treat schema edits as API
-  contract changes and prefer additive, backward-compatible changes unless the task explicitly
-  changes the contract.
-- `api-client` owns Contentful Experience API and Insights API transport concerns. Keep request and
-  response handling aligned with `@contentful/optimization-api-schemas`.
-- `core-sdk` owns platform-agnostic optimization business logic. Shared optimization behavior
-  belongs there, not in platform SDK packages.
-- Keep universal packages free of browser, Node, React, React Native, Swift, Android, or other
-  platform-specific runtime assumptions.
+  contract changes; prefer additive changes unless the task changes the contract.
+- `api-client` owns Experience API and Insights API transport. Keep request/response handling
+  aligned with `@contentful/optimization-api-schemas`.
+- `core-sdk` owns platform-agnostic optimization business logic. Shared behavior belongs there, not
+  in platform SDK packages.
+- Universal packages must not assume browser, Node, React, React Native, Swift, Android, or other
+  platform runtimes.
 
-## Usually validate
+## Validate
 
-- If public schemas or schema helpers change, validate at least `api-client` and `core-sdk`
-  downstream.
-- If request lifecycle, retries, event transport, or error handling changes in `api-client`, broaden
-  validation to `core-sdk` or an affected implementation.
-- If exported core types, state management, event flow, or shared optimization logic changes,
-  validate affected platform SDKs or reference implementations.
+- Schema changes: validate downstream `api-client` and `core-sdk`.
+- API client lifecycle, retry, event transport, or error handling changes: validate `core-sdk` or an
+  affected implementation.
+- Core exported types, state, event flow, or shared optimization logic changes: validate affected
+  platform SDKs or reference implementations.
diff --git a/packages/universal/api-client/AGENTS.md b/packages/universal/api-client/AGENTS.md
index db2177c1..cc7fb3db 100644
--- a/packages/universal/api-client/AGENTS.md
+++ b/packages/universal/api-client/AGENTS.md
@@ -1,26 +1,13 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/universal/AGENTS.md`
-before this file.
-
-## Scope
-
-This package owns the unified client surface for Contentful Experience API and Insights API
-interactions.
-
-## Key paths
-
-- `src/`
-- `README.md`
+Owns the unified client surface for Contentful Experience API and Insights API interactions.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-api-client typecheck`
-- `pnpm --filter @contentful/optimization-api-client test:unit`
-- `pnpm --filter @contentful/optimization-api-client build`
-- `pnpm --filter @contentful/optimization-api-client size:check`
+- `pnpm --filter @contentful/optimization-api-client <script>` with `typecheck`, `test:unit`,
+  `build`, or `size:check`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` and `test:unit` for local changes.
 - Run `build` for export, packaging, or runtime changes.
diff --git a/packages/universal/api-client/package.json b/packages/universal/api-client/package.json
index d9e95d40..ac1db652 100644
--- a/packages/universal/api-client/package.json
+++ b/packages/universal/api-client/package.json
@@ -60,7 +60,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
     "test:unit": "rstest run --coverage",
diff --git a/packages/universal/api-schemas/AGENTS.md b/packages/universal/api-schemas/AGENTS.md
index 646e34b1..102ad562 100644
--- a/packages/universal/api-schemas/AGENTS.md
+++ b/packages/universal/api-schemas/AGENTS.md
@@ -1,26 +1,14 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/universal/AGENTS.md`
-before this file.
-
-## Scope
-
-This package owns Zod-based API schemas, inferred types, and schema helpers for Contentful CDA,
-Experience API, and Insights API payloads.
-
-## Key paths
-
-- `src/`
-- `README.md`
+Owns Zod-based API schemas, inferred types, and schema helpers for Contentful CDA, Experience API,
+and Insights API payloads.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-api-schemas typecheck`
-- `pnpm --filter @contentful/optimization-api-schemas test:unit`
-- `pnpm --filter @contentful/optimization-api-schemas build`
-- `pnpm --filter @contentful/optimization-api-schemas size:check`
+- `pnpm --filter @contentful/optimization-api-schemas <script>` with `typecheck`, `test:unit`,
+  `build`, or `size:check`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` and `test:unit` for local changes.
 - Run `build` for export or packaging changes.
diff --git a/packages/universal/api-schemas/package.json b/packages/universal/api-schemas/package.json
index cbfd00b9..f969e89e 100644
--- a/packages/universal/api-schemas/package.json
+++ b/packages/universal/api-schemas/package.json
@@ -40,7 +40,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist .tsbuildinfo ./node_modules/.cache/rspack",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
     "test:unit": "rstest run",
diff --git a/packages/universal/core-sdk/AGENTS.md b/packages/universal/core-sdk/AGENTS.md
index b28109d7..723f0973 100644
--- a/packages/universal/core-sdk/AGENTS.md
+++ b/packages/universal/core-sdk/AGENTS.md
@@ -1,30 +1,17 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/universal/AGENTS.md`
-before this file.
+Owns the platform-agnostic optimization core used by all platform SDKs.
 
-## Scope
+## Rules
 
-This package owns platform-agnostic optimization business logic and the shared stateful and
-stateless core used by all platform SDKs.
-
-## Key paths
-
-- `src/` — root entry: stateless/stateful core, signals, events, queues, interceptors, resolvers
-- `src/preview-support/` — preview-panel toolkit with additional local guidance
-- `README.md`
-
-## Local rules
-
-- Prefer shared behavior fixes here when the problem affects more than one platform SDK.
+- Prefer shared fixes here when a problem affects more than one platform SDK.
+- `src/preview-support/` has additional guidance for preview-panel support.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-core typecheck`
-- `pnpm --filter @contentful/optimization-core test:unit`
-- `pnpm --filter @contentful/optimization-core build`
-- `pnpm --filter @contentful/optimization-core size:check`
+- `pnpm --filter @contentful/optimization-core <script>` with `typecheck`, `test:unit`, `build`, or
+  `size:check`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck`, `test:unit`, and `build`.
diff --git a/packages/universal/core-sdk/README.md b/packages/universal/core-sdk/README.md
index 1016eb1a..4240de87 100644
--- a/packages/universal/core-sdk/README.md
+++ b/packages/universal/core-sdk/README.md
@@ -64,14 +64,18 @@ const statefulOptimization = new CoreStateful({ clientId: 'your-client-id' })
 const statelessOptimization = new CoreStateless({ clientId: 'your-client-id' })
 ```
 
-Stateful runtimes own durable in-process SDK state. Stateless runtimes pass request-scoped
-Experience API options as the final event-method argument:
+Stateful runtimes own durable in-process SDK state. Stateless runtimes bind request-scoped consent,
+profile state, event context, and Experience API options before calling event methods:
 
