Email Compliance Policy

**Last Updated: February 9, 2026**

Shoptimal provides email automation features that allow you to send emails to your customers. This policy outlines your responsibilities and our requirements for using these features in compliance with applicable laws.

—

## 1. Applicable Laws

When using Shoptimal’s email features, you must comply with all applicable email laws, including but not limited to:

– **CAN-SPAM Act** (United States)

– **CASL** – Canada’s Anti-Spam Legislation (Canada)

– **GDPR** – General Data Protection Regulation (European Union)

– **PECR** – Privacy and Electronic Communications Regulations (United Kingdom)

– **Spam Act 2003** (Australia)

You are responsible for understanding and complying with the laws applicable to your recipients based on their location.

—

## 2. Consent Requirements

### 2.1 Types of Consent

**Express Consent (Opt-In)**

– Required for marketing emails under most laws

– Recipient has explicitly agreed to receive emails

– You must maintain records of when and how consent was obtained

– Cannot be obtained through pre-checked boxes

**Implied Consent**

– May exist for transactional emails (order confirmations, shipping updates)

– May exist for existing customer relationships (varies by jurisdiction)

– Has time limits under some laws (e.g., CASL limits implied consent to 2 years)

### 2.2 Your Responsibilities

Before sending marketing emails through Shoptimal, you must:

1. **Obtain valid consent** from each recipient before sending marketing emails

2. **Maintain consent records** including date, method, and scope of consent

3. **Respect consent scope** – only send emails within the scope of consent given

4. **Verify existing lists** – ensure all imported contacts have provided valid consent

5. **Never purchase email lists** or use scraped/harvested email addresses

### 2.3 Double Opt-In

We strongly recommend using double opt-in (confirmed opt-in) where subscribers:

1. Submit their email address

2. Receive a confirmation email

3. Click a link to confirm their subscription

This provides clear evidence of consent and reduces spam complaints.

—

## 3. Required Email Elements

### 3.1 Sender Identification

Every email sent through Shoptimal must include:

– **Your business name** – accurate identification of who is sending

– **Physical postal address** – a valid street address where you can receive mail

– **Contact information** – a way for recipients to reach you

**You may NOT:**

– Use false or misleading sender names

– Obscure your identity

– Impersonate another business or person

### 3.2 Subject Lines

Email subject lines must:

– Accurately reflect the content of the message

– Not be deceptive or misleading

– Not use false urgency or misleading claims

### 3.3 Unsubscribe Mechanism

Every marketing email must include:

– **Clear unsubscribe link** – visible and easy to find

– **Working unsubscribe process** – must remain functional for at least 30 days

– **No barriers** – unsubscribe must not require login, fees, or excessive steps

– **Prompt processing** – unsubscribes must be honored within 10 business days

Shoptimal automatically includes unsubscribe links in marketing emails. **You must not remove, hide, or disable these links.**

—

## 4. Email Categories

### 4.1 Transactional Emails

Transactional emails are triggered by a customer action and relate to an existing transaction:

– Order confirmations

– Shipping notifications

– Password resets

– Account notifications

**Requirements:**

– Must be primarily transactional in nature

– Marketing content must be minimal (if any)

– Still require sender identification

### 4.2 Marketing Emails

Marketing emails promote products, services, or content:

– Promotional offers

– Newsletters

– Product recommendations

– Review requests

**Requirements:**

– Require express consent (opt-in)

– Must include unsubscribe mechanism

– Must include physical address

– Must have accurate subject lines

### 4.3 Review Request Emails

Review request emails are subject to additional considerations:

– Must comply with FTC guidelines on testimonials

– Cannot offer incentives that bias reviews (discounts for positive reviews)

– Must allow both positive and negative feedback

– Must not pressure or coerce customers

—

## 5. Prohibited Practices

You may NOT use Shoptimal email features to:

### 5.1 Content Prohibitions

– Send spam or unsolicited bulk email

– Send emails to purchased, rented, or harvested lists

– Send emails to addresses collected without consent

– Send fraudulent or deceptive content

– Send content that violates any law

– Send malware, phishing, or malicious content

– Send content that infringes intellectual property rights

### 5.2 Recipient Prohibitions

– Send to recipients who have unsubscribed

– Send to role-based addresses for marketing (info@, support@, etc.)

