Some laws, such as GDPR and CAN-SPAM, request Typeform to help our customers remain compliant with privacy laws when sending email communications.
This Help Center article informs you about best practices when it comes to sending email communications with workflow automations to honor the preferences of your contacts.
You can find out more about what Contacts are in Typeform here, and learn more about setting up Automations here.
Email Marketing Compliance Checklist
1. Explicit Opt-In Consent
Require subscribers to actively opt in—no pre-checked boxes.
Tip! You can also use the Dropdown, Multiple Choice, Picture Choice, Yes/No, Legal, or Checkbox question types in your form to ask for explicit consent from your respondents.
2. Transparent Sender Identification
Use accurate and truthful “From” and “Reply-To” details. Avoid any misleading or deceptive sender information.
3. Honest, Clear Subject Lines
Craft subject lines that accurately reflect the content. Avoid clickbait or deceptive phrasing.
4. Valid Physical Address in Emails
Include a legitimate mailing address (e.g., office address or P.O. Box) regularly in communications.
5. Clear Unsubscribe Mechanism
Provide a straightforward, visible way for recipients to opt out. Honor unsubscribe or opt-out requests promptly, typically within ten business days (Typeform does it automatically if using the email footer link).
6. Be Regionally Aware & Respect Data Rights
Familiarize yourself with email and privacy laws relevant to your audience—such as CAN-SPAM (U.S.), GDPR (EU), CASL (Canada), PECR (UK), CCPA (California), and others as applicable.
7. Embrace Permission-Based Marketing
Focus on sending emails only to those who’ve granted clear permission—this builds trust, better engagement, and aligns with legal expectations.
8. Never Use Purchased or Third-Party Lists
Stick to organically grown lists of subscribers. Avoid buying or using lists you don’t own or where consent is unclear.
9. Maintain List Hygiene & Sender Reputation
Regularly clean your list by removing inactive or invalid addresses. Monitor deliverability, authenticate your domain with SPF, DKIM, and DMARC (needed to use Automations), and maintain a good sender reputation.