 ```ts
-await statelessOptimization.page(
-  { profile: { id: 'profile-id' } },
-  { locale: 'de-DE', preflight: false },
-)
+const requestOptimization = statelessOptimization.forRequest({
+  consent: true,
+  eventContext: { locale: 'en-US' },
+  experienceOptions: { locale: 'de-DE', preflight: false },
+  profile: { id: 'profile-id' },
+})
+
+await requestOptimization.page()
 ```
 
 ## When to use this package
@@ -97,8 +101,9 @@ optimization, flag, event-stream, blocked-event, and preview-panel state as read
 ### Stateless Core
 
 `CoreStateless` is the basis for SDKs that run in stateless environments such as Node servers and
-server-side functions. It does not store consent or profile state. Consumers pass profile and
-request-scoped Experience options with each event call.
+server-side functions. It does not store consent or profile state between requests. Consumers call
+`forRequest()` to create a request-bound event client with the consent, profile, event context, and
+Experience options for that one incoming request.
 
 ## Common configuration
 
@@ -113,15 +118,28 @@ Shared Core configuration:
 | `fetchOptions` | No        | SDK defaults          | Fetch timeout and retry behavior                            |
 | `logLevel`     | No        | `'error'`             | Minimum log level for the default console sink              |
 
+Consent and event configuration:
+
+| Option              | Required? | Default     | Description                                                  |
+| ------------------- | --------- | ----------- | ------------------------------------------------------------ |
+| `allowedEventTypes` | No        | `[]`        | Event types allowed before consent is explicitly set         |
+| `onEventBlocked`    | No        | `undefined` | Callback invoked when consent or guard logic blocks an event |
+
+Core itself fails closed before consent. Platform SDKs set runtime-specific defaults for the event
+types that make sense in that runtime, such as browser `identify`/`page`, server `identify`/`page`,
+and mobile `identify`/`screen`.
+
 Stateful-only configuration:
 
-| Option              | Required? | Default                          | Description                                                                    |
-| ------------------- | --------- | -------------------------------- | ------------------------------------------------------------------------------ |
-| `allowedEventTypes` | No        | `['identify', 'page', 'screen']` | Event types allowed before consent is explicitly set                           |
-| `defaults`          | No        | `undefined`                      | Initial state, commonly including consent or profile values                    |
-| `getAnonymousId`    | No        | `undefined`                      | Function used to provide an anonymous ID from application-owned identity state |
-| `onEventBlocked`    | No        | `undefined`                      | Callback invoked when consent or guard logic blocks an event                   |
-| `queuePolicy`       | No        | SDK defaults                     | Flush retry behavior and offline queue bounds                                  |
+| Option           | Required? | Default      | Description                                                                       |
+| ---------------- | --------- | ------------ | --------------------------------------------------------------------------------- |
+| `defaults`       | No        | `undefined`  | Initial state, commonly including consent, persistence consent, or profile values |
+| `getAnonymousId` | No        | `undefined`  | Function used to provide an anonymous ID from application-owned identity state    |
+| `queuePolicy`    | No        | SDK defaults | Flush retry behavior and offline queue bounds                                     |
+
+Persistence consent controls durable profile-continuity storage for SDKs with runtime storage:
+profile, anonymous ID, changes, and selected optimization caches. Event consent, stored consent
+decisions, and debug state are tracked separately.
 
 Common `api` options:
 
@@ -136,8 +154,8 @@ Common `api` options:
 | `plainText`         | Stateful   | `false`                                    | Sends performance-critical endpoints as text    |
 | `preflight`         | Stateful   | `false`                                    | Aggregates a profile state without storing it   |
 
-In stateless environments, pass `ip`, `locale`, `plainText`, and `preflight` as the final argument
-to stateless event methods instead of constructor config.
+In stateless environments, pass `ip`, `locale`, `plainText`, and `preflight` as `experienceOptions`
+when creating the request-bound client instead of constructor config.
 
 Core-backed stateful SDKs can accept `contentfulLocales`, an initial app/content `locale`, and
 runtime `setLocale(locale)` calls. They expose the resolved Contentful locale through the live
diff --git a/packages/universal/core-sdk/package.json b/packages/universal/core-sdk/package.json
index 56d3cd42..3b968d90 100644
--- a/packages/universal/core-sdk/package.json
+++ b/packages/universal/core-sdk/package.json
@@ -90,8 +90,8 @@
   "buildTools": {
     "bundleSize": {
       "gzipBudgets": {
-        "index.cjs": 15000,
-        "index.mjs": 13200,
+        "index.cjs": 16000,
+        "index.mjs": 14000,
         "preview-support.cjs": 6500,
         "preview-support.mjs": 5500
       }
@@ -102,7 +102,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
     "test:unit": "rstest run --coverage",
diff --git a/packages/universal/core-sdk/src/Consent.ts b/packages/universal/core-sdk/src/Consent.ts
index 3065c467..c5dbfb3c 100644
--- a/packages/universal/core-sdk/src/Consent.ts
+++ b/packages/universal/core-sdk/src/Consent.ts
@@ -1,3 +1,13 @@
+/**
+ * Consent value accepted by stateful SDK `consent()` methods.
+ *
+ * Pass `true` or `false` to update event consent and the persistence consent value together. The
+ * persistence consent value controls durable profile-continuity storage. Pass an object when an
+ * application needs to update either capability independently, such as allowing events while keeping
+ * profile continuity session-only.
+ */
+export type ConsentInput = boolean | { events?: boolean; persistence?: boolean }
+
 /**
  * Controller for updating the current consent state.
  *
@@ -9,9 +19,11 @@ export interface ConsentController {
   /**
    * Update the runtime consent state.
    *
-   * @param accept - `true` when the user has granted consent; `false` otherwise.
+   * @param accept - `true` or `false` for both event consent and the persistence consent value, or
+   * an object to update either consent capability independently. Persistence consent controls
+   * durable profile-continuity storage.
    */
-  consent: (accept: boolean) => void
+  consent: (accept: ConsentInput) => void
 }
 
 /**
diff --git a/packages/universal/core-sdk/src/CoreStateful.detached-states.test.ts b/packages/universal/core-sdk/src/CoreStateful.detached-states.test.ts
index bdeaa5d6..d679bc11 100644
--- a/packages/universal/core-sdk/src/CoreStateful.detached-states.test.ts
+++ b/packages/universal/core-sdk/src/CoreStateful.detached-states.test.ts
@@ -28,6 +28,7 @@ function resetSignals(): void {
     signals.event.value = undefined
     signals.locale.value = undefined
     signals.online.value = true
+    signals.persistenceConsent.value = undefined
     signals.selectedOptimizations.value = undefined
     signals.previewPanelAttached.value = false
     signals.previewPanelOpen.value = false
diff --git a/packages/universal/core-sdk/src/CoreStateful.locale.test.ts b/packages/universal/core-sdk/src/CoreStateful.locale.test.ts
index 254a5440..e1c6a89e 100644
--- a/packages/universal/core-sdk/src/CoreStateful.locale.test.ts
+++ b/packages/universal/core-sdk/src/CoreStateful.locale.test.ts
@@ -14,6 +14,7 @@ function resetSignals(): void {
     signals.event.value = undefined
     signals.locale.value = undefined
     signals.online.value = true
+    signals.persistenceConsent.value = undefined
     signals.selectedOptimizations.value = undefined
     signals.previewPanelAttached.value = false
     signals.previewPanelOpen.value = false
diff --git a/packages/universal/core-sdk/src/CoreStateful.test.ts b/packages/universal/core-sdk/src/CoreStateful.test.ts
index 5129dd06..d66963cf 100644
--- a/packages/universal/core-sdk/src/CoreStateful.test.ts
+++ b/packages/universal/core-sdk/src/CoreStateful.test.ts
@@ -83,6 +83,7 @@ describe('CoreStateful blocked event handling', () => {
       signals.event.value = undefined
       signals.locale.value = undefined
       signals.online.value = true
+      signals.persistenceConsent.value = undefined
       signals.selectedOptimizations.value = undefined
       signals.previewPanelAttached.value = false
       signals.previewPanelOpen.value = false
@@ -147,9 +148,8 @@ describe('CoreStateful blocked event handling', () => {
     expect(signals.blockedEvent.value).toBeUndefined()
   })
 
-  it('defaults allowedEventTypes to identify/page/screen in core', async () => {
+  it('defaults allowedEventTypes to empty in core', async () => {
     const core = createCoreStateful()
-    const payload: TrackBuilderArgs = { event: 'purchase' }
     const blockedEvents: Array<BlockedEvent | undefined> = []
     const subscription = core.states.blockedEventStream.subscribe((event) => {
       blockedEvents.push(event)
@@ -158,18 +158,123 @@ describe('CoreStateful blocked event handling', () => {
     await core.identify({ userId: 'user-1' })
     await core.page({})
     await core.screen({ name: 'Home', properties: {}, screen: { name: 'Home' } })
-    await core.track(payload)
 
-    expect(blockedEvents.at(-1)).toEqual(
-      expect.objectContaining({
-        reason: 'consent',
-        method: 'track',
-      }),
-    )
+    expect(blockedEvents.filter((event) => event !== undefined)).toEqual([
+      expect.objectContaining({ method: 'identify', reason: 'consent' }),
+      expect.objectContaining({ method: 'page', reason: 'consent' }),
+      expect.objectContaining({ method: 'screen', reason: 'consent' }),
+    ])
 
     subscription.unsubscribe()
   })
 
+  it('maps boolean consent to event and persistence consent', () => {
+    const core = createCoreStateful()
+
+    core.consent(true)
+
+    expect(signals.consent.value).toBe(true)
+    expect(signals.persistenceConsent.value).toBe(true)
+
+    core.consent(false)
+
+    expect(signals.consent.value).toBe(false)
+    expect(signals.persistenceConsent.value).toBe(false)
+  })
+
+  it('initializes module-scoped state from absent defaults instead of stale prior state', () => {
+    const first = createCoreStateful({
+      defaults: {
+        changes: FLAG_CHANGES,
+        consent: true,
+        persistenceConsent: true,
+        profile: profileFixture,
+        selectedOptimizations: selectedOptimizationsFixture,
+      },
+    })
+
+    expect(signals.consent.value).toBe(true)
+    expect(signals.persistenceConsent.value).toBe(true)
+
+    first.destroy()
+    createCoreStateful()
+
+    expect(signals.consent.value).toBeUndefined()
+    expect(signals.persistenceConsent.value).toBeUndefined()
+    expect(signals.changes.value).toBeUndefined()
+    expect(signals.profile.value).toBeUndefined()
+    expect(signals.selectedOptimizations.value).toBeUndefined()
+  })
+
+  it('updates event and persistence consent independently with object consent', () => {
+    const core = createCoreStateful({ defaults: { consent: true } })
+
+    core.consent({ persistence: false })
+
+    expect(signals.consent.value).toBe(true)
+    expect(signals.persistenceConsent.value).toBe(false)
+
+    core.consent({ events: false })
+
+    expect(signals.consent.value).toBe(false)
+    expect(signals.persistenceConsent.value).toBe(false)
+  })
+
+  it('marks allow-listed pre-consent events with actual event consent', async () => {
+    const core = createCoreStateful({ allowedEventTypes: ['identify'] })
+    const upsertProfile = rs.spyOn(core.api.experience, 'upsertProfile').mockResolvedValue({
+      changes: [],
+      selectedOptimizations: [],
+      profile: profileFixture,
+    })
+
+    await core.identify({ userId: 'user-1' })
+
+    expect(upsertProfile.mock.calls[0]?.[0].events[0]?.context.gdpr.isConsentGiven).toBe(false)
+
+    core.consent({ events: true })
+    await core.identify({ userId: 'user-2' })
+
+    expect(upsertProfile.mock.calls[1]?.[0].events[0]?.context.gdpr.isConsentGiven).toBe(true)
+  })
+
+  it('purges queued Experience events when event consent is withdrawn', async () => {
+    const core = createCoreStatefulHarness({ defaults: { consent: true } })
+    const upsertProfile = rs.spyOn(core.api.experience, 'upsertProfile').mockResolvedValue({
+      changes: [],
+      selectedOptimizations: [],
+      profile: profileFixture,
+    })
+
+    core.setOnlineState(false)
+    await core.track({ event: 'queued-experience-event' })
+
+    core.consent({ events: false })
+    core.setOnlineState(true)
+    await core.flush()
+
+    expect(upsertProfile).not.toHaveBeenCalled()
+  })
+
+  it('purges queued Insights events when event consent is withdrawn', async () => {
+    const core = createCoreStatefulHarness({
+      defaults: {
+        consent: true,
+        profile: profileFixture,
+      },
+    })
+    const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+
+    core.setOnlineState(false)
+    await core.trackClick({ componentId: 'hero-banner' })
+
+    core.consent({ events: false })
+    core.setOnlineState(true)
+    await core.flush()
+
+    expect(sendBatchEvents).not.toHaveBeenCalled()
+  })
+
   it('uses shared queuePolicy.flush for insights retries when provided', async () => {
     rs.useFakeTimers()
 
@@ -332,6 +437,7 @@ describe('CoreStateful blocked event handling', () => {
     expect(secondStates.blockedEventStream).toBe(firstStates.blockedEventStream)
     expect(secondStates.flag).toBe(firstStates.flag)
     expect(secondStates.consent).toBe(firstStates.consent)
+    expect(secondStates.persistenceConsent).toBe(firstStates.persistenceConsent)
     expect(secondStates.eventStream).toBe(firstStates.eventStream)
     expect(secondStates.locale).toBe(firstStates.locale)
     expect(secondStates.canOptimize).toBe(firstStates.canOptimize)
diff --git a/packages/universal/core-sdk/src/CoreStateful.ts b/packages/universal/core-sdk/src/CoreStateful.ts
index c0649a52..b689357b 100644
--- a/packages/universal/core-sdk/src/CoreStateful.ts
+++ b/packages/universal/core-sdk/src/CoreStateful.ts
@@ -2,19 +2,18 @@ import type { ApiClientConfig } from '@contentful/optimization-api-client'
 import type {
   ChangeArray,
   ExperienceEvent as ExperienceEventPayload,
-  ExperienceEventType,
   InsightsEvent as InsightsEventPayload,
-  InsightsEventType,
   Json,
   Profile,
   SelectedOptimizationArray,
 } from '@contentful/optimization-api-client/api-schemas'
 import { createScopedLogger, logger } from '@contentful/optimization-api-client/logger'
 import type { BlockedEvent } from './BlockedEvent'
-import type { ConsentController, ConsentGuard } from './Consent'
+import type { ConsentController, ConsentGuard, ConsentInput } from './Consent'
 import type { CoreStatefulApiConfig } from './CoreApiConfig'
 import type { CoreConfig } from './CoreBase'
 import CoreStatefulEventEmitter from './CoreStatefulEventEmitter'
+import { DEFAULT_ALLOWED_EVENT_TYPES, type EventType } from './EventType'
 import { toPositiveInt } from './lib/number'
 import { type QueueFlushPolicy, resolveQueueFlushPolicy } from './lib/queue'
 import {
@@ -35,6 +34,7 @@ import {
   locale as localeSignal,
   type Observable,
   online as onlineSignal,
+  persistenceConsent as persistenceConsentSignal,
   previewPanelAttached as previewPanelAttachedSignal,
   previewPanelOpen as previewPanelOpenSignal,
   profile as profileSignal,
@@ -49,15 +49,8 @@ import { PREVIEW_PANEL_SIGNAL_FNS_SYMBOL, PREVIEW_PANEL_SIGNALS_SYMBOL } from '.
 
 const coreLogger = createScopedLogger('CoreStateful')
 
-/**
- * Union of all event type keys that stateful Core can emit.
- *
- * @public
- */
-export type EventType = InsightsEventType | ExperienceEventType
-
-const DEFAULT_ALLOWED_EVENT_TYPES: EventType[] = ['identify', 'page', 'screen']
 const OFFLINE_QUEUE_MAX_EVENTS = 100
+export type { EventType } from './EventType'
 export type { ExperienceQueueDropContext } from './queues/ExperienceQueue'
 
 const hasDefinedValues = (record: Record<string, unknown>): boolean =>
@@ -140,6 +133,8 @@ export interface PreviewPanelSignalObject {
 export interface CoreStates {
   /** Current consent value (if any). */
   consent: Observable<boolean | undefined>
+  /** Current durable profile-continuity persistence consent value (if any). */
+  persistenceConsent: Observable<boolean | undefined>
   /** Whether the preview panel has been attached to the host runtime. */
   previewPanelAttached: Observable<boolean>
   /** Whether the preview panel is open in the host runtime. */
@@ -168,6 +163,8 @@ export interface CoreStates {
 export interface CoreConfigDefaults {
   /** Global consent default applied at construction time. */
   consent?: boolean
+  /** Durable profile-continuity persistence consent default applied at construction time. */
+  persistenceConsent?: boolean
   /** Default active profile used for optimization and insights. */
   profile?: Profile
   /** Initial diff of changes produced by the service. */
@@ -235,6 +232,7 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
     blockedEventStream: toObservable(blockedEventSignal),
     flag: (name: string): Observable<Json> => this.getFlagObservable(name),
     consent: toObservable(consentSignal),
+    persistenceConsent: toObservable(persistenceConsentSignal),
     eventStream: toObservable(eventSignal),
     locale: toObservable(localeSignal),
     canOptimize: toObservable(canOptimizeSignal),
@@ -261,6 +259,7 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
       locale,
     )
 
+    this.eventBuilder.getConsent = () => consentSignal.value
     this.configuredExperienceLocale = configuredExperienceLocale
     this.singletonOwner = `CoreStateful#${++statefulInstanceCounter}`
     acquireStatefulRuntimeSingleton(this.singletonOwner)
@@ -270,6 +269,7 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
       const {
         changes: defaultChanges,
         consent: defaultConsent,
+        persistenceConsent: defaultPersistenceConsent,
         selectedOptimizations: defaultSelectedOptimizations,
         profile: defaultProfile,
       } = defaults ?? {}
@@ -293,14 +293,12 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
         stateInterceptors: this.interceptors.state,
       })
 
-      if (defaultConsent !== undefined) consentSignal.value = defaultConsent
-
       batch(() => {
-        if (defaultChanges !== undefined) changesSignal.value = defaultChanges
-        if (defaultSelectedOptimizations !== undefined) {
-          selectedOptimizationsSignal.value = defaultSelectedOptimizations
-        }
-        if (defaultProfile !== undefined) profileSignal.value = defaultProfile
+        consentSignal.value = defaultConsent
+        persistenceConsentSignal.value = defaultPersistenceConsent ?? defaultConsent
+        changesSignal.value = defaultChanges
+        selectedOptimizationsSignal.value = defaultSelectedOptimizations
+        profileSignal.value = defaultProfile
       })
 
       this.initializeEffects()
@@ -329,6 +327,12 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
       )
     })
 
+    effect(() => {
+      coreLogger.info(
+        `Core ${persistenceConsentSignal.value ? 'will' : 'will not'} persist profile continuity due to persistence consent (${persistenceConsentSignal.value})`,
+      )
+    })
+
     effect(() => {
       if (!onlineSignal.value) return
 
@@ -343,6 +347,11 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
     await this.experienceQueue.flush(options)
   }
 
+  private clearQueuedEvents(): void {
+    this.insightsQueue.clearQueuedEvents()
+    this.experienceQueue.clearQueuedEvents()
+  }
+
   destroy(): void {
     if (this.destroyed) return
 
@@ -372,8 +381,17 @@ class CoreStateful extends CoreStatefulEventEmitter implements ConsentController
     await this.flushQueues()
   }
 
-  consent(accept: boolean): void {
-    consentSignal.value = accept
+  consent(accept: ConsentInput): void {
+    const isBoolean = typeof accept === 'boolean'
+    const eventConsent = isBoolean ? accept : accept.events
+    const persistenceConsent = isBoolean ? accept : accept.persistence
+
+    batch(() => {
+      if (eventConsent !== undefined) consentSignal.value = eventConsent
+      if (persistenceConsent !== undefined) persistenceConsentSignal.value = persistenceConsent
+    })
+
+    if (eventConsent === false) this.clearQueuedEvents()
   }
 
   /**
diff --git a/packages/universal/core-sdk/src/CoreStatefulEventEmitter.ts b/packages/universal/core-sdk/src/CoreStatefulEventEmitter.ts
index 6d0c497c..7bb73456 100644
--- a/packages/universal/core-sdk/src/CoreStatefulEventEmitter.ts
+++ b/packages/universal/core-sdk/src/CoreStatefulEventEmitter.ts
@@ -62,7 +62,7 @@ abstract class CoreStatefulEventEmitter
   protected readonly flagObservables = new Map<string, Observable<Json>>()
   private readonly lastTrackedFlagValues = new Map<string, Json>()
 
-  protected abstract readonly allowedEventTypes: EventType[]
+  protected abstract readonly allowedEventTypes: readonly string[]
   protected abstract readonly experienceQueue: ExperienceQueue
   protected abstract readonly insightsQueue: InsightsQueue
   protected abstract readonly onEventBlocked?: CoreStatefulConfig['onEventBlocked']
@@ -288,20 +288,16 @@ abstract class CoreStatefulEventEmitter
   }
 
   hasConsent(name: string): boolean {
-    const { [name]: mappedEventType } = CONSENT_EVENT_TYPE_MAP
-    const isAllowed =
-      mappedEventType !== undefined
-        ? this.allowedEventTypes.includes(mappedEventType)
-        : this.allowedEventTypes.some((eventType) => eventType === name)
-
-    return !!consentSignal.value || isAllowed
+    return (
+      !!consentSignal.value || this.allowedEventTypes.includes(CONSENT_EVENT_TYPE_MAP[name] ?? name)
+    )
   }
 
   onBlockedByConsent(name: string, args: readonly unknown[]): void {
     coreLogger.warn(
       `Event "${name}" was blocked due to lack of consent; payload: ${JSON.stringify(args)}`,
     )
-    this.reportBlockedEvent('consent', name, args)
+    this.reportBlockedEvent(name, args)
   }
 
   protected async sendExperienceEvent(
@@ -392,12 +388,8 @@ abstract class CoreStatefulEventEmitter
     return trackedObservable
   }
 
-  private reportBlockedEvent(
-    reason: BlockedEvent['reason'],
-    method: string,
-    args: readonly unknown[],
-  ): void {
-    const event: BlockedEvent = { reason, method, args }
+  private reportBlockedEvent(method: string, args: readonly unknown[]): void {
+    const event: BlockedEvent = { reason: 'consent', method, args }
 
     try {
       this.onEventBlocked?.(event)
diff --git a/packages/universal/core-sdk/src/CoreStateless.test.ts b/packages/universal/core-sdk/src/CoreStateless.test.ts
index 7a58d019..459f014a 100644
--- a/packages/universal/core-sdk/src/CoreStateless.test.ts
+++ b/packages/universal/core-sdk/src/CoreStateless.test.ts
@@ -1,14 +1,15 @@
 import type { OptimizationData } from './api-schemas'
+import type { BlockedEvent } from './BlockedEvent'
 import CoreStateless from './CoreStateless'
 
 const TRACK_CLICK_PROFILE_ERROR =
-  'CoreStateless.trackClick() requires `payload.profile.id` for Insights delivery.'
+  'CoreStatelessRequest.trackClick() requires a request-bound profile id for Insights delivery.'
 const TRACK_HOVER_PROFILE_ERROR =
-  'CoreStateless.trackHover() requires `payload.profile.id` for Insights delivery.'
+  'CoreStatelessRequest.trackHover() requires a request-bound profile id for Insights delivery.'
 const TRACK_FLAG_VIEW_PROFILE_ERROR =
-  'CoreStateless.trackFlagView() requires `payload.profile.id` for Insights delivery.'
+  'CoreStatelessRequest.trackFlagView() requires a request-bound profile id for Insights delivery.'
 const NON_STICKY_TRACK_VIEW_PROFILE_ERROR =
-  'CoreStateless.trackView() requires `payload.profile.id` when `payload.sticky` is not `true`.'
+  'CoreStatelessRequest.trackView() requires a request-bound profile id when `payload.sticky` is not `true`.'
 
 const EMPTY_OPTIMIZATION_DATA: OptimizationData = {
   changes: [],
@@ -39,17 +40,17 @@ const EMPTY_OPTIMIZATION_DATA: OptimizationData = {
 }
 
 async function invokeUntypedMethod(
-  core: CoreStateless,
+  requestOptimization: ReturnType<CoreStateless['forRequest']>,
   method: 'trackClick' | 'trackHover' | 'trackFlagView' | 'trackView',
   payload: Record<string, unknown>,
 ): Promise<unknown> {
-  const methodRef = Reflect.get(core, method)
+  const methodRef = Reflect.get(requestOptimization, method)
 
   if (typeof methodRef !== 'function') {
     throw new Error(`Expected "${method}" to be a function`)
   }
 
-  return await Reflect.apply(methodRef, core, [payload])
+  return await Reflect.apply(methodRef, requestOptimization, [payload])
 }
 
 describe('CoreStateless', () => {
@@ -108,7 +109,7 @@ describe('CoreStateless', () => {
     expect(Reflect.get(core.api.experience, 'locale')).toBe('en-US')
   })
 
-  it('forwards request-bound options and explicit profiles through Experience upserts', async () => {
+  it('binds consent, profile, event context, and Experience request options with forRequest()', async () => {
     const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
     const upsertProfile = rs
       .spyOn(core.api.experience, 'upsertProfile')
@@ -119,31 +120,59 @@ describe('CoreStateless', () => {
       plainText: false,
       preflight: true,
     }
+    const requestOptimization = core.forRequest({
+      consent: { events: true, persistence: true },
+      eventContext: {
+        locale: 'en-US',
+        page: {
+          path: '/products',
+          query: {},
+          referrer: '',
+          search: '',
+          title: 'Products',
+          url: 'https://example.test/products',
+        },
+        userAgent: 'unit-test',
+      },
+      experienceOptions: requestOptions,
+      profile: { id: 'profile-123' },
+    })
 
-    await core.identify({ userId: 'user-123', profile: { id: 'profile-123' } }, requestOptions)
+    await requestOptimization.identify({ userId: 'user-123' })
 
+    expect(requestOptimization.canPersistProfile).toBe(true)
     expect(upsertProfile).toHaveBeenCalledWith(
       expect.objectContaining({
         profileId: 'profile-123',
-        events: [expect.objectContaining({ type: 'identify' })],
+        events: [
+          expect.objectContaining({
+            context: expect.objectContaining({
+              gdpr: expect.objectContaining({ isConsentGiven: true }),
+              locale: 'en-US',
+              page: expect.objectContaining({ path: '/products' }),
+              userAgent: 'unit-test',
+            }),
+            type: 'identify',
+          }),
+        ],
       }),
       requestOptions,
     )
   })
 
-  it('keeps request locale and event locale separate', async () => {
+  it('keeps request event locale and Experience request locale separate', async () => {
     const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
     const upsertProfile = rs
       .spyOn(core.api.experience, 'upsertProfile')
       .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
+    const requestOptimization = core.forRequest({
+      consent: true,
+      eventContext: { locale: 'en-US' },
+      experienceOptions: { locale: 'de-DE' },
+      profile: { id: 'profile-123' },
+    })
 
-    await core.page(
-      {
-        locale: 'en-US',
-        profile: { id: 'profile-123' },
-      },
-      { locale: 'de-DE' },
-    )
+    await requestOptimization.page()
 
     expect(upsertProfile).toHaveBeenCalledWith(
       expect.objectContaining({
@@ -156,29 +185,120 @@ describe('CoreStateless', () => {
     )
   })
 
-  it('isolates request-bound options between separate stateless calls', async () => {
-    const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
+  it('defaults allowedEventTypes to empty for stateless core requests', async () => {
+    const blockedEvents: BlockedEvent[] = []
+    const core = new CoreStateless({
+      clientId: 'key_123',
+      environment: 'main',
+      onEventBlocked: (event) => blockedEvents.push(event),
+    })
     const upsertProfile = rs
       .spyOn(core.api.experience, 'upsertProfile')
       .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
+    const requestOptimization = core.forRequest({
+      consent: { events: false },
+      profile: { id: 'profile-123' },
+    })
+
+    await requestOptimization.identify({ userId: 'user-123' })
+    await requestOptimization.page()
+    await requestOptimization.screen({ name: 'Home', properties: {} })
 
-    await Promise.all([
-      core.track({ event: 'first' }, { ip: '203.0.113.10', locale: 'de-DE' }),
-      core.track({ event: 'second' }, { ip: '198.51.100.5', locale: 'en-US', plainText: false }),
+    expect(core.allowedEventTypes).toEqual([])
+    expect(upsertProfile).not.toHaveBeenCalled()
+    expect(blockedEvents.map((event) => event.method)).toEqual(['identify', 'page', 'screen'])
+  })
+
+  it('blocks non-allowlisted events before consent and reports diagnostics', async () => {
+    const blockedEvents: BlockedEvent[] = []
+    const core = new CoreStateless({
+      clientId: 'key_123',
+      environment: 'main',
+      onEventBlocked: (event) => blockedEvents.push(event),
+    })
+    const upsertProfile = rs
+      .spyOn(core.api.experience, 'upsertProfile')
+      .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
+    const requestOptimization = core.forRequest({
+      consent: false,
+      profile: { id: 'profile-123' },
+    })
+
+    await expect(requestOptimization.track({ event: 'conversion' })).resolves.toBeUndefined()
+
+    expect(upsertProfile).not.toHaveBeenCalled()
+    expect(blockedEvents).toEqual([
+      {
+        args: [{ event: 'conversion' }],
+        method: 'track',
+        reason: 'consent',
+      },
     ])
+  })
 
-    const requestOptions = upsertProfile.mock.calls.map(([, options]) => options)
+  it('blocks all events before consent when allowedEventTypes is empty', async () => {
+    const blockedEvents: BlockedEvent[] = []
+    const core = new CoreStateless({
+      allowedEventTypes: [],
+      clientId: 'key_123',
+      environment: 'main',
+      onEventBlocked: (event) => blockedEvents.push(event),
+    })
+    const upsertProfile = rs
