Guides
Start typing to search…

Consent-Aware Marketing Automation

Description

A marketing automation agent may send an email only if the contact has valid consent, cadence rules are met (e.g., at least 7 days since last touch), the audience segment is allowed, daily/hourly send rates remain under limits, and trust ≥ 75.

Policies can incorporate brand or product lines, per-region consent regimes (e.g., CASL/GDPR), suppression lists, and quiet hours. Each send action uses a one-shot token; the decision logs contact ID/hash, segment, consent state, cadence result, and rate-limit counters.


Business Value

Reduce spam and legal risk while protecting sender reputation; clean audits of every send:

  • Lower legal and reputational risk: Enforce consent and cadence on every send, including triggered flows.
  • Better deliverability: Rate-limits and quiet hours protect sender reputation and inbox placement.
  • Centralized governance: Apply consistent rules across ESPs, CDPs, and in-house senders.
  • Diagnostics & control: Clear denial reasons (e.g., “cadence violation” or “no consent”) reduce troubleshooting time.

Why Not With Alternatives?

Traditional IAM can’t easily factor region-specific column policies and trust in a single decision per export job with verifiable agent identity and action-level audit trails:

  • ESPs/CDPs manage lists and suppression but rely on app-level configuration that’s easy to diverge across brands, regions, and microservices. They typically can’t enforce per-message policy decisions that combine consent, cadence, segment allowlists, and rate-limits tied to a verifiable agent identity and one-shot token.
  • OAuth/API keys prove the app, not the specific agent and capability; they don’t provide single-use, contextual authorization per message.
  • Custom checks in code scale poorly and drift across teams; they lack a unified audit log with consistent denial/allow reasons.

Policy

default allow = false

allowed_segments = {"customers","trial","warm_leads"}

allow if {
  input.action == "send_email" # agent/bot will need to have this capability in its VC
  input.resource == "smtp://marketing"
  input.context.consent == true
  input.context.days_since_last_contact >= 7
  allowed_segments[_] == input.context.segment
  input.trust >= 75
}

Updated 6 days ago