Ok, so for a push notification to be delivered more or less in real-time, the phone (or other browser device) keeps an open connection with the push service all the time. In Android's case the push service is called Firebase Cloud Messaging. Each application in a given device that want to deliver push stuff gets a token, and on the server-side (so this would be Signal) when it wants to deliver a push notification, it talks to Firebase Cloud Messaging, and sends the notification with that token. Then FCM, which has an open connection to the phone, delivers it. Or, if the phone doesn't have an open connection, the notification is queued until the next time it connects. So the push service acts as a sort of global intermediary for all push notifications.

I'm fairly sure GDPR applies inasmuch as push notifications contain PII, theoretically I think it would be possible to have a push notification without PII but I'm guessing this will be rare.

Ok, a pull notification is when signal periodically checks the server for new messages (and then vibrates my phone if there is one) and this is how virtually all online services worked for years.

Whereas a push notification is like when the mobile data network tells my phone there is a call or a new SMS.

This is the part that confused me because using push notifications for app data is weird and fundamentally not how I want online services to work, unless I really need a real-time connection like a phone or video call.