+      .spyOn(core.api.experience, 'upsertProfile')
+      .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
+    const requestOptimization = core.forRequest({
+      consent: false,
+      profile: { id: 'profile-123' },
+    })
 
-    expect(requestOptions).toEqual(
-      expect.arrayContaining([
-        expect.objectContaining({ ip: '203.0.113.10', locale: 'de-DE' }),
-        expect.objectContaining({
-          ip: '198.51.100.5',
-          locale: 'en-US',
-          plainText: false,
-        }),
-      ]),
-    )
+    await expect(requestOptimization.page()).resolves.toBeUndefined()
+
+    expect(upsertProfile).not.toHaveBeenCalled()
+    expect(blockedEvents).toHaveLength(1)
+    expect(blockedEvents[0]?.method).toBe('page')
+  })
+
+  it('allows consumers to widen pre-consent stateless event types', async () => {
+    const core = new CoreStateless({
+      allowedEventTypes: ['track'],
+      clientId: 'key_123',
+      environment: 'main',
+    })
+    const upsertProfile = rs
+      .spyOn(core.api.experience, 'upsertProfile')
+      .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
+    const requestOptimization = core.forRequest({
+      consent: false,
+      profile: { id: 'profile-123' },
+    })
+
+    await requestOptimization.track({ event: 'server-preflight' })
+
+    expect(upsertProfile.mock.calls[0]?.[0].events[0]?.context.gdpr.isConsentGiven).toBe(false)
+  })
+
+  it('updates the request-bound profile across sequential Experience calls', async () => {
+    const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
+    const firstProfile = { ...EMPTY_OPTIMIZATION_DATA.profile, id: 'first-profile' }
+    const secondProfile = { ...EMPTY_OPTIMIZATION_DATA.profile, id: 'second-profile' }
+    const upsertProfile = rs
+      .spyOn(core.api.experience, 'upsertProfile')
+      .mockResolvedValueOnce({ ...EMPTY_OPTIMIZATION_DATA, profile: firstProfile })
+      .mockResolvedValueOnce({ ...EMPTY_OPTIMIZATION_DATA, profile: secondProfile })
+    const requestOptimization = core.forRequest({
+      consent: true,
+      profile: { id: 'initial-profile' },
+    })
+
+    await requestOptimization.page()
+    await requestOptimization.identify({ userId: 'user-123' })
+
+    expect(upsertProfile.mock.calls.map(([body]) => body.profileId)).toEqual([
+      'initial-profile',
+      'first-profile',
+    ])
+    expect(requestOptimization.profile).toEqual(secondProfile)
   })
 
   it('sends sticky entry views through both the Experience API and Insights API', async () => {
@@ -187,17 +307,18 @@ describe('CoreStateless', () => {
       .spyOn(core.api.experience, 'upsertProfile')
       .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
     const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({
+      consent: true,
+      experienceOptions: { preflight: true },
+      profile: { id: 'profile-123' },
+    })
 
-    await core.trackView(
-      {
-        componentId: 'hero-banner',
-        sticky: true,
-        viewId: 'hero-banner-view',
-        viewDurationMs: 1000,
-        profile: { id: 'profile-123' },
-      },
-      { preflight: true },
-    )
+    await requestOptimization.trackView({
+      componentId: 'hero-banner',
+      sticky: true,
+      viewDurationMs: 1000,
+      viewId: 'hero-banner-view',
+    })
 
     expect(upsertProfile).toHaveBeenCalledWith(
       expect.objectContaining({
@@ -209,29 +330,74 @@ describe('CoreStateless', () => {
     expect(sendBatchEvents).toHaveBeenCalledWith([
       {
         profile: EMPTY_OPTIMIZATION_DATA.profile,
-        events: [expect.objectContaining({ type: 'component' })],
+        events: [
+          expect.objectContaining({
+            context: expect.objectContaining({
+              gdpr: expect.objectContaining({ isConsentGiven: true }),
+            }),
+            type: 'component',
+          }),
+        ],
       },
     ])
   })
 
-  it('rejects insights-only stateless methods without a profile id', async () => {
+  it('blocks Insights-only events before consent', async () => {
+    const blockedEvents: BlockedEvent[] = []
+    const core = new CoreStateless({
+      clientId: 'key_123',
+      environment: 'main',
+      onEventBlocked: (event) => blockedEvents.push(event),
+    })
+    const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({
+      consent: false,
+      profile: { id: 'profile-123' },
+    })
+
+    await requestOptimization.trackClick({ componentId: 'hero-banner' })
+
+    expect(sendBatchEvents).not.toHaveBeenCalled()
+    expect(blockedEvents[0]?.method).toBe('trackClick')
+  })
+
+  it('blocks Insights-only events before profile validation when consent is missing', async () => {
+    const blockedEvents: BlockedEvent[] = []
+    const core = new CoreStateless({
+      clientId: 'key_123',
+      environment: 'main',
+      onEventBlocked: (event) => blockedEvents.push(event),
+    })
+    const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({ consent: false })
+
+    await expect(
+      requestOptimization.trackClick({ componentId: 'hero-banner' }),
+    ).resolves.toBeUndefined()
+
+    expect(sendBatchEvents).not.toHaveBeenCalled()
+    expect(blockedEvents[0]?.method).toBe('trackClick')
+  })
+
+  it('rejects insights-only request methods without a request-bound profile id', async () => {
     const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
     const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({ consent: true })
 
     await expect(
-      invokeUntypedMethod(core, 'trackClick', {
+      invokeUntypedMethod(requestOptimization, 'trackClick', {
         componentId: 'hero-banner',
       }),
     ).rejects.toThrow(TRACK_CLICK_PROFILE_ERROR)
     await expect(
-      invokeUntypedMethod(core, 'trackHover', {
+      invokeUntypedMethod(requestOptimization, 'trackHover', {
         componentId: 'hero-banner',
         hoverDurationMs: 1000,
         hoverId: 'hover-id',
       }),
     ).rejects.toThrow(TRACK_HOVER_PROFILE_ERROR)
     await expect(
-      invokeUntypedMethod(core, 'trackFlagView', {
+      invokeUntypedMethod(requestOptimization, 'trackFlagView', {
         componentId: 'new-navigation',
       }),
     ).rejects.toThrow(TRACK_FLAG_VIEW_PROFILE_ERROR)
@@ -245,34 +411,43 @@ describe('CoreStateless', () => {
       .spyOn(core.api.experience, 'upsertProfile')
       .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
     const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({
+      consent: true,
+      experienceOptions: { preflight: true },
+      profile: { id: 'profile-123' },
+    })
 
     await expect(
-      core.trackView(
-        {
-          componentId: 'hero-banner',
-          viewId: 'hero-banner-view',
-          viewDurationMs: 1000,
-          profile: { id: 'profile-123' },
-        },
-        { preflight: true },
-      ),
+      requestOptimization.trackView({
+        componentId: 'hero-banner',
+        viewDurationMs: 1000,
+        viewId: 'hero-banner-view',
+      }),
     ).resolves.toBeUndefined()
 
     expect(upsertProfile).not.toHaveBeenCalled()
     expect(sendBatchEvents).toHaveBeenCalledWith([
       {
         profile: { id: 'profile-123' },
-        events: [expect.objectContaining({ type: 'component' })],
+        events: [
+          expect.objectContaining({
+            context: expect.objectContaining({
+              gdpr: expect.objectContaining({ isConsentGiven: true }),
+            }),
+            type: 'component',
+          }),
+        ],
       },
     ])
   })
 
-  it('rejects non-sticky entry views without a profile id', async () => {
+  it('rejects non-sticky entry views without a request-bound profile id', async () => {
     const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
     const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({ consent: true })
 
     await expect(
-      invokeUntypedMethod(core, 'trackView', {
+      invokeUntypedMethod(requestOptimization, 'trackView', {
         componentId: 'hero-banner',
         viewDurationMs: 1000,
         viewId: 'hero-banner-view',
@@ -290,16 +465,17 @@ describe('CoreStateless', () => {
       profile: responseProfile,
     })
     const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
+    const requestOptimization = core.forRequest({
+      consent: true,
+      experienceOptions: { preflight: true },
+    })
 
-    const result = await core.trackView(
-      {
-        componentId: 'hero-banner',
-        sticky: true,
-        viewDurationMs: 1000,
-        viewId: 'hero-banner-view',
-      },
-      { preflight: true },
-    )
+    const result = await requestOptimization.trackView({
+      componentId: 'hero-banner',
+      sticky: true,
+      viewDurationMs: 1000,
+      viewId: 'hero-banner-view',
+    })
 
     expect(result).toEqual({
       ...EMPTY_OPTIMIZATION_DATA,
@@ -318,60 +494,6 @@ describe('CoreStateless', () => {
         events: [expect.objectContaining({ type: 'component' })],
       },
     ])
-  })
-
-  it('prefers the Experience response profile over a stale input profile for sticky entry views', async () => {
-    const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
-    const staleProfile = { id: 'stale-profile' }
-    const responseProfile = { ...EMPTY_OPTIMIZATION_DATA.profile, id: 'fresh-profile' }
-    rs.spyOn(core.api.experience, 'upsertProfile').mockResolvedValue({
-      ...EMPTY_OPTIMIZATION_DATA,
-      profile: responseProfile,
-    })
-    const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
-
-    await core.trackView(
-      {
-        componentId: 'hero-banner',
-        sticky: true,
-        viewDurationMs: 1000,
-        viewId: 'hero-banner-view',
-        profile: staleProfile,
-      },
-      { preflight: true },
-    )
-
-    expect(sendBatchEvents).toHaveBeenCalledWith([
-      {
-        profile: responseProfile,
-        events: [expect.objectContaining({ type: 'component' })],
-      },
-    ])
-  })
-
-  it('keeps request-bound options off insights-only methods', async () => {
-    const core = new CoreStateless({ clientId: 'key_123', environment: 'main' })
-    const upsertProfile = rs
-      .spyOn(core.api.experience, 'upsertProfile')
-      .mockResolvedValue(EMPTY_OPTIMIZATION_DATA)
-    const sendBatchEvents = rs.spyOn(core.api.insights, 'sendBatchEvents').mockResolvedValue(true)
-
-    await core.trackClick(
-      { componentId: 'hero-banner', profile: { id: 'profile-123' } },
-      {
-        ip: '203.0.113.10',
-        locale: 'de-DE',
-        plainText: false,
-        preflight: true,
-      },
-    )
-
-    expect(upsertProfile).not.toHaveBeenCalled()
-    expect(sendBatchEvents).toHaveBeenCalledWith([
-      {
-        profile: { id: 'profile-123' },
-        events: [expect.objectContaining({ type: 'component_click' })],
-      },
-    ])
+    expect(requestOptimization.profile).toEqual(responseProfile)
   })
 })
diff --git a/packages/universal/core-sdk/src/CoreStateless.ts b/packages/universal/core-sdk/src/CoreStateless.ts
index bd2a7b3e..59895830 100644
--- a/packages/universal/core-sdk/src/CoreStateless.ts
+++ b/packages/universal/core-sdk/src/CoreStateless.ts
@@ -2,28 +2,12 @@ import type {
   ApiClientConfig,
   ExperienceApiClientRequestOptions,
 } from '@contentful/optimization-api-client'
-import {
-  BatchInsightsEventArray,
-  ExperienceEvent as ExperienceEventSchema,
-  InsightsEvent as InsightsEventSchema,
-  parseWithFriendlyError,
-  type ExperienceEvent as ExperienceEventPayload,
-  type InsightsEvent as InsightsEventPayload,
-} from '@contentful/optimization-api-client/api-schemas'
+import type { BlockedEvent } from './BlockedEvent'
 import type { CoreStatelessApiConfig } from './CoreApiConfig'
 import CoreBase, { type CoreConfig } from './CoreBase'
-import { PartialProfile, type OptimizationData } from './api-schemas'
-import type {
-  ClickBuilderArgs,
-  EventBuilderConfig,
-  FlagViewBuilderArgs,
-  HoverBuilderArgs,
-  IdentifyBuilderArgs,
-  PageViewBuilderArgs,
-  ScreenViewBuilderArgs,
-  TrackBuilderArgs,
-  ViewBuilderArgs,
-} from './events'
+import { CoreStatelessRequest, type CoreStatelessForRequestOptions } from './CoreStatelessRequest'
+import { DEFAULT_ALLOWED_EVENT_TYPES, type EventType } from './EventType'
+import type { EventBuilderConfig } from './events'
 import { resolveContentfulLocale } from './locale'
 
 /**
@@ -56,69 +40,32 @@ export interface CoreStatelessConfig extends CoreConfig {
    * useful in stateful environments.
    */
   eventBuilder?: Omit<EventBuilderConfig, 'getLocale' | 'getPageProperties' | 'getUserAgent'>
-}
-
-/**
- * Payload accepted by stateless Experience methods.
- *
- * @typeParam TPayload - Event-builder arguments for the specific method.
- *
- * @public
- */
-export type StatelessExperiencePayload<TPayload> = TPayload & { profile?: PartialProfile }
 
-/**
- * Payload accepted by stateless Insights methods.
- *
- * @typeParam TPayload - Event-builder arguments for the specific method.
- *
- * @public
- */
-export type StatelessInsightsPayload<TPayload> = TPayload & { profile: PartialProfile }
-
-/**
- * Sticky stateless view-tracking payload.
- *
- * @public
- */
-export type StatelessStickyTrackViewPayload = ViewBuilderArgs & {
-  profile?: PartialProfile
-  sticky: true
-}
+  /**
+   * Allow-listed event type strings permitted when request event consent is not granted.
+   */
+  allowedEventTypes?: EventType[]
 
-/**
- * Non-sticky stateless view-tracking payload.
- *
- * @public
- */
-export type StatelessNonStickyTrackViewPayload = Omit<ViewBuilderArgs, 'sticky'> & {
-  profile: PartialProfile
-  sticky?: false | undefined
+  /**
+   * Callback invoked whenever an event call is blocked by consent.
+   */
+  onEventBlocked?: (event: BlockedEvent) => void
 }
 
-const TRACK_CLICK_PROFILE_ERROR =
-  'CoreStateless.trackClick() requires `payload.profile.id` for Insights delivery.'
-const TRACK_HOVER_PROFILE_ERROR =
-  'CoreStateless.trackHover() requires `payload.profile.id` for Insights delivery.'
-const TRACK_FLAG_VIEW_PROFILE_ERROR =
-  'CoreStateless.trackFlagView() requires `payload.profile.id` for Insights delivery.'
-const NON_STICKY_TRACK_VIEW_PROFILE_ERROR =
-  'CoreStateless.trackView() requires `payload.profile.id` when `payload.sticky` is not `true`.'
-const STICKY_TRACK_VIEW_PROFILE_ERROR =
-  'CoreStateless.trackView() could not derive a profile from the sticky Experience response. Pass `payload.profile.id` explicitly if you need a fallback.'
+export { CoreStatelessRequest } from './CoreStatelessRequest'
+export type {
+  CoreStatelessForRequestOptions,
+  CoreStatelessRequestConsent,
+  StatelessExperiencePayload,
+  StatelessInsightsPayload,
+  StatelessNonStickyTrackViewPayload,
+  StatelessStickyTrackViewPayload,
+} from './CoreStatelessRequest'
+export type { EventType } from './EventType'
 
 const hasDefinedValues = (record: Record<string, unknown>): boolean =>
   Object.values(record).some((value) => value !== undefined)
 
-const requireInsightsProfile = (
-  profile: PartialProfile | undefined,
-  errorMessage: string,
-): PartialProfile => {
-  if (profile !== undefined) return profile
-
-  throw new Error(errorMessage)
-}
-
 const createStatelessExperienceApiConfig = (
   api: CoreStatelessConfig['api'] | undefined,
   locale: string | undefined,
@@ -148,16 +95,19 @@ const createStatelessInsightsApiConfig = (
  * Core runtime for stateless environments.
  *
  * @public
- * Built on top of `CoreBase`. Event-emitting methods are exposed directly on
- * the stateless instance and accept request-scoped Experience options as a
- * separate final argument.
+ * Built on top of `CoreBase`. Event-emitting methods are exposed on
+ * request-bound clients created with {@link CoreStateless.forRequest}.
  * @remarks
- * The runtime itself is stateless, but event methods still perform outbound
+ * The runtime itself is stateless, but request-bound event methods still perform outbound
  * Experience and Insights API calls. Cache Contentful delivery data in the
  * host application, not the results of those calls.
  */
 class CoreStateless extends CoreBase {
+  readonly allowedEventTypes: EventType[]
+  readonly onEventBlocked?: CoreStatelessConfig['onEventBlocked']
+
   constructor(config: CoreStatelessConfig) {
+    const { allowedEventTypes = DEFAULT_ALLOWED_EVENT_TYPES, onEventBlocked } = config
     const locale = resolveContentfulLocale({
       contentfulLocales: config.contentfulLocales,
     })
@@ -170,153 +120,19 @@ class CoreStateless extends CoreBase {
       },
       locale,
     )
-  }
-
-  async identify(
-    payload: StatelessExperiencePayload<IdentifyBuilderArgs>,
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData> {
-    const { profile, ...builderArgs } = payload
 
-    return await this.sendExperienceEvent(
-      this.eventBuilder.buildIdentify(builderArgs),
-      profile,
-      requestOptions,
-    )
+    this.allowedEventTypes = allowedEventTypes
+    this.onEventBlocked = onEventBlocked
   }
 
-  async page(
-    payload: StatelessExperiencePayload<PageViewBuilderArgs> = {},
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData> {
-    const { profile, ...builderArgs } = payload
-
-    return await this.sendExperienceEvent(
-      this.eventBuilder.buildPageView(builderArgs),
-      profile,
-      requestOptions,
-    )
-  }
-
-  async screen(
-    payload: StatelessExperiencePayload<ScreenViewBuilderArgs>,
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData> {
-    const { profile, ...builderArgs } = payload
-
-    return await this.sendExperienceEvent(
-      this.eventBuilder.buildScreenView(builderArgs),
-      profile,
-      requestOptions,
-    )
-  }
-
-  async track(
-    payload: StatelessExperiencePayload<TrackBuilderArgs>,
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData> {
-    const { profile, ...builderArgs } = payload
-
-    return await this.sendExperienceEvent(
-      this.eventBuilder.buildTrack(builderArgs),
-      profile,
-      requestOptions,
-    )
-  }
-
-  async trackView(
-    payload: StatelessStickyTrackViewPayload | StatelessNonStickyTrackViewPayload,
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData | undefined> {
-    const { profile, ...builderArgs } = payload
-    let result: OptimizationData | undefined = undefined
-    let insightsProfile: PartialProfile | undefined = profile
-
-    if (payload.sticky) {
-      result = await this.sendExperienceEvent(
-        this.eventBuilder.buildView(builderArgs),
-        profile,
-        requestOptions,
-      )
-      const { profile: responseProfile } = result
-      insightsProfile = responseProfile
-    }
-
-    await this.sendInsightsEvent(
-      this.eventBuilder.buildView(builderArgs),
-      requireInsightsProfile(
-        insightsProfile,
-        payload.sticky ? STICKY_TRACK_VIEW_PROFILE_ERROR : NON_STICKY_TRACK_VIEW_PROFILE_ERROR,
-      ),
-    )
-
-    return result
-  }
-
-  async trackClick(
-    payload: StatelessInsightsPayload<ClickBuilderArgs>,
-    _requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<void> {
-    const { profile, ...builderArgs } = payload
-
-    await this.sendInsightsEvent(
-      this.eventBuilder.buildClick(builderArgs),
-      requireInsightsProfile(profile, TRACK_CLICK_PROFILE_ERROR),
-    )
-  }
-
-  async trackHover(
-    payload: StatelessInsightsPayload<HoverBuilderArgs>,
-    _requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<void> {
-    const { profile, ...builderArgs } = payload
-
-    await this.sendInsightsEvent(
-      this.eventBuilder.buildHover(builderArgs),
-      requireInsightsProfile(profile, TRACK_HOVER_PROFILE_ERROR),
-    )
-  }
-
-  async trackFlagView(
-    payload: StatelessInsightsPayload<FlagViewBuilderArgs>,
-    _requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<void> {
-    const { profile, ...builderArgs } = payload
-
-    await this.sendInsightsEvent(
-      this.eventBuilder.buildFlagView(builderArgs),
-      requireInsightsProfile(profile, TRACK_FLAG_VIEW_PROFILE_ERROR),
-    )
-  }
-
-  private async sendExperienceEvent(
-    event: ExperienceEventPayload,
-    profile?: PartialProfile,
-    requestOptions?: CoreStatelessRequestOptions,
-  ): Promise<OptimizationData> {
-    const intercepted = await this.interceptors.event.run(event)
-    const validEvent = parseWithFriendlyError(ExperienceEventSchema, intercepted)
-
-    return await this.api.experience.upsertProfile(
-      {
-        profileId: profile?.id,
-        events: [validEvent],
-      },
-      requestOptions,
-    )
-  }
-
-  private async sendInsightsEvent(
-    event: InsightsEventPayload,
-    profile: PartialProfile,
-  ): Promise<void> {
-    const intercepted = await this.interceptors.event.run(event)
-    const validEvent = parseWithFriendlyError(InsightsEventSchema, intercepted)
-    const batchEvent: BatchInsightsEventArray = parseWithFriendlyError(BatchInsightsEventArray, [
-      { profile: parseWithFriendlyError(PartialProfile, profile), events: [validEvent] },
-    ])
-
-    await this.api.insights.sendBatchEvents(batchEvent)
+  /**
+   * Bind stateless SDK event calls to one incoming request.
+   *
+   * @param options - Request consent, profile, event context, and Experience API options.
+   * @returns Request-bound event client.
+   */
+  forRequest(options: CoreStatelessForRequestOptions): CoreStatelessRequest {
+    return new CoreStatelessRequest(this, options)
   }
 }
 
diff --git a/packages/universal/core-sdk/src/CoreStatelessRequest.ts b/packages/universal/core-sdk/src/CoreStatelessRequest.ts
new file mode 100644
index 00000000..1f04f652
--- /dev/null
+++ b/packages/universal/core-sdk/src/CoreStatelessRequest.ts
@@ -0,0 +1,336 @@
+import {
+  BatchInsightsEventArray,
+  ExperienceEvent as ExperienceEventSchema,
+  InsightsEvent as InsightsEventSchema,
+  parseWithFriendlyError,
+  type ExperienceEvent as ExperienceEventPayload,
+  type InsightsEvent as InsightsEventPayload,
+} from '@contentful/optimization-api-client/api-schemas'
+import { createScopedLogger } from '@contentful/optimization-api-client/logger'
+import type CoreStateless from './CoreStateless'
+import type { CoreStatelessRequestOptions } from './CoreStateless'
+import type { EventType } from './EventType'
+import { PartialProfile, type OptimizationData } from './api-schemas'
+import type {
+  ClickBuilderArgs,
+  FlagViewBuilderArgs,
+  HoverBuilderArgs,
+  IdentifyBuilderArgs,
+  PageViewBuilderArgs,
+  ScreenViewBuilderArgs,
+  TrackBuilderArgs,
+  UniversalEventBuilderArgs,
+  ViewBuilderArgs,
+} from './events'
+
+const coreLogger = createScopedLogger('CoreStateless')
+
+const TRACK_CLICK_PROFILE_ERROR =
+  'CoreStatelessRequest.trackClick() requires a request-bound profile id for Insights delivery.'
+const TRACK_HOVER_PROFILE_ERROR =
+  'CoreStatelessRequest.trackHover() requires a request-bound profile id for Insights delivery.'
+const TRACK_FLAG_VIEW_PROFILE_ERROR =
+  'CoreStatelessRequest.trackFlagView() requires a request-bound profile id for Insights delivery.'
+const NON_STICKY_TRACK_VIEW_PROFILE_ERROR =
+  'CoreStatelessRequest.trackView() requires a request-bound profile id when `payload.sticky` is not `true`.'
+const STICKY_TRACK_VIEW_PROFILE_ERROR =
+  'CoreStatelessRequest.trackView() could not derive a profile from the sticky Experience response. Bind `profile.id` with forRequest() if you need a fallback.'
+
+/**
+ * Request-scoped consent accepted by stateless request clients.
+ *
+ * @public
+ */
+export type CoreStatelessRequestConsent =
+  | boolean
+  | {
+      /** Whether events may be emitted for this request. */
+      events?: boolean
+      /** Whether profile continuity may be persisted by the host application. */
+      persistence?: boolean
+    }
+
+/**
+ * Options used to bind stateless SDK calls to an incoming request.
+ *
+ * @public
+ */
+export interface CoreStatelessForRequestOptions {
+  /** Request-scoped event and persistence consent. */
+  consent: CoreStatelessRequestConsent
+  /** Profile already known for the request, such as an anonymous ID from a cookie. */
+  profile?: PartialProfile
+  /** Universal event context shared by event calls made through this request object. */
+  eventContext?: UniversalEventBuilderArgs
+  /** Experience API options shared by Experience calls made through this request object. */
+  experienceOptions?: CoreStatelessRequestOptions
+}
+
+/**
+ * Payload accepted by request-bound Experience methods.
+ *
+ * @typeParam TPayload - Event-builder arguments for the specific method.
+ *
+ * @public
+ */
+export type StatelessExperiencePayload<TPayload> = TPayload
+
+/**
+ * Payload accepted by request-bound Insights methods.
+ *
+ * @typeParam TPayload - Event-builder arguments for the specific method.
+ *
+ * @public
+ */
+export type StatelessInsightsPayload<TPayload> = TPayload
+
+/**
+ * Sticky request-bound view-tracking payload.
+ *
+ * @public
+ */
+export type StatelessStickyTrackViewPayload = ViewBuilderArgs & {
+  sticky: true
+}
+
+/**
+ * Non-sticky request-bound view-tracking payload.
+ *
+ * @public
+ */
+export type StatelessNonStickyTrackViewPayload = Omit<ViewBuilderArgs, 'sticky'> & {
+  sticky?: false | undefined
+}
+
+const requireInsightsProfile = (
+  profile: PartialProfile | undefined,
+  errorMessage: string,
+): PartialProfile => {
+  if (profile?.id !== undefined) return profile
+
+  throw new Error(errorMessage)
+}
+
+const withRequestEventConsent = <TEvent extends ExperienceEventPayload | InsightsEventPayload>(
+  event: TEvent,
+  isConsentGiven: boolean,
+): TEvent => ({
+  ...event,
+  context: {
+    ...event.context,
+    gdpr: {
+      ...event.context.gdpr,
+      isConsentGiven,
+    },
+  },
+})
+
+type RequestExperienceMethod = 'identify' | 'page' | 'screen' | 'track'
+
+/**
+ * Request-bound stateless Optimization Core event client.
+ *
+ * @public
+ */
+export class CoreStatelessRequest {
+  private readonly core: CoreStateless
+  private currentProfile: PartialProfile | undefined
+  private readonly requestEventConsent: boolean | undefined
+  private readonly eventContext: UniversalEventBuilderArgs
+  private readonly experienceOptions: CoreStatelessRequestOptions | undefined
+  readonly canPersistProfile: boolean
+
+  constructor(core: CoreStateless, options: CoreStatelessForRequestOptions) {
+    const { consent, eventContext, experienceOptions, profile } = options
+    const isBooleanConsent = typeof consent === 'boolean'
+
+    this.core = core
+    this.currentProfile = profile
+    this.requestEventConsent = isBooleanConsent ? consent : consent.events
+    this.canPersistProfile = (isBooleanConsent ? consent : consent.persistence) === true
+    this.eventContext = eventContext ?? {}
+    this.experienceOptions = experienceOptions
+  }
+
+  /**
+   * Current request profile, updated after Experience responses.
+   */
+  get profile(): PartialProfile | undefined {
+    return this.currentProfile
+  }
+
+  async identify(
+    payload: StatelessExperiencePayload<IdentifyBuilderArgs>,
+  ): Promise<OptimizationData | undefined> {
+    return await this.sendExperienceEvent(
+      'identify',
+      [payload],
+      this.core.eventBuilder.buildIdentify(this.withEventContext(payload)),
+    )
+  }
+
+  async page(
+    payload: StatelessExperiencePayload<PageViewBuilderArgs> = {},
+  ): Promise<OptimizationData | undefined> {
+    return await this.sendExperienceEvent(
+      'page',
+      [payload],
+      this.core.eventBuilder.buildPageView(this.withEventContext(payload)),
+    )
+  }
+
+  async screen(
+    payload: StatelessExperiencePayload<ScreenViewBuilderArgs>,
+  ): Promise<OptimizationData | undefined> {
+    return await this.sendExperienceEvent(
+      'screen',
+      [payload],
+      this.core.eventBuilder.buildScreenView(this.withEventContext(payload)),
+    )
+  }
+
+  async track(
+    payload: StatelessExperiencePayload<TrackBuilderArgs>,
+  ): Promise<OptimizationData | undefined> {
+    return await this.sendExperienceEvent(
+      'track',
+      [payload],
+      this.core.eventBuilder.buildTrack(this.withEventContext(payload)),
+    )
+  }
+
+  async trackView(
+    payload: StatelessStickyTrackViewPayload | StatelessNonStickyTrackViewPayload,
+  ): Promise<OptimizationData | undefined> {
+    if (!this.hasConsent('component')) {
+      this.reportBlockedEvent('trackView', [payload])
+      return undefined
+    }
+
+    const builderArgs = this.withEventContext(payload)
+    let result: OptimizationData | undefined = undefined
+    let { currentProfile: insightsProfile } = this
+
+    if (payload.sticky) {
+      result = await this.sendAllowedExperienceEvent(this.core.eventBuilder.buildView(builderArgs))
+      const { profile } = result
+      insightsProfile = profile
+    }
+
+    await this.sendAllowedInsightsEvent(
+      this.core.eventBuilder.buildView(builderArgs),
+      requireInsightsProfile(
+        insightsProfile,
+        payload.sticky ? STICKY_TRACK_VIEW_PROFILE_ERROR : NON_STICKY_TRACK_VIEW_PROFILE_ERROR,
+      ),
+    )
+
+    return result
+  }
+
+  async trackClick(payload: StatelessInsightsPayload<ClickBuilderArgs>): Promise<void> {
+    if (!this.hasConsent('component_click')) {
+      this.reportBlockedEvent('trackClick', [payload])
+      return
+    }
+
+    await this.sendAllowedInsightsEvent(
+      this.core.eventBuilder.buildClick(this.withEventContext(payload)),
+      requireInsightsProfile(this.currentProfile, TRACK_CLICK_PROFILE_ERROR),
+    )
+  }
+
+  async trackHover(payload: StatelessInsightsPayload<HoverBuilderArgs>): Promise<void> {
+    if (!this.hasConsent('component_hover')) {
+      this.reportBlockedEvent('trackHover', [payload])
+      return
+    }
+
+    await this.sendAllowedInsightsEvent(
+      this.core.eventBuilder.buildHover(this.withEventContext(payload)),
+      requireInsightsProfile(this.currentProfile, TRACK_HOVER_PROFILE_ERROR),
+    )
+  }
+
+  async trackFlagView(payload: StatelessInsightsPayload<FlagViewBuilderArgs>): Promise<void> {
+    if (!this.hasConsent('component')) {
+      this.reportBlockedEvent('trackFlagView', [payload])
+      return
+    }
+
+    await this.sendAllowedInsightsEvent(
+      this.core.eventBuilder.buildFlagView(this.withEventContext(payload)),
+      requireInsightsProfile(this.currentProfile, TRACK_FLAG_VIEW_PROFILE_ERROR),
+    )
+  }
+
+  private withEventContext<TPayload extends UniversalEventBuilderArgs>(
+    payload: TPayload,
+  ): TPayload {
+    return {
+      ...this.eventContext,
+      ...payload,
+    }
+  }
+
+  private hasConsent(eventType: EventType): boolean {
+    return this.requestEventConsent === true || this.core.allowedEventTypes.includes(eventType)
+  }
+
+  private async sendExperienceEvent(