– Send to addresses that have bounced repeatedly

– Ignore unsubscribe requests

– Make unsubscribing difficult or impossible

### 5.3 Technical Prohibitions

– Falsify email headers or routing information

– Use deceptive subject lines

– Remove or modify unsubscribe links

– Circumvent spam filters

– Use the service for email address harvesting

—

## 6. List Hygiene

### 6.1 Your Obligations

You must maintain your email lists by:

– Promptly removing unsubscribed addresses

– Removing hard bounces after first occurrence

– Removing soft bounces after multiple failures

– Regularly cleaning inactive subscribers

– Validating new email addresses

### 6.2 Bounce Handling

Shoptimal automatically tracks bounces. You must:

– Monitor bounce rates (high rates indicate list quality issues)

– Investigate sudden increases in bounces

– Remove problematic addresses promptly

### 6.3 Complaint Monitoring

Shoptimal monitors spam complaint rates. High complaint rates may result in:

– Temporary suspension of email features

– Required list cleanup

– Account review or termination

—

## 7. International Requirements

### 7.1 Canada (CASL)

CASL has strict consent requirements:

– Express consent required for most marketing emails

– Implied consent has specific time limits

– Consent must include prescribed information

– Penalties can reach $10 million CAD per violation

### 7.2 European Union (GDPR)

GDPR requires:

– Lawful basis for processing (usually consent for marketing)

– Freely given, specific, informed consent

– Easy withdrawal of consent

– Right to access and deletion

– Records of consent

### 7.3 United Kingdom

UK regulations require:

– Consent for marketing to individuals

– Soft opt-in may apply to existing customers

– Clear unsubscribe mechanism

– ICO registration may be required

—

## 8. Enforcement

### 8.1 Monitoring

Shoptimal monitors:

– Spam complaint rates

– Bounce rates

– Unsubscribe rates

– User reports

### 8.2 Violations

Violations of this policy may result in:

– **Warning** – for first-time minor violations

– **Suspension** – temporary restriction of email features

– **Termination** – permanent account closure for serious violations

– **Reporting** – we may report violations to appropriate authorities

### 8.3 No Tolerance

We have zero tolerance for:

– Spam

– Fraud or phishing

– Illegal content

– Repeated violations after warning

—

## 9. Your Liability

### 9.1 Indemnification

You agree to indemnify and hold Shoptimal harmless from any claims, damages, or penalties arising from:

– Your email content

– Your mailing lists

– Your consent practices

– Violations of email laws by you

– Recipient complaints about your emails

### 9.2 Legal Responsibility

You are solely responsible for:

– Compliance with all applicable email laws

– Obtaining and documenting consent

– Content of your emails

– Accuracy of your mailing lists

– Responding to recipient complaints

Shoptimal provides tools and features but does not guarantee legal compliance. You should consult with a qualified attorney if you have questions about email law compliance.

—

## 10. Resources

### 10.1 Best Practices

– Use double opt-in to confirm subscriptions

– Set clear expectations at signup

– Send relevant, valuable content

– Make unsubscribing easy

– Promptly honor unsubscribe requests

– Clean your list regularly

– Monitor engagement metrics

### 10.2 Further Reading

– FTC CAN-SPAM Guidance: www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

– ICO Direct Marketing Guidance: ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/

– CRTC CASL Information: crtc.gc.ca/eng/internet/anti.htm

—

## 11. Changes

We may update this policy to reflect changes in law or our practices. Material changes will be communicated through the service or by email.

—

## 12. Contact

Questions about email compliance:

– Email: support@shoptimal.io

Report email abuse:

– Email: hello@shoptimal.io

—

**By using Shoptimal’s email features, you agree to comply with this Email Compliance Policy.**