> ## Documentation Index
> Fetch the complete documentation index at: https://docs.senderz.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Israeli compliance

> The three legal rules Senderz enforces at the send worker: explicit opt-in, STOP handling, and quiet hours + Shabbat.

Israeli marketing law is enforced in Senderz one layer above the provider API — at the send worker, regardless of what a campaign builder or API caller requested. A bug in a builder cannot produce a non-compliant send.

## The three rules

<CardGroup cols={2}>
  <Card title="Explicit opt-in" icon="hand">
    No marketing send to a channel without recorded opt-in for that channel.
  </Card>

  <Card title="STOP handling" icon="ban">
    Inbound STOP suppresses the number within seconds and logs it.
  </Card>

  <Card title="Quiet hours & Shabbat" icon="moon">
    Marketing SMS, voice and push to Israeli numbers are blocked at night and
    on Shabbat. See [the dedicated page](/en/compliance/quiet-hours).
  </Card>

  <Card title="Evidence log" icon="clipboard-check">
    Every consent change writes source, IP, timestamp and channel to an
    append-only log.
  </Card>
</CardGroup>

## Explicit opt-in

SMS sends to a number without a recorded SMS-channel opt-in
(`smsConsent = subscribed`) are **rejected**. Email follows the same model. Source, IP, timestamp and channel are written to the consent log on every change.

Consent on import is conservative — a row is opt-in only if the file carries a truthy consent signal, and SMS is never auto-subscribed. See [Consent & compliance](/en/audience/consent).

## STOP handling

Inbound STOP messages from the carrier (019 / CommPeak) delivery-receipt webhooks flow through event ingest, suppress the number for that workspace within seconds, drop `smsConsent` to `unsubscribed`, and append to the consent log.

<Info>
  Transactional and OTP messages are **exempt** from STOP suppression and
  quiet hours — the recipient requested them.
</Info>

## The email carve-out

<Note>
  **Email is exempt from the legal Israeli quiet-hours + Shabbat block by
  product decision.** The merchant (or the flow trigger) decides when their
  marketing email fires — email marketing in Israel isn't carrier-regulated
  the way SMS is, and the merchant, not the carrier, pays for the reputation.
  Email still honours the merchant's **own** configured windows.
</Note>

## Transactional separation

Transactional mail — order confirmations, OTP, password resets — flows through a **separate path** that bypasses frequency caps and quiet hours. The separation is at the message-type level, not the campaign level. Don't route marketing content through the transactional path to skip the gates.

## Where enforcement lives

| Rule                  | Enforced at                                      |
| --------------------- | ------------------------------------------------ |
| Opt-in                | Send worker (suppression + consent check)        |
| STOP                  | Carrier DLR webhook → event ingest → suppression |
| Quiet hours / Shabbat | Send worker gate (`isAllowedSendTime`)           |

Because enforcement is at the worker, it applies equally to campaigns, flows, tests and API-driven transactional attempts.