+    method: RequestExperienceMethod,
+    args: readonly unknown[],
+    event: ExperienceEventPayload,
+  ): Promise<OptimizationData | undefined> {
+    if (!this.hasConsent(method)) {
+      this.reportBlockedEvent(method, args)
+      return undefined
+    }
+
+    return await this.sendAllowedExperienceEvent(event)
+  }
+
+  private async sendAllowedExperienceEvent(
+    event: ExperienceEventPayload,
+  ): Promise<OptimizationData> {
+    const intercepted = await this.core.interceptors.event.run(
+      withRequestEventConsent(event, this.requestEventConsent === true),
+    )
+    const validEvent = parseWithFriendlyError(ExperienceEventSchema, intercepted)
+    const result = await this.core.api.experience.upsertProfile(
+      {
+        profileId: this.currentProfile?.id,
+        events: [validEvent],
+      },
+      this.experienceOptions,
+    )
+
+    const { profile } = result
+    this.currentProfile = profile
+
+    return result
+  }
+
+  private async sendAllowedInsightsEvent(
+    event: InsightsEventPayload,
+    profile: PartialProfile,
+  ): Promise<void> {
+    const intercepted = await this.core.interceptors.event.run(
+      withRequestEventConsent(event, this.requestEventConsent === true),
+    )
+    const validEvent = parseWithFriendlyError(InsightsEventSchema, intercepted)
+    const batchEvent: BatchInsightsEventArray = parseWithFriendlyError(BatchInsightsEventArray, [
+      { profile: parseWithFriendlyError(PartialProfile, profile), events: [validEvent] },
+    ])
+
+    await this.core.api.insights.sendBatchEvents(batchEvent)
+  }
+
+  private reportBlockedEvent(method: string, args: readonly unknown[]): void {
+    try {
+      this.core.onEventBlocked?.({ reason: 'consent', method, args })
+    } catch (error) {
+      coreLogger.warn(`onEventBlocked callback failed for method "${method}"`, error)
+    }
+  }
+}
diff --git a/packages/universal/core-sdk/src/EventType.ts b/packages/universal/core-sdk/src/EventType.ts
new file mode 100644
index 00000000..14410860
--- /dev/null
+++ b/packages/universal/core-sdk/src/EventType.ts
@@ -0,0 +1,22 @@
+import type {
+  ExperienceEventType,
+  InsightsEventType,
+} from '@contentful/optimization-api-client/api-schemas'
+
+/**
+ * Union of all event type keys that Optimization Core can emit.
+ *
+ * @public
+ */
+export type EventType = InsightsEventType | ExperienceEventType
+
+/**
+ * Default Core event types allowed before event consent is granted.
+ *
+ * @remarks
+ * Core fails closed by default. Runtime SDKs set their own defaults for the
+ * event types valid in that runtime.
+ *
+ * @public
+ */
+export const DEFAULT_ALLOWED_EVENT_TYPES: EventType[] = []
diff --git a/packages/universal/core-sdk/src/constants.ts b/packages/universal/core-sdk/src/constants.ts
index e6904199..f9f3b3a5 100644
--- a/packages/universal/core-sdk/src/constants.ts
+++ b/packages/universal/core-sdk/src/constants.ts
@@ -51,6 +51,13 @@ export const ANONYMOUS_ID_KEY = '__ctfl_opt_anonymous_id__'
  */
 export const CONSENT_KEY = '__ctfl_opt_consent__'
 
+/**
+ * Storage key for the persisted profile-continuity persistence consent status.
+ *
+ * @internal
+ */
+export const PERSISTENCE_CONSENT_KEY = '__ctfl_opt_persistence_consent__'
+
 /**
  * Storage key for cached Custom Flags.
  *
diff --git a/packages/universal/core-sdk/src/events/EventBuilder.test.ts b/packages/universal/core-sdk/src/events/EventBuilder.test.ts
index 91e92ccb..eff19203 100644
--- a/packages/universal/core-sdk/src/events/EventBuilder.test.ts
+++ b/packages/universal/core-sdk/src/events/EventBuilder.test.ts
@@ -21,4 +21,20 @@ describe('EventBuilder.buildScreenView', () => {
 
     expect(event.properties).toEqual(expect.objectContaining({ name: 'Home' }))
   })
+
+  it('marks GDPR consent as false when no event consent getter is configured', () => {
+    const event = builder.buildScreenView({ name: 'Home', properties: {} })
+
+    expect(event.context.gdpr.isConsentGiven).toBe(false)
+  })
+
+  it('uses the configured event consent getter for GDPR context', () => {
+    const event = new EventBuilder({
+      channel: 'mobile',
+      library: { name: '@contentful/optimization-ios', version: '0.0.1' },
+      getConsent: () => false,
+    }).buildScreenView({ name: 'Home', properties: {} })
+
+    expect(event.context.gdpr.isConsentGiven).toBe(false)
+  })
 })
diff --git a/packages/universal/core-sdk/src/events/EventBuilder.ts b/packages/universal/core-sdk/src/events/EventBuilder.ts
index 4d23184b..563aa6a0 100644
--- a/packages/universal/core-sdk/src/events/EventBuilder.ts
+++ b/packages/universal/core-sdk/src/events/EventBuilder.ts
@@ -105,6 +105,13 @@ export interface EventBuilderConfig {
    * @returns A user agent string, or `undefined` if unavailable.
    */
   getUserAgent?: () => string | undefined
+
+  /**
+   * Function used to resolve whether event consent has been granted.
+   *
+   * @returns `true` when event consent is granted, `false` or `undefined` otherwise.
+   */
+  getConsent?: () => boolean | undefined
 }
 
 export const UniversalEventBuilderArgs = z.object({
@@ -324,6 +331,13 @@ class EventBuilder {
    */
   getUserAgent: () => string | undefined
 
+  /**
+   * Function that provides the current event consent value.
+   *
+   * @internal
+   */
+  getConsent: () => boolean | undefined
+
   /**
    * Creates a new {@link EventBuilder} instance.
    *
@@ -342,13 +356,14 @@ class EventBuilder {
    * ```
    */
   constructor(config: EventBuilderConfig) {
-    const { app, channel, library, getLocale, getPageProperties, getUserAgent } = config
+    const { app, channel, library, getLocale, getPageProperties, getUserAgent, getConsent } = config
     this.app = app
     this.channel = channel
     this.library = library
     this.getLocale = getLocale ?? (() => 'en-US')
     this.getPageProperties = getPageProperties ?? (() => DEFAULT_PAGE_PROPERTIES)
     this.getUserAgent = getUserAgent ?? (() => undefined)
+    this.getConsent = getConsent ?? (() => undefined)
   }
 
   /**
@@ -376,7 +391,7 @@ class EventBuilder {
       context: {
         app: this.app,
         campaign,
-        gdpr: { isConsentGiven: true },
+        gdpr: { isConsentGiven: this.getConsent() === true },
         library: this.library,
         locale: locale ?? this.getLocale() ?? 'en-US',
         location,
diff --git a/packages/universal/core-sdk/src/index.ts b/packages/universal/core-sdk/src/index.ts
index c2d48e05..faf130ce 100644
--- a/packages/universal/core-sdk/src/index.ts
+++ b/packages/universal/core-sdk/src/index.ts
@@ -19,13 +19,15 @@ export {
 } from './signals'
 
 export type * from './BlockedEvent'
-export type { ConsentController, ConsentGuard } from './Consent'
+export type { ConsentController, ConsentGuard, ConsentInput } from './Consent'
 export * from './constants'
 export type * from './CoreApiConfig'
 export * from './CoreBase'
 export * from './CoreStateful'
 export * from './CoreStateless'
+export * from './CoreStatelessRequest'
 export * from './events'
+export * from './EventType'
 export * from './lib/decorators'
 export * from './lib/interceptor'
 export type {
diff --git a/packages/universal/core-sdk/src/preview-support/AGENTS.md b/packages/universal/core-sdk/src/preview-support/AGENTS.md
index 76e45e73..0d3fdb2e 100644
--- a/packages/universal/core-sdk/src/preview-support/AGENTS.md
+++ b/packages/universal/core-sdk/src/preview-support/AGENTS.md
@@ -1,24 +1,17 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, `packages/universal/AGENTS.md`, and
-`packages/universal/core-sdk/AGENTS.md` before this file.
+Owns cross-platform preview-panel support: override management, preview models, Contentful entry
+mapping, fetch helpers, signals, and the `./preview-support` entry point.
 
-## Scope
-
-This subtree owns the cross-platform preview-panel support toolkit: override management,
-preview-model building, Contentful entry mapping, fetch helpers, signals, and the dedicated
-`./preview-support` entry point.
-
-## Local rules
+## Rules
 
 - Contentful content-model knowledge (`nt_audience`, `nt_experience`, `nt_config`, ...) belongs
-  here. Keep the rest of `core-sdk` platform-agnostic and free of Contentful schema knowledge.
-- Keep public preview-support APIs stable for the React Native SDK re-export and the iOS JSC bridge.
-- Keep override behavior aligned with preview-panel scenario contracts and platform wrapper
-  expectations.
+  here; keep the rest of `core-sdk` free of schema knowledge.
+- Keep public APIs stable for the React Native SDK re-export and the iOS JSC bridge.
+- Keep override behavior aligned with preview-panel scenario contracts and platform wrappers.
 
-## Usually validate
+## Validate
 
 - Run `@contentful/optimization-core` unit tests for preview-support changes.
-- Re-validate React Native SDK preview behavior and the iOS JSC bridge when changing public
-  preview-support behavior, exported types, or override semantics.
+- Revalidate React Native preview behavior and the iOS JSC bridge for public API, exported type, or
+  override-semantic changes.
diff --git a/packages/universal/core-sdk/src/queues/ExperienceQueue.ts b/packages/universal/core-sdk/src/queues/ExperienceQueue.ts
index fe4183a4..875daa67 100644
--- a/packages/universal/core-sdk/src/queues/ExperienceQueue.ts
+++ b/packages/universal/core-sdk/src/queues/ExperienceQueue.ts
@@ -98,6 +98,11 @@ export class ExperienceQueue {
     this.flushRuntime.clearScheduledRetry()
   }
 
+  clearQueuedEvents(): void {
+    this.queuedExperienceEvents.clear()
+    this.flushRuntime.reset()
+  }
+
   async send(event: ExperienceEventPayload): Promise<OptimizationData | undefined> {
     const intercepted = await this.eventInterceptors.run(event)
     const validEvent = parseWithFriendlyError(ExperienceEventSchema, intercepted)
diff --git a/packages/universal/core-sdk/src/queues/InsightsQueue.ts b/packages/universal/core-sdk/src/queues/InsightsQueue.ts
index 5f94d998..e87d9d49 100644
--- a/packages/universal/core-sdk/src/queues/InsightsQueue.ts
+++ b/packages/universal/core-sdk/src/queues/InsightsQueue.ts
@@ -63,6 +63,12 @@ export class InsightsQueue {
     this.flushRuntime.clearScheduledRetry()
   }
 
+  clearQueuedEvents(): void {
+    this.queuedInsightsByProfile.clear()
+    this.flushRuntime.reset()
+    this.reconcilePeriodicFlushTimer()
+  }
+
   clearPeriodicFlushTimer(): void {
     if (this.insightsPeriodicFlushTimer === undefined) return
 
diff --git a/packages/universal/core-sdk/src/signals/signals.ts b/packages/universal/core-sdk/src/signals/signals.ts
index e094aa44..cd8c7652 100644
--- a/packages/universal/core-sdk/src/signals/signals.ts
+++ b/packages/universal/core-sdk/src/signals/signals.ts
@@ -29,6 +29,13 @@ export const blockedEvent: Signal<BlockedEvent | undefined> = signal<BlockedEven
  */
 export const consent = signal<boolean | undefined>()
 
+/**
+ * Current durable profile-continuity persistence consent state.
+ *
+ * @public
+ */
+export const persistenceConsent = signal<boolean | undefined>()
+
 /**
  * Most recent emitted optimization event.
  *
@@ -112,6 +119,8 @@ export interface Signals {
   previewPanelAttached: typeof previewPanelAttached
   /** Preview panel open-state signal. */
   previewPanelOpen: typeof previewPanelOpen
+  /** Durable profile-continuity persistence consent signal. */
+  persistenceConsent: typeof persistenceConsent
   /** Selected optimization variants signal. */
   selectedOptimizations: typeof selectedOptimizations
   /** Whether optimization selection data is available. */
@@ -150,6 +159,7 @@ export const signals: Signals = {
   online,
   previewPanelAttached,
   previewPanelOpen,
+  persistenceConsent,
   selectedOptimizations,
   canOptimize,
   profile,
diff --git a/packages/universal/optimization-js-bridge/AGENTS.md b/packages/universal/optimization-js-bridge/AGENTS.md
index 5d01cd74..d27c9c9a 100644
--- a/packages/universal/optimization-js-bridge/AGENTS.md
+++ b/packages/universal/optimization-js-bridge/AGENTS.md
@@ -1,51 +1,28 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, then
-`packages/universal/AGENTS.md`, before this file.
+Shared TypeScript bridge source compiled into the native UMD bundles consumed by iOS JavaScriptCore
+and Android QuickJS.
 
-## Scope
-
-This package owns the shared TypeScript bridge source compiled into the UMD bundles consumed by both
-native SDKs: the iOS Swift package (JavaScriptCore) and the Android Kotlin SDK (QuickJS). One
-`src/index.ts` is the single source of truth — there is no separate per-platform bridge.
-
-## Key paths
-
-- `src/index.ts` — the shared bridge adapter over `@contentful/optimization-core`
-- `src/polyfills/` — the eight JS polyfill scripts (`console`, `timers`, `fetch`, `crypto`, `url`,
-  `abort-controller`, `promise-utilities`, `text-encoding`) prepended to each UMD bundle at build
-  time. Single source of truth for both platforms; do not fork per platform.
-- `rslib.config.ts` — builds one UMD bundle per native platform and prepends polyfill source
-- `package.json` — `postbuild` copies each bundle into its native SDK
-
-## Local rules
+## Rules
 
+- `src/index.ts` is the single bridge source of truth; do not fork per platform.
 - Keep the bridge engine-agnostic: JSON strings, callback pairs, and no browser-only or Node-only
-  assumptions. Both JavaScriptCore and QuickJS host this bundle; runtime gaps are filled by the JS
-  polyfills under `src/polyfills/` (prepended into the bundle) plus the native bindings each SDK
-  registers (`__nativeLog`, `__nativeFetch`, `__nativeSetTimeout`, etc.) before the bundle runs.
-- Polyfills must not diverge per platform. If a future feature genuinely needs platform-specific
-  behavior, do it via `__OPTIMIZATION_PACKAGE_NAME__`-style defines in the bridge entry, not by
-  re-forking polyfill files.
-- The build emits two UMD bundles from the one source — `optimization-ios-bridge.umd.js` and
-  `optimization-android-bridge.umd.js`. They differ only in the `__OPTIMIZATION_PACKAGE_NAME__`
-  define, which Core stamps into the analytics `library.name`. Keep both platform names in
-  `rslib.config.ts` so iOS and Android events stay distinguishable.
-- Keep bridge state shapes and method contracts aligned with both native model layers, under
-  `packages/ios/ContentfulOptimization/Sources/ContentfulOptimization/Core/` and
-  `packages/android/ContentfulOptimization/src/main/kotlin/com/contentful/optimization/`.
-- Keep preview override calls aligned with `@contentful/optimization-core/preview-support`.
-- Do not hand-edit `dist/` or the copied native bundle outputs. Build this package to refresh them.
+  assumptions.
+- Polyfills under `src/polyfills/` are shared and prepended into both bundles. Platform-specific
+  behavior should use build defines, not forked polyfill files.
+- The build emits `optimization-ios-bridge.umd.js` and `optimization-android-bridge.umd.js`; keep
+  platform names in `rslib.config.ts` so analytics `library.name` remains distinguishable.
+- Keep method contracts, payload shapes, and preview override calls aligned with native model layers
+  and `@contentful/optimization-core/preview-support`.
+- Do not hand-edit `dist/` or copied native bundle outputs. Build this package to refresh them.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-js-bridge typecheck`
-- `pnpm --filter @contentful/optimization-js-bridge build`
+- `pnpm --filter @contentful/optimization-js-bridge <script>` with `typecheck` or `build`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` for TypeScript source changes.
-- Run `build` for runtime, export, dependency, bundler config, or bridge contract changes — it
-  refreshes both native bundles.
-- After bridge contract or payload-shape changes, validate the iOS Swift package and the Android
-  Kotlin SDK, plus targeted reference-app coverage that exercises the changed behavior.
+- Run `build` for runtime, export, dependency, bundler config, or bridge contract changes.
+- After bridge contract or payload-shape changes, validate the iOS Swift package, Android Kotlin
+  SDK, and targeted reference-app coverage.
diff --git a/packages/universal/optimization-js-bridge/package.json b/packages/universal/optimization-js-bridge/package.json
index 1e153920..d697da4b 100644
--- a/packages/universal/optimization-js-bridge/package.json
+++ b/packages/universal/optimization-js-bridge/package.json
@@ -12,7 +12,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build",
     "postbuild": "mkdir -p ../../ios/ContentfulOptimization/Sources/ContentfulOptimization/Resources ../../android/ContentfulOptimization/src/main/assets && cp dist/optimization-ios-bridge.umd.js ../../ios/ContentfulOptimization/Sources/ContentfulOptimization/Resources/ && cp dist/optimization-android-bridge.umd.js ../../android/ContentfulOptimization/src/main/assets/",
-    "clean": "rimraf ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "test:unit": "echo 'No tests yet'",
     "typecheck": "tsc --noEmit"
   },
diff --git a/packages/universal/optimization-js-bridge/src/index.ts b/packages/universal/optimization-js-bridge/src/index.ts
index f0abaa5b..3a9c2d93 100644
--- a/packages/universal/optimization-js-bridge/src/index.ts
+++ b/packages/universal/optimization-js-bridge/src/index.ts
@@ -1,5 +1,6 @@
 import type { Traits } from '@contentful/optimization-api-client/api-schemas'
 import {
+  type ConsentInput,
   CoreStateful,
   type CoreStatefulConfig,
   effect,
@@ -25,6 +26,10 @@ type ScreenProperties = Parameters<CoreStateful['screen']>[0]['properties']
 type ProfileValue = typeof signals.profile.value
 type ChangesValue = typeof signals.changes.value
 type SelectedOptimizationsValue = typeof signals.selectedOptimizations.value
+const DEFAULT_NATIVE_ALLOWED_EVENT_TYPES: NonNullable<CoreStatefulConfig['allowedEventTypes']> = [
+  'identify',
+  'screen',
+]
 
 // Native runtimes (iOS JavaScriptCore, Android QuickJS) install these callbacks
 // on the JS engine's globalThis before the bridge is loaded. The bridge calls
@@ -49,17 +54,21 @@ interface BridgeConfig {
   }
   contentfulLocales?: CoreStatefulConfig['contentfulLocales']
   locale?: string
+  allowedEventTypes?: CoreStatefulConfig['allowedEventTypes']
   defaults?: {
     consent?: boolean
+    persistenceConsent?: boolean
     profile?: ProfileValue
     changes?: ChangesValue
     optimizations?: SelectedOptimizationsValue
+    anonymousId?: string
   }
 }
 
 interface BridgeState {
   profile: ProfileValue | null
   consent: boolean | undefined
+  persistenceConsent: boolean | undefined
   canPersonalize: boolean
   changes: ChangesValue | null
   locale: string | null
@@ -116,7 +125,7 @@ interface Bridge {
   ) => void
 
   // Synchronous
-  consent: (accept: boolean) => void
+  consent: (accept: ConsentInput) => void
   setLocale: (locale: string) => string | null
   reset: () => void
   // Native code passes JSON-shaped objects; the bridge trusts the shape and
@@ -153,6 +162,7 @@ let audienceDefinitions: AudienceDefinition[] | null = null
 let experienceDefinitions: ExperienceDefinition[] | null = null
 let audienceNameMap: Record<string, string> = {}
 let experienceNameMap: Record<string, string> = {}
+let anonymousId: string | undefined = undefined
 
 const bridge: Bridge = {
   initialize(config: BridgeConfig) {
@@ -164,17 +174,20 @@ const bridge: Bridge = {
     experienceDefinitions = null
     audienceNameMap = {}
     experienceNameMap = {}
+    anonymousId = config.defaults?.anonymousId
 
     const coreConfig: CoreStatefulConfig = {
       clientId: config.clientId,
       environment: config.environment,
       contentfulLocales: config.contentfulLocales,
       locale: config.locale,
+      allowedEventTypes: config.allowedEventTypes ?? DEFAULT_NATIVE_ALLOWED_EVENT_TYPES,
       api: {
         experienceBaseUrl: config.experienceBaseUrl,
         insightsBaseUrl: config.insightsBaseUrl,
         locale: config.api?.locale,
       },
+      getAnonymousId: () => (signals.persistenceConsent.value === true ? anonymousId : undefined),
     }
 
     instance = new CoreStateful(coreConfig)
@@ -182,8 +195,10 @@ const bridge: Bridge = {
     // Apply stored defaults before any other operations
     const { defaults } = config
     if (defaults) {
-      const { consent, profile, changes, optimizations } = defaults
-      if (consent !== undefined) {
+      const { consent, persistenceConsent, profile, changes, optimizations } = defaults
+      if (persistenceConsent !== undefined) {
+        instance.consent({ events: consent, persistence: persistenceConsent })
+      } else if (consent !== undefined) {
         instance.consent(consent)
       }
       if (profile !== undefined) {
@@ -196,7 +211,6 @@ const bridge: Bridge = {
         signals.selectedOptimizations.value = optimizations
       }
     }
-    instance.consent(true)
 
     // Create the override manager — registers a state interceptor that
     // preserves overrides across API refreshes and correctly appends
@@ -211,9 +225,19 @@ const bridge: Bridge = {
     })
 
     disposeEffect = effect(() => {
+      const profile = signals.profile.value
+      const persistenceConsent = signals.persistenceConsent.value
+
+      if (persistenceConsent === false) {
+        anonymousId = undefined
+      } else if (persistenceConsent === true && profile?.id) {
+        anonymousId = profile.id
+      }
+
       const state: BridgeState = {
-        profile: signals.profile.value ?? null,
+        profile: profile ?? null,
         consent: signals.consent.value,
+        persistenceConsent,
         canPersonalize: signals.canOptimize.value,
         changes: signals.changes.value ?? null,
         locale: signals.locale.value ?? null,
@@ -332,7 +356,7 @@ const bridge: Bridge = {
       })
   },
 
-  consent(accept: boolean) {
+  consent(accept) {
     if (!instance) return
     instance.consent(accept)
   },
@@ -447,6 +471,7 @@ const bridge: Bridge = {
     return JSON.stringify({
       profile: signals.profile.value ?? null,
       consent: signals.consent.value,
+      persistenceConsent: signals.persistenceConsent.value,
       canPersonalize: signals.canOptimize.value,
       changes: signals.changes.value ?? null,
       locale: signals.locale.value ?? null,
@@ -471,6 +496,7 @@ const bridge: Bridge = {
     const state: BridgeState = {
       profile: signals.profile.value ?? null,
       consent: signals.consent.value,
+      persistenceConsent: signals.persistenceConsent.value,
       canPersonalize: signals.canOptimize.value,
       changes: signals.changes.value ?? null,
       locale: signals.locale.value ?? null,
@@ -502,6 +528,7 @@ const bridge: Bridge = {
       instance.destroy()
       instance = null
     }
+    anonymousId = undefined
   },
 }
 
diff --git a/packages/web/AGENTS.md b/packages/web/AGENTS.md
index 9eda5e4b..b8bd1ea4 100644
--- a/packages/web/AGENTS.md
+++ b/packages/web/AGENTS.md
@@ -1,26 +1,23 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, then `packages/AGENTS.md`, before this file.
+Web-family packages under `packages/web/`.
 
-These instructions apply to Web-family packages under `packages/web/`.
+## Boundaries
 
-## Web package boundaries
-
-- Keep Web-family packages browser-oriented. Server-only assumptions belong in Node-specific
-  packages or implementations.
-- `web-sdk` owns browser runtime behavior, entry interaction tracking, and Web SDK preview bridge
+- Keep Web packages browser-oriented; server-only assumptions belong in Node packages or
+  implementations.
+- `web-sdk` owns browser runtime behavior, entry interaction tracking, and Web preview bridge
   integration points.
-- `preview-panel` is intentionally coupled to Web SDK preview internals. Preview bridge changes
-  usually need coordinated Web SDK and preview-panel updates.
-- `frameworks/react-web-sdk` owns reusable React abstractions on top of
-  `@contentful/optimization-web`. Do not move those abstractions into reference implementations.
-- Keep Web package-local `dev/` harnesses aligned with the browser, preview, or framework behavior
-  they demonstrate.
+- `preview-panel` is coupled to Web SDK preview internals; preview bridge changes usually affect
+  both packages.
+- `frameworks/react-web-sdk` owns reusable React abstractions over `@contentful/optimization-web`.
+- Keep Web `dev/` harnesses aligned with the browser, preview, or framework behavior they
+  demonstrate.
 
-## Usually validate
+## Validate
 
 - Watch bundle-size impact for Web runtime changes.
-- Validate both `web-sdk` and `preview-panel` when preview bridge behavior, panel bootstrapping, or
-  CSP-related setup changes.
-- Validate affected Web reference implementations when browser behavior, preview behavior, routing,
+- Validate both `web-sdk` and `preview-panel` for preview bridge, panel bootstrapping, or CSP setup
+  changes.
+- Validate affected Web reference implementations for browser behavior, preview behavior, routing,
   event flow, or React integration changes.
diff --git a/packages/web/frameworks/react-web-sdk/AGENTS.md b/packages/web/frameworks/react-web-sdk/AGENTS.md
index 188f0040..ea93863a 100644
--- a/packages/web/frameworks/react-web-sdk/AGENTS.md
+++ b/packages/web/frameworks/react-web-sdk/AGENTS.md
@@ -1,43 +1,23 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/web/AGENTS.md` before this
-file.
+Owns the React framework layer over `@contentful/optimization-web`: providers, hooks, and
+React-facing entry resolution primitives.
 
-## Scope
+## Rules
 
-This package owns the React framework layer on top of `@contentful/optimization-web`, including
-providers, hooks, and React-facing entry resolution primitives.
-
-## Key paths
-
-- `src/`
-- `dev/`
-- `dev/app/`
-- `scripts/`
-- `README.md`
-
-## Local rules
-
-- `dev/` is the package-local harness host shell. `dev/app/` contains the React harness app.
-- Keep both harness layers relevant to the current provider, hook, routing, and entry-rendering
+- `dev/` is the package-local harness host shell; `dev/app/` is the React harness app.
+- Keep both harness layers current for provider, hook, routing, live updates, and entry-rendering
   behavior.
-- Keep the `dev/` harness up-to-date when developer-facing flows, configuration, router adapters,
-  live updates behavior, or core entry-resolution behavior changes.
-- Validate both unit behavior and the React reference implementation when changing provider, hook,
-  or component runtime behavior.
+- Validate the React reference implementation for provider, hook, or component runtime changes.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-react-web dev:launch` — one-shot mock server + dev harness
-- `pnpm --filter @contentful/optimization-react-web typecheck`
-- `pnpm --filter @contentful/optimization-react-web test:unit`
-- `pnpm --filter @contentful/optimization-react-web build`
-- `pnpm --filter @contentful/optimization-react-web size:check`
-- `pnpm --filter @contentful/optimization-react-web dev`
+- `pnpm --filter @contentful/optimization-react-web <script>` with `dev:launch`, `typecheck`,
+  `test:unit`, `build`, `size:check`, or `dev`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck`, `test:unit`, and `build`.
-- Validate the `dev/` harness itself when changing package flows it is meant to demonstrate.
-- Validate `implementations/react-web-sdk` Playwright flows when changing runtime behavior,
-  readiness state, live updates, or entry rendering.
+- Validate the `dev/` harness when changing package flows it demonstrates.
+- Validate `implementations/react-web-sdk` Playwright flows for readiness state, live updates, entry
+  rendering, or other runtime behavior changes.
diff --git a/packages/web/frameworks/react-web-sdk/README.md b/packages/web/frameworks/react-web-sdk/README.md
index fa460373..005aa658 100644
--- a/packages/web/frameworks/react-web-sdk/README.md
+++ b/packages/web/frameworks/react-web-sdk/README.md
@@ -38,6 +38,7 @@ source of truth for exported API signatures.
 - [When to use this package](#when-to-use-this-package)
 - [Common configuration](#common-configuration)
 - [Core workflows](#core-workflows)
+  - [Consent](#consent)
   - [Provider and hook access](#provider-and-hook-access)
   - [Provider-managed state subscriptions](#provider-managed-state-subscriptions)
   - [OptimizedEntry](#optimizedentry)
@@ -106,7 +107,7 @@ such as `liveUpdates` and `onStatesReady`.
 | `app`                   | No        | `undefined`                                     | Application metadata attached to outgoing event context                               |
 | `contentfulLocales`     | No        | `undefined`                                     | Contentful locale codes used for SDK-assisted CDA locale resolution                   |
 | `locale`                | No        | `undefined` unless `contentfulLocales` is set   | Initial app/content locale candidate; changing this prop updates the owned SDK locale |
-| `defaults`              | No        | `undefined`                                     | Initial state, commonly including consent or profile values                           |
+| `defaults`              | No        | `undefined`                                     | Initial state, commonly including consent, persistence consent, or profile values     |
 | `allowedEventTypes`     | No        | `['identify', 'page']`                          | Event types allowed before consent is explicitly set                                  |
 | `trackEntryInteraction` | No        | `{ views: true, clicks: false, hovers: false }` | Automatic entry interaction tracking for `OptimizedEntry` elements                    |
 | `cookie`                | No        | `{ domain: undefined, expires: 365 }`           | Anonymous ID cookie settings inherited from the Web SDK                               |
@@ -166,13 +167,19 @@ loader, or CDA fetch flow when localized data needs to change.
 
 ## Core workflows
 
-### Provider and hook access
+### Consent
 
-`OptimizationRoot` owns the Web SDK lifecycle. Provider-owned initialization runs after React
-commit, outside render, and renders no children while the SDK is pending. In normal browser
-rendering this uses a layout-effect path so ready children can mount before the first visible paint.
+Consent policy remains application-owned. For default-on application policies that do not render an
+end-user consent UI, seed accepted consent on `OptimizationRoot`:
+
+```tsx
+<OptimizationRoot clientId="your-client-id" defaults={{ consent: true }}>
+  <YourApp />
+</OptimizationRoot>
+```
 
-Use `useOptimization()` when a component needs direct access to the instance:
+When application policy depends on user choice, leave `defaults.consent` unset and call `consent()`
+from the relevant control:
 
