Skip to main content
Consent isn’t a checkbox in Senderz — it’s an evidence record. Every change is written to an append-only log with the channel, state, source, IP, timestamp and user agent, so you can prove when and how each contact opted in. Each channel (email, SMS, push) carries one state:
subscribed
Opted in. Marketing allowed on this channel.
unsubscribed
Opted out. Marketing blocked; transactional/OTP still allowed.
never_subscribed
No opt-in recorded — the default on conservative import.
cleaned
Removed by hygiene (e.g. repeated bounces).
Every subscribe or unsubscribe — from any surface — appends a row. Sources are a closed vocabulary, so labels never drift: manual, import, api, embedded_form, storefront_popup, preference_center, one_click, sms_stop, store_sync, shopify, woocommerce, konimbo, magento, and the payment providers.
The consent log is append-only audit evidence. It’s never rewritten, even during GDPR redaction — instead the contact’s PII is anonymised while the evidence trail survives.

STOP handling

An inbound STOP from the carrier DLR webhook flows through event ingest, suppresses the number for your workspace within seconds, drops smsConsent to unsubscribed, and appends to the consent log. Transactional and OTP messages are exempt from STOP suppression.

Suppression

Suppression is the enforcement layer. A contact lands on the per-workspace suppression list from:

Hard bounce

Permanent delivery failure. Suppressed as hard_bounce.

Complaint

Spam complaint. Suppressed as spam_complaint.

Repeated soft bounce

Third soft bounce in 30 days. Suppressed as soft_bounce_repeated.

Unsubscribe / STOP

One-click, preference center or SMS STOP.
Suppression is checked first in the send pipeline, before consent or anything else.

Preference center & one-click unsubscribe

Every marketing email carries:
  • RFC 8058 one-click headers, so Gmail and Yahoo show their native unsubscribe button. A one-click POST always returns success (even on a forged token) so providers don’t retry.
  • An in-body link to your hosted preference center, where the recipient can toggle email and SMS or remove themselves from everything.
Both are token-authenticated — the signed token is the credential, and it’s verified against the contact’s current email to guard stale or forged tokens.

Israeli compliance

The three legal rules — explicit opt-in, STOP, and quiet hours + Shabbat — are enforced at the send worker, not the UI. See Israeli compliance and Quiet hours & Shabbat.