Consent states
Each channel (email, SMS, push) carries one state:subscribed
Opted in. Marketing allowed on this channel.
unsubscribed
Opted out. Marketing blocked; transactional/OTP still allowed.
never_subscribed
No opt-in recorded — the default on conservative import.
cleaned
Removed by hygiene (e.g. repeated bounces).
The consent log
Every subscribe or unsubscribe — from any surface — appends a row. Sources are a closed vocabulary, so labels never drift:manual, import, api, embedded_form, storefront_popup, preference_center, one_click, sms_stop, store_sync, shopify, woocommerce, konimbo, magento, and the payment providers.
The consent log is append-only audit evidence. It’s never rewritten, even
during GDPR redaction — instead the contact’s PII is anonymised while the
evidence trail survives.
STOP handling
An inbound STOP from the carrier DLR webhook flows through event ingest, suppresses the number for your workspace within seconds, dropssmsConsent to unsubscribed, and appends to the consent log. Transactional and OTP messages are exempt from STOP suppression.
Suppression
Suppression is the enforcement layer. A contact lands on the per-workspace suppression list from:Hard bounce
Permanent delivery failure. Suppressed as
hard_bounce.Complaint
Spam complaint. Suppressed as
spam_complaint.Repeated soft bounce
Third soft bounce in 30 days. Suppressed as
soft_bounce_repeated.Unsubscribe / STOP
One-click, preference center or SMS STOP.
Preference center & one-click unsubscribe
Every marketing email carries:- RFC 8058 one-click headers, so Gmail and Yahoo show their native unsubscribe button. A one-click POST always returns success (even on a forged token) so providers don’t retry.
- An in-body link to your hosted preference center, where the recipient can toggle email and SMS or remove themselves from everything.