 ```tsx
 import { useOptimization } from '@contentful/optimization-react-web'
@@ -183,8 +190,20 @@ function ConsentButton() {
 }
 ```
 
-Use `useEntryResolver()` when a component needs manual entry resolution without the `OptimizedEntry`
-wrapper:
+Boolean consent calls control both event emission and durable profile-continuity persistence by
+default. Use `sdk.consent({ events: true, persistence: false })` when events are allowed but
+continuity should stay session-only. For cross-SDK consent guidance, see
+[Consent management in the Optimization SDK Suite](../../../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+### Provider and hook access
+
+`OptimizationRoot` owns the Web SDK lifecycle. Provider-owned initialization runs after React
+commit, outside render, and renders no children while the SDK is pending. In normal browser
+rendering this uses a layout-effect path so ready children can mount before the first visible paint.
+
+Use `useOptimization()` when a component needs direct access to the instance for methods such as
+`identify()`, `reset()`, or manual tracking. Use `useEntryResolver()` when a component needs manual
+entry resolution without the `OptimizedEntry` wrapper:
 
 ```tsx
 import { useEntryResolver } from '@contentful/optimization-react-web'
diff --git a/packages/web/frameworks/react-web-sdk/package.json b/packages/web/frameworks/react-web-sdk/package.json
index e1f4b261..ba9fe8d4 100644
--- a/packages/web/frameworks/react-web-sdk/package.json
+++ b/packages/web/frameworks/react-web-sdk/package.json
@@ -130,7 +130,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist && build-tools emit-dual-dts ./dist/router",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist && build-tools emit-dual-dts ./dist/router",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "dev": "rsbuild dev --host 0.0.0.0 -c dev/rsbuild.config.ts",
     "dev:launch": "./scripts/launch-dev-harness.sh",
     "size:check": "pnpm build:dist && build-tools bundle-size",
diff --git a/packages/web/frameworks/react-web-sdk/src/test/sdkTestUtils.tsx b/packages/web/frameworks/react-web-sdk/src/test/sdkTestUtils.tsx
index d87f0fe8..2a23b721 100644
--- a/packages/web/frameworks/react-web-sdk/src/test/sdkTestUtils.tsx
+++ b/packages/web/frameworks/react-web-sdk/src/test/sdkTestUtils.tsx
@@ -103,6 +103,7 @@ export function createOptimizationSdk(overrides: OptimizationSdkOverrides = {}):
       consent: createObservable(undefined),
       eventStream: createObservable(undefined),
       flag: () => createObservable(undefined),
+      persistenceConsent: createObservable(undefined),
       previewPanelAttached: createObservable(false),
       previewPanelOpen: createObservable(false),
       profile: createObservable(undefined),
diff --git a/packages/web/preview-panel/AGENTS.md b/packages/web/preview-panel/AGENTS.md
index 3e4be8be..f91007aa 100644
--- a/packages/web/preview-panel/AGENTS.md
+++ b/packages/web/preview-panel/AGENTS.md
@@ -1,39 +1,22 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/web/AGENTS.md` before this
-file.
-
-## Scope
-
-This package owns the Web preview panel micro-frontend built with Lit and integrated with
+Owns the Web preview panel micro-frontend built with Lit and integrated with
 `@contentful/optimization-web`.
 
