> ## Documentation Index
> Fetch the complete documentation index at: https://docs.senderz.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Consent & compliance

> How Senderz records opt-in, honours STOP, and keeps an append-only consent evidence log.

Consent isn't a checkbox in Senderz — it's an evidence record. Every change is written to an append-only log with the channel, state, source, IP, timestamp and user agent, so you can prove when and how each contact opted in.

## Consent states

Each channel (email, SMS, push) carries one state:

<ParamField path="subscribed">Opted in. Marketing allowed on this channel.</ParamField>
<ParamField path="unsubscribed">Opted out. Marketing blocked; transactional/OTP still allowed.</ParamField>
<ParamField path="never_subscribed">No opt-in recorded — the default on conservative import.</ParamField>
<ParamField path="cleaned">Removed by hygiene (e.g. repeated bounces).</ParamField>

## The consent log

Every subscribe or unsubscribe — from any surface — appends a row. Sources are a closed vocabulary, so labels never drift:

`manual`, `import`, `api`, `embedded_form`, `storefront_popup`, `preference_center`, `one_click`, `sms_stop`, `store_sync`, `shopify`, `woocommerce`, `konimbo`, `magento`, and the payment providers.

<Note>
  The consent log is append-only audit evidence. It's never rewritten, even
  during GDPR redaction — instead the contact's PII is anonymised while the
  evidence trail survives.
</Note>

## STOP handling

An inbound STOP from the carrier DLR webhook flows through event ingest, suppresses the number for your workspace within seconds, drops `smsConsent` to `unsubscribed`, and appends to the consent log. Transactional and OTP messages are exempt from STOP suppression.

## Suppression

Suppression is the enforcement layer. A contact lands on the per-workspace suppression list from:

<CardGroup cols={2}>
  <Card title="Hard bounce" icon="envelope-circle-check">
    Permanent delivery failure. Suppressed as `hard_bounce`.
  </Card>

  <Card title="Complaint" icon="triangle-exclamation">
    Spam complaint. Suppressed as `spam_complaint`.
  </Card>

  <Card title="Repeated soft bounce" icon="rotate">
    Third soft bounce in 30 days. Suppressed as `soft_bounce_repeated`.
  </Card>

  <Card title="Unsubscribe / STOP" icon="ban">
    One-click, preference center or SMS STOP.
  </Card>
</CardGroup>

Suppression is checked **first** in the send pipeline, before consent or anything else.

## Preference center & one-click unsubscribe

Every marketing email carries:

* **RFC 8058 one-click** headers, so Gmail and Yahoo show their native unsubscribe button. A one-click POST always returns success (even on a forged token) so providers don't retry.
* An in-body link to your hosted **preference center**, where the recipient can toggle email and SMS or remove themselves from everything.

Both are token-authenticated — the signed token *is* the credential, and it's verified against the contact's current email to guard stale or forged tokens.

## Israeli compliance

The three legal rules — explicit opt-in, STOP, and quiet hours + Shabbat — are enforced at the send worker, not the UI. See [Israeli compliance](/en/compliance/israel) and [Quiet hours & Shabbat](/en/compliance/quiet-hours).
