Compliance, Consent & Opt-Outs

​

Scope & Disclaimer

• You remain responsible for complying with:
  • Local and international regulations (e.g. GDPR, CAN-SPAM, TCPA, ePrivacy, etc.).
  • Your own policies and agreements.
• Tuco AI provides primitives (leads, fields, messages, webhooks) that you can combine into compliant flows.

​

Consent & Audience Management

​

Storing Consent

• Track consent-related attributes, such as:
  • hasConsentedToMessaging
  • consentSource (e.g. web form, signed contract)
  • consentTimestamp

• Store these as:
  • Custom fields on leads.
  • Additional metadata in your own database.

​

Using Consent in Campaign Logic

• Filter audiences based on:
  • Consent flags.
  • Channels allowed (e.g. iMessage vs email vs SMS).
  • Regions and applicable regulatory regimes.

eligibleLeads = leads.filter(
  lead.hasConsentedToMessaging &&
  lead.prefersImessageOrSms &&
  !lead.isOptedOut
)

• Only leads you have determined are compliant to contact.

​

Opt-Out Handling Patterns

​

Storing Opt-Out Flags

• Maintain flags like:
  • optedOutOfAll
  • optedOutOfImessage
  • optedOutOfSms
  • optedOutOfEmail

• Lead updates.
• Custom fields.

​

Detecting Opt-Outs from Replies

• Implement logic in your own systems to detect:
  • Messages containing patterns like:
    • “STOP”, “UNSUBSCRIBE”, “REMOVE ME” (case-insensitive, language-sensitive).
  • Domain-specific phrases for your regions.

1. Tuco ingests replies and surfaces them via:
   • The app’s inbox / UI.
   • Message or reply webhooks.
2. Your webhook consumer:
   • Classifies replies.
   • Updates:
     • optedOutOfX flags for the lead.
3. Future campaign logic:
   • Excludes leads with opt-out flags for the relevant channels.

​

Manual Opt-Outs

• Manually set or clear opt-out flags.
• View opt-out history per lead.

​

Channel-Specific Considerations

​

iMessage / SMS

• Clear identification of the sender.
• Clear instructions for opting out, especially for SMS.

• Include:
  • Your brand name.
  • Simple opt-out wording (e.g. “Reply STOP to unsubscribe” where appropriate).
• Ensure replies that represent opt-outs:
  • Are processed quickly.
  • Immediately stop further outreach on that channel.

​

Email

• Unsubscribe link or mechanism in every email.
• Valid physical mailing address.
• Accurate “From” fields and subject lines.

• Deliver email content as you design it.
• Track message states and replies.

• Including regulatory-required content in templates.
• Maintaining suppression lists for opted-out addresses.

​

Suppression & Exclusion Lists

• Global suppression lists:
  • Domains or addresses never to contact (e.g. internal test emails, role accounts).
• Campaign-level exclusions:
  • Don’t message leads included in another specific segment or campaign.

• Maintain suppression lists in your own system.
• Filter before creating campaigns or sending messages via Tuco.

​

Auditing & Record-Keeping

• Event history per lead:
  • When consent was granted and from where.
  • When opt-outs were received and processed.
  • Campaigns and messages sent.
• System logs:
  • Who in your organization modified consent or opt-out fields.
  • Changes to template content and targeting rules.

• Provide evidence of what was sent and when.
• Correlate with your own consent and opt-out records.

​

Governance & Review Processes

• Establish review processes for:
  • New templates (tone, content, compliance).
  • New campaign segments and targeting logic.
  • Changes to consent and opt-out handling logic.
• Involve:
  • Legal/compliance teams.
  • Data protection officers (where required).

​

Summary

• Send messages via multiple channels.
• Track deliveries and replies.
• Integrate with your systems via APIs and webhooks.

• Collect and store consent.
• Implement opt-out and suppression logic.
• Design and review your templates and campaigns.