-## Key paths
-
-- `src/`
-- `dev/`
-- `dev/index.html`
-- `dev/rsbuild.config.ts`
-- `README.md`
-
-## Local rules
+## Rules
 
 - Prefer local fixes here for panel UI behavior.
-- The package-local `dev` flow is a maintained development surface and must stay relevant to the
-  current preview-panel behavior.
-- Keep the `dev` flow up-to-date when panel UI, preview bridge behavior, CSP-related setup, or
-  developer-facing preview workflows change.
-- The current `test:unit` script is a placeholder. Build and runtime validation matter more here.
+- Keep the package-local `dev` flow current for panel UI, preview bridge behavior, CSP setup, and
+  developer-facing preview workflows.
+- `test:unit` is currently a placeholder; build and runtime validation matter more.
 - Update the README when public setup or CSP behavior changes.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-web-preview-panel typecheck`
-- `pnpm --filter @contentful/optimization-web-preview-panel build`
-- `pnpm --filter @contentful/optimization-web-preview-panel size:check`
-- `pnpm --filter @contentful/optimization-web-preview-panel dev`
+- `pnpm --filter @contentful/optimization-web-preview-panel <script>` with `typecheck`, `build`,
+  `size:check`, or `dev`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck` and `build`.
-- Validate the package-local `dev` flow itself when changing panel flows it is meant to exercise.
+- Validate the package-local `dev` flow when changing panel flows it exercises.
diff --git a/packages/web/preview-panel/package.json b/packages/web/preview-panel/package.json
index a5036b99..f089dd2a 100644
--- a/packages/web/preview-panel/package.json
+++ b/packages/web/preview-panel/package.json
@@ -61,7 +61,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "dev": "rsbuild dev --host 0.0.0.0 -c dev/rsbuild.config.ts",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
diff --git a/packages/web/web-sdk/AGENTS.md b/packages/web/web-sdk/AGENTS.md
index b77ea655..1751c718 100644
--- a/packages/web/web-sdk/AGENTS.md
+++ b/packages/web/web-sdk/AGENTS.md
@@ -1,38 +1,18 @@
 # AGENTS.md
 
