Email Regulatory Compliance

Complying with privacy and communication legislation when sending emails with OneSignal

Most countries have some form of government legislation that protects an individual’s privacy. The requirements to comply with relevant legislation vary from country to country. When sending messages with OneSignal, it is your responsibility as the Sender to:

  • Ensure that messages you send comply with your country's privacy legislation, and
  • Ensure that messages comply with the privacy legislation of the recipient's country.

Opt-In Consent Requirements for Marketing Emails

European Union countries, the United Kingdom, Singapore, Hong Kong, Australia, Canada, and New Zealand all require opt-in consent from individuals before sending them marketing communications.

The United States has a mix of many different federal and state legislations that could either require opt-in or opt-out consent for sending marketing messages.

Some countries even require a double opt-in approach; for example, The German Federal Supreme Court has gone on record saying that opt-in is insufficient for collecting consent and that double opt-in is more appropriate.

Getting Opt-In Consent

We recommend that at a minimum you ensure your recipients have opted into receiving marketing communications from you before sending them messages. You can do this by adding a checkbox on your website where a person can select whether they want to opt-in to receive marketing messages from your organization.

If it’s been a long time since you have messaged your marketing list, you might want to consider sending them an opt-in request in order to refresh your subscription list.

Allowing Recipients to Opt-Out

All email marketing messages should also contain a clearly identifiable "unsubscribe" link, that allows the user to opt-out of receiving messages going forwards.

Depending on which countries' legislation you are complying with, you will need to honor the opt-out request within a certain number of days. For the United States, the CAN-SPAM Act requires that opt-out requests are honored promptly (within a maximum of 10 business days).

Email Content

The CAN-SPAM Act in the United States also has rules around the content of emails. Organizations must not use false or misleading header information or deceptive subject lines. Emails must include a visible physical address, meaning you must tell recipients where your organization is located and provide a physical postal address.

Managing Subscription Preferences in OneSignal

You can manage your user’s subscription preferences using Unsubscribe Links & Email Subscriptions. Following our Email Best Practices and Email Acceptable Use Policy & Code of Conduct will help ensure that your emails are delivered as expected.