-Read the repository root `AGENTS.md`, `packages/AGENTS.md`, and `packages/web/AGENTS.md` before this
-file.
+Owns browser-specific SDK behavior, Web runtime concerns, and entry interaction tracking.
 
-## Scope
+## Rules
 
-This package owns browser-specific SDK behavior, including Web runtime concerns and entry
-interaction tracking.
-
-## Key paths
-
-- `src/`
-- `dev/`
-- `dev/index.html`
-- `dev/rsbuild.config.ts`
-- `README.md`
-
-## Local rules
-
-- The package-local `dev` flow is a maintained development surface and must stay relevant to the
-  current browser SDK behavior.
-- Keep the `dev` flow up-to-date when developer-facing flows, configuration, runtime integration, or
-  preview-related behavior changes.
+- Keep the package-local `dev` flow current for browser SDK, developer-facing setup, runtime
+  integration, and preview-related behavior.
 
 ## Commands
 
-- `pnpm --filter @contentful/optimization-web typecheck`
-- `pnpm --filter @contentful/optimization-web test:unit`
-- `pnpm --filter @contentful/optimization-web build`
-- `pnpm --filter @contentful/optimization-web size:check`
-- `pnpm --filter @contentful/optimization-web dev`
+- `pnpm --filter @contentful/optimization-web <script>` with `typecheck`, `test:unit`, `build`,
+  `size:check`, or `dev`.
 
-## Usually validate
+## Validate
 
 - Run `typecheck`, `test:unit`, and `build`.
-- Validate the package-local `dev` flow itself when changing package flows it is meant to
-  demonstrate.
+- Validate the package-local `dev` flow when changing flows it demonstrates.
diff --git a/packages/web/web-sdk/README.md b/packages/web/web-sdk/README.md
index 943ef63a..31eec70c 100644
--- a/packages/web/web-sdk/README.md
+++ b/packages/web/web-sdk/README.md
@@ -113,22 +113,22 @@ with React providers, hooks, router adapters, and entry-rendering primitives.
 The Web SDK communicates with the Experience API for profile and optimization selection, and with
 the Insights API for event ingestion.
 
-| Option                      | Required? | Default                                          | Description                                                                    |
-| --------------------------- | --------- | ------------------------------------------------ | ------------------------------------------------------------------------------ |
-| `clientId`                  | Yes       | N/A                                              | Shared API key for Experience API and Insights API requests                    |
-| `environment`               | No        | `'main'`                                         | Contentful environment identifier                                              |
-| `api`                       | No        | See API options below                            | Experience API and Insights API endpoint and request options                   |
-| `app`                       | No        | `undefined`                                      | Application metadata attached to outgoing event context                        |
-| `contentfulLocales`         | No        | `undefined`                                      | Contentful locale codes used for SDK-assisted CDA locale resolution            |
-| `locale`                    | No        | `undefined` unless `contentfulLocales` is set    | Initial app/content locale candidate used to resolve the Contentful locale     |
-| `defaults`                  | No        | `undefined`                                      | Initial state, commonly including consent or profile values                    |
-| `allowedEventTypes`         | No        | `['identify', 'page']`                           | Event types allowed before consent is explicitly set                           |
-| `autoTrackEntryInteraction` | No        | `{ views: false, clicks: false, hovers: false }` | Opt-in automatic tracking for entry views, clicks, and hovers                  |
-| `cookie`                    | No        | `{ domain: undefined, expires: 365 }`            | Anonymous ID cookie settings                                                   |
-| `getAnonymousId`            | No        | `undefined`                                      | Function used to provide an anonymous ID from application-owned identity state |
-| `queuePolicy`               | No        | SDK defaults                                     | Flush retry behavior and offline queue bounds                                  |
-| `logLevel`                  | No        | `'error'`                                        | Minimum log level for the default console sink                                 |
-| `onEventBlocked`            | No        | `undefined`                                      | Callback invoked when consent or guard logic blocks an event                   |
+| Option                      | Required? | Default                                          | Description                                                                       |
+| --------------------------- | --------- | ------------------------------------------------ | --------------------------------------------------------------------------------- |
+| `clientId`                  | Yes       | N/A                                              | Shared API key for Experience API and Insights API requests                       |
+| `environment`               | No        | `'main'`                                         | Contentful environment identifier                                                 |
+| `api`                       | No        | See API options below                            | Experience API and Insights API endpoint and request options                      |
+| `app`                       | No        | `undefined`                                      | Application metadata attached to outgoing event context                           |
+| `contentfulLocales`         | No        | `undefined`                                      | Contentful locale codes used for SDK-assisted CDA locale resolution               |
+| `locale`                    | No        | `undefined` unless `contentfulLocales` is set    | Initial app/content locale candidate used to resolve the Contentful locale        |
+| `defaults`                  | No        | `undefined`                                      | Initial state, commonly including consent, persistence consent, or profile values |
+| `allowedEventTypes`         | No        | `['identify', 'page']`                           | Event types allowed before consent is explicitly set                              |
+| `autoTrackEntryInteraction` | No        | `{ views: false, clicks: false, hovers: false }` | Opt-in automatic tracking for entry views, clicks, and hovers                     |
+| `cookie`                    | No        | `{ domain: undefined, expires: 365 }`            | Anonymous ID cookie settings                                                      |
+| `getAnonymousId`            | No        | `undefined`                                      | Function used to provide an anonymous ID from application-owned identity state    |
+| `queuePolicy`               | No        | SDK defaults                                     | Flush retry behavior and offline queue bounds                                     |
+| `logLevel`                  | No        | `'error'`                                        | Minimum log level for the default console sink                                    |
+| `onEventBlocked`            | No        | `undefined`                                      | Callback invoked when consent or guard logic blocks an event                      |
 
 Common `api` options:
 
@@ -181,17 +181,35 @@ For every option, callback payload, and exported type, use the generated
 
 ### Consent and profile events
 
-Consent is application policy. The SDK stores the consent state and blocks non-allowed events until
-consent is accepted.
+Consent is application policy. The SDK stores event consent, blocks non-allowed events until event
+consent is accepted, and can track durable profile-continuity persistence consent separately. For
+cross-SDK consent guidance, see
+[Consent management in the Optimization SDK Suite](../../../documentation/concepts/consent-management-in-the-optimization-sdk-suite.md).
+
+For default-on application policies that do not render an end-user consent UI, seed accepted consent
+at startup:
+
+```ts
+const optimization = new ContentfulOptimization({
+  clientId: 'your-client-id',
+  defaults: { consent: true },
+})
+```
 
 ```ts
 optimization.consent(true)
 
+optimization.consent({ events: true, persistence: false })
+
 const data = await optimization.page({
   properties: { path: window.location.pathname },
 })
 ```
 
+The startup default and boolean consent calls grant or withdraw both event emission and durable
+profile continuity by default. Object-form consent lets events emit while keeping profile, selected
+optimizations, changes, and the anonymous ID session-only until persistence consent is granted.
+
 `page()`, `identify()`, `screen()`, `track()`, and sticky `trackView()` calls can return
 optimization data containing `profile`, `selectedOptimizations`, and `changes`.
 
@@ -260,15 +278,16 @@ const unsubscribe = optimization.states.profile.subscribe((profile) => {
 })
 ```
 
-Common state streams include `consent`, `profile`, `selectedOptimizations`, `changes`,
-`blockedEventStream`, `eventStream`, and preview-panel state. Use the generated reference for the
-complete `states` surface.
+Common state streams include `consent`, `persistenceConsent`, `profile`, `selectedOptimizations`,
+`changes`, `blockedEventStream`, `eventStream`, and preview-panel state. Use the generated reference
+for the complete `states` surface.
 
 ## Runtime notes
 
 - Browser storage persistence is best-effort. If `localStorage` writes fail, the SDK continues with
   in-memory state and retries persistence on subsequent writes.
-- `reset()` clears internal state except consent. Use it when the active profile changes.
+- `reset()` clears internal state except consent and persistence consent. Use it when the active
+  profile changes.
 - `flush()` drains queued Insights API and Experience API events.
 - `destroy()` releases listeners and singleton ownership for explicit teardown paths such as tests
   or hot-reload workflows.
diff --git a/packages/web/web-sdk/package.json b/packages/web/web-sdk/package.json
index f8de468f..2be2307b 100644
--- a/packages/web/web-sdk/package.json
+++ b/packages/web/web-sdk/package.json
@@ -100,7 +100,7 @@
     "build:ci": "pnpm build:dist",
     "build:dist": "rslib build && build-tools emit-dual-dts ./dist",
     "build:rsdoctor": "RSDOCTOR=true rslib build && build-tools emit-dual-dts ./dist",
-    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo",
+    "clean": "rimraf ./.rsdoctor ./.rslib ./dist ./coverage .tsbuildinfo ./node_modules/.cache/rspack",
     "dev": "rsbuild dev --host 0.0.0.0 -c dev/rsbuild.config.ts",
     "size:check": "pnpm build:dist && build-tools bundle-size",
     "size:report": "build-tools bundle-size --report-only",
diff --git a/packages/web/web-sdk/src/ContentfulOptimization.test.ts b/packages/web/web-sdk/src/ContentfulOptimization.test.ts
index b71ad3cb..ccf57994 100644
--- a/packages/web/web-sdk/src/ContentfulOptimization.test.ts
+++ b/packages/web/web-sdk/src/ContentfulOptimization.test.ts
@@ -1,5 +1,11 @@
-import type { CoreConfig } from '@contentful/optimization-core'
+import { batch, signals, type CoreConfig } from '@contentful/optimization-core'
 import type { OptimizationData, Profile } from '@contentful/optimization-core/api-schemas'
+import {
+  ANONYMOUS_ID_KEY,
+  CONSENT_KEY,
+  PERSISTENCE_CONSENT_KEY,
+  PROFILE_CACHE_KEY,
+} from '@contentful/optimization-core/constants'
 import ContentfulOptimization from './ContentfulOptimization'
 import { OPTIMIZATION_WEB_SDK_NAME } from './constants'
 
@@ -94,6 +100,19 @@ describe('ContentfulOptimization', () => {
   beforeEach(() => {
     delete window.contentfulOptimization
     localStorage.clear()
+    batch(() => {
+      signals.blockedEvent.value = undefined
+      signals.changes.value = undefined
+      signals.consent.value = undefined
+      signals.event.value = undefined
+      signals.locale.value = undefined
+      signals.online.value = true
+      signals.persistenceConsent.value = undefined
+      signals.previewPanelAttached.value = false
+      signals.previewPanelOpen.value = false
+      signals.profile.value = undefined
+      signals.selectedOptimizations.value = undefined
+    })
   })
 
   afterEach(() => {
@@ -320,6 +339,77 @@ describe('ContentfulOptimization', () => {
     expect(onEventBlocked).not.toHaveBeenCalled()
   })
 
+  it('keeps explicit default profile in memory until persistence consent is granted', () => {
+    const web = new ContentfulOptimization({
+      ...config,
+      defaults: {
+        profile: DEFAULT_PROFILE,
+      },
+    })
+
+    expect(web.states.profile.current).toEqual(DEFAULT_PROFILE)
+    expect(localStorage.getItem(PROFILE_CACHE_KEY)).toBeNull()
+
+    web.consent({ persistence: true })
+
+    expect(JSON.parse(localStorage.getItem(PROFILE_CACHE_KEY) ?? 'null')).toEqual(DEFAULT_PROFILE)
+  })
+
+  it('clears durable profile continuity on persistence consent withdrawal without clearing memory', () => {
+    const web = new ContentfulOptimization({
+      ...config,
+      defaults: {
+        consent: true,
+        profile: DEFAULT_PROFILE,
+      },
+    })
+
+    expect(localStorage.getItem(PROFILE_CACHE_KEY)).not.toBeNull()
+
+    web.consent({ persistence: false })
+
+    expect(localStorage.getItem(PROFILE_CACHE_KEY)).toBeNull()
+    expect(web.states.profile.current).toEqual(DEFAULT_PROFILE)
+  })
+
+  it('preserves the anonymous ID when profile continuity is cleared while persistence consent remains granted', () => {
+    const web = new ContentfulOptimization({
+      ...config,
+      defaults: {
+        consent: true,
+        profile: DEFAULT_PROFILE,
+      },
+    })
+
+    expect(web.states.profile.current).toEqual(DEFAULT_PROFILE)
+    expect(localStorage.getItem(ANONYMOUS_ID_KEY)).toBe(DEFAULT_PROFILE.id)
+
+    signals.profile.value = undefined
+
+    expect(localStorage.getItem(PROFILE_CACHE_KEY)).toBeNull()
+    expect(localStorage.getItem(ANONYMOUS_ID_KEY)).toBe(DEFAULT_PROFILE.id)
+  })
+
+  it('does not load persisted profile continuity when persistence consent is denied', () => {
+    localStorage.setItem(PERSISTENCE_CONSENT_KEY, 'denied')
+    localStorage.setItem(PROFILE_CACHE_KEY, JSON.stringify(DEFAULT_PROFILE))
+
+    const web = new ContentfulOptimization(config)
+
+    expect(web.states.profile.current).toBeUndefined()
+    expect(localStorage.getItem(PROFILE_CACHE_KEY)).toBeNull()
+  })
+
+  it('loads persisted profile continuity from accepted legacy consent', () => {
+    localStorage.setItem(CONSENT_KEY, 'accepted')
+    localStorage.setItem(PROFILE_CACHE_KEY, JSON.stringify(DEFAULT_PROFILE))
+
+    const web = new ContentfulOptimization(config)
+
+    expect(web.states.profile.current).toEqual(DEFAULT_PROFILE)
+    expect(web.states.persistenceConsent.current).toBe(true)
+  })
+
   it('supports page() without an explicit payload', async () => {
     const web = new ContentfulOptimization(config)
     const upsertProfile = rs
diff --git a/packages/web/web-sdk/src/ContentfulOptimization.ts b/packages/web/web-sdk/src/ContentfulOptimization.ts
index 21cebc58..cfc1dcf2 100644
--- a/packages/web/web-sdk/src/ContentfulOptimization.ts
+++ b/packages/web/web-sdk/src/ContentfulOptimization.ts
@@ -117,17 +117,55 @@ export interface OptimizationWebConfig extends CoreStatefulConfig {
  */
 export type OptimizationTrackingApi = EntryInteractionApi
 
+function resolvePersistedDefault<T>(
+  configured: T | undefined,
+  canLoadPersistedContinuity: boolean,
+  readPersistedValue: () => T | undefined,
+): T | undefined {
+  if (configured !== undefined) return configured
+  if (!canLoadPersistedContinuity) return undefined
+
+  return readPersistedValue()
+}
+
 function resolveDefaultState(
   defaults: CoreStatefulConfig['defaults'] | undefined,
 ): NonNullable<CoreStatefulConfig['defaults']> {
-  const {
-    consent = LocalStore.consent,
-    profile = LocalStore.profile,
-    changes = LocalStore.changes,
-    selectedOptimizations = LocalStore.selectedOptimizations,
-  } = defaults ?? {}
-
-  return { consent, changes, profile, selectedOptimizations }
+  const consent = defaults?.consent ?? LocalStore.consent
+  const persistenceConsent =
+    defaults?.persistenceConsent ?? defaults?.consent ?? LocalStore.persistenceConsent
+  const canLoadPersistedContinuity = persistenceConsent === true
+  const profile = resolvePersistedDefault(
+    defaults?.profile,
+    canLoadPersistedContinuity,
+    () => LocalStore.profile,
+  )
+  const changes = resolvePersistedDefault(
+    defaults?.changes,
+    canLoadPersistedContinuity,
+    () => LocalStore.changes,
+  )
+  const selectedOptimizations = resolvePersistedDefault(
+    defaults?.selectedOptimizations,
+    canLoadPersistedContinuity,
+    () => LocalStore.selectedOptimizations,
+  )
+
+  return { consent, persistenceConsent, changes, profile, selectedOptimizations }
+}
+
+function readInitialCookieValues(canLoadPersistedContinuity: boolean): {
+  cookieValue?: string
+  legacyCookieValue?: string
+} {
+  if (!canLoadPersistedContinuity) return {}
+
+  const legacyCookieValue = getCookie(ANONYMOUS_ID_COOKIE_LEGACY)
+
+  return {
+    cookieValue: legacyCookieValue ?? getCookie(ANONYMOUS_ID_COOKIE),
+    legacyCookieValue,
+  }
 }
 
 /**
@@ -170,6 +208,7 @@ function mergeConfig({
     defaults: {
       ...baseDefaults,
       ...defaults,
+      persistenceConsent: baseDefaults.persistenceConsent,
     },
     eventBuilder: {
       app,
@@ -183,7 +222,9 @@ function mergeConfig({
         ...configuredEventBuilder?.library,
       },
     },
-    getAnonymousId: config.getAnonymousId ?? (() => LocalStore.anonymousId),
+    getAnonymousId:
+      config.getAnonymousId ??
+      (() => (LocalStore.persistenceConsent === true ? LocalStore.anonymousId : undefined)),
     logLevel: LocalStore.debug ? 'debug' : logLevel,
   }
 
@@ -271,8 +312,8 @@ class ContentfulOptimization extends CoreStateful {
 
     super(mergedConfig)
 
-    const legacyCookieValue = getCookie(ANONYMOUS_ID_COOKIE_LEGACY)
-    const cookieValue = legacyCookieValue ?? getCookie(ANONYMOUS_ID_COOKIE)
+    const canLoadPersistedContinuity = mergedConfig.defaults?.persistenceConsent === true
+    const { cookieValue, legacyCookieValue } = readInitialCookieValues(canLoadPersistedContinuity)
 
     const entryInteractionRuntime = new EntryInteractionRuntime(this, autoTrackEntryInteraction)
     const { tracking } = entryInteractionRuntime
@@ -295,9 +336,10 @@ class ContentfulOptimization extends CoreStateful {
     effect(() => {
       const {
         changes: { value },
+        persistenceConsent: { value: persistenceConsent },
       } = signals
 
-      LocalStore.changes = value
+      if (persistenceConsent === true) LocalStore.changes = value
     })
 
     effect(() => {
@@ -311,19 +353,36 @@ class ContentfulOptimization extends CoreStateful {
 
     effect(() => {
       const {
+        persistenceConsent: { value },
+      } = signals
+
+      LocalStore.persistenceConsent = value
+      if (value === false) {
+        removeCookie(ANONYMOUS_ID_COOKIE, this.cookieAttributes)
+        removeCookie(ANONYMOUS_ID_COOKIE_LEGACY, this.cookieAttributes)
+        LocalStore.clearProfileContinuity()
+      }
+    })
+
+    effect(() => {
+      const {
+        persistenceConsent: { value: persistenceConsent },
         profile: { value },
       } = signals
 
+      if (persistenceConsent !== true) return
+
       LocalStore.profile = value
-      this.setAnonymousId(value?.id)
+      this.setAnonymousId(value?.id ?? LocalStore.anonymousId)
     })
 
     effect(() => {
       const {
+        persistenceConsent: { value: persistenceConsent },
         selectedOptimizations: { value },
       } = signals
 
-      LocalStore.selectedOptimizations = value
+      if (persistenceConsent === true) LocalStore.selectedOptimizations = value
     })
 
     this.initializeFromCookieValues(cookieValue, legacyCookieValue)
diff --git a/packages/web/web-sdk/src/storage/LocalStore.test.ts b/packages/web/web-sdk/src/storage/LocalStore.test.ts
index 2e92bb02..e8ee7318 100644
--- a/packages/web/web-sdk/src/storage/LocalStore.test.ts
+++ b/packages/web/web-sdk/src/storage/LocalStore.test.ts
@@ -4,6 +4,7 @@ import {
   CHANGES_CACHE_KEY,
   CONSENT_KEY,
   DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
   PROFILE_CACHE_KEY,
   SELECTED_OPTIMIZATIONS_CACHE_KEY,
 } from '@contentful/optimization-core/constants'
@@ -86,6 +87,20 @@ describe('LocalStore', () => {
     expect(LocalStore.consent).toBeUndefined()
   })
 
+  it('translates persistence consent and falls back to accepted legacy consent', () => {
+    LocalStore.persistenceConsent = true
+    expect(localStorage.getItem(PERSISTENCE_CONSENT_KEY)).toBe('accepted')
+    expect(LocalStore.persistenceConsent).toBe(true)
+
+    LocalStore.persistenceConsent = false
+    expect(localStorage.getItem(PERSISTENCE_CONSENT_KEY)).toBe('denied')
+    expect(LocalStore.persistenceConsent).toBe(false)
+
+    LocalStore.persistenceConsent = undefined
+    LocalStore.consent = true
+    expect(LocalStore.persistenceConsent).toBe(true)
+  })
+
   it('returns undefined for unrecognized consent value', () => {
     localStorage.setItem(CONSENT_KEY, 'unknown')
     expect(LocalStore.consent).toBeUndefined()
@@ -107,6 +122,7 @@ describe('LocalStore', () => {
 
   it('preserves consent/debug on reset by default', () => {
     localStorage.setItem(CONSENT_KEY, 'accepted')
+    localStorage.setItem(PERSISTENCE_CONSENT_KEY, 'accepted')
     localStorage.setItem(DEBUG_FLAG_KEY, 'true')
     localStorage.setItem(ANONYMOUS_ID_KEY, 'anon')
     localStorage.setItem(CHANGES_CACHE_KEY, '{"foo":1}')
@@ -116,6 +132,7 @@ describe('LocalStore', () => {
     LocalStore.reset()
 
     expect(localStorage.getItem(CONSENT_KEY)).toBe('accepted')
+    expect(localStorage.getItem(PERSISTENCE_CONSENT_KEY)).toBe('accepted')
     expect(localStorage.getItem(DEBUG_FLAG_KEY)).toBe('true')
     expect(localStorage.getItem(ANONYMOUS_ID_KEY)).toBeNull()
     expect(localStorage.getItem(CHANGES_CACHE_KEY)).toBeNull()
@@ -125,11 +142,13 @@ describe('LocalStore', () => {
 
   it('can reset consent/debug when requested', () => {
     localStorage.setItem(CONSENT_KEY, 'accepted')
+    localStorage.setItem(PERSISTENCE_CONSENT_KEY, 'accepted')
     localStorage.setItem(DEBUG_FLAG_KEY, 'true')
 
     LocalStore.reset({ resetConsent: true, resetDebug: true })
 
     expect(localStorage.getItem(CONSENT_KEY)).toBeNull()
+    expect(localStorage.getItem(PERSISTENCE_CONSENT_KEY)).toBeNull()
     expect(localStorage.getItem(DEBUG_FLAG_KEY)).toBeNull()
   })
 
diff --git a/packages/web/web-sdk/src/storage/LocalStore.ts b/packages/web/web-sdk/src/storage/LocalStore.ts
index 5d22c534..bab44c8d 100644
--- a/packages/web/web-sdk/src/storage/LocalStore.ts
+++ b/packages/web/web-sdk/src/storage/LocalStore.ts
@@ -9,6 +9,7 @@ import {
   CHANGES_CACHE_KEY,
   CONSENT_KEY,
   DEBUG_FLAG_KEY,
+  PERSISTENCE_CONSENT_KEY,
   PROFILE_CACHE_KEY,
   SELECTED_OPTIMIZATIONS_CACHE_KEY,
 } from '@contentful/optimization-core/constants'
@@ -41,9 +42,15 @@ const LocalStore = {
    */
   reset(options = { resetConsent: false, resetDebug: false }) {
     if (options.resetConsent) LocalStore.setCache(CONSENT_KEY, undefined)
+    if (options.resetConsent) LocalStore.setCache(PERSISTENCE_CONSENT_KEY, undefined)
     if (options.resetDebug) LocalStore.setCache(DEBUG_FLAG_KEY, undefined)
 
+    LocalStore.clearProfileContinuity()
+  },
+
+  clearProfileContinuity(): void {
     LocalStore.setCache(ANONYMOUS_ID_KEY, undefined)
+    LocalStore.setCache(ANONYMOUS_ID_KEY_LEGACY, undefined)
     LocalStore.setCache(CHANGES_CACHE_KEY, undefined)
     LocalStore.setCache(PROFILE_CACHE_KEY, undefined)
     LocalStore.setCache(SELECTED_OPTIMIZATIONS_CACHE_KEY, undefined)
@@ -101,6 +108,25 @@ const LocalStore = {
     LocalStore.setCache(CONSENT_KEY, consent === undefined ? undefined : translated)
   },
 
+  get persistenceConsent(): boolean | undefined {
+    const consent = localStorage.getItem(PERSISTENCE_CONSENT_KEY)
+
+    switch (consent) {
+      case 'accepted':
+        return true
+      case 'denied':
+        return false
+      default:
+        return LocalStore.consent === true ? true : undefined
+    }
+  },
+
+  set persistenceConsent(consent: boolean | undefined) {
+    const translated = consent ? 'accepted' : 'denied'
+
+    LocalStore.setCache(PERSISTENCE_CONSENT_KEY, consent === undefined ? undefined : translated)
+  },
+
   /**
    * Persisted debug flag value.
    *