DARATRUST CENTER →
// EMAIL POLICY · CONSENT · OPT-IN AUDIT TRAIL

How DARA gets, verifies, and respects email consent.

We only send email to people who have explicitly opted in via a check-box on a DARA form. Every opt-in is timestamped, IP-logged, and one-click reversible. Below is exactly how we do it, where it happens, and what we send.

// 1 · WHERE

Every email collection has a required, explicit opt-in box.

We collect email addresses in only three places. Each one shows a required checkbox before the user can submit. No pre-checked boxes, no hidden defaults, no "if you don't reply we'll keep emailing".

Workspace sign-up
daraos.ai/signup
VISIT
"I agree to receive DARA briefings, alerts, and product emails."
Required to create an account. Stores email_consent_at + email_consent_ip on the user record.
Founder's Guide download
daraos.ai/founders-guide
VISIT
"I agree to receive the Founder's Guide + one short follow-up email two weeks later."
Required to receive the PDF. Stores email_consent_at + email_consent_ip on the lead record.
Industrial Pilot waitlist
daraos.ai/industrial
VISIT
Waitlist signup. Email used to schedule pilot kick-off only. No marketing emails sent without further opt-in.
Stored under industrial_waitlist with explicit pilot-application flag.
Verify any of the above forms — open the URL, you'll see the checkbox before the submit button.
// 2 · WHAT

Three kinds of email — all transactional or opted-in.

// TRANSACTIONAL
Login confirmation · password reset · billing receipts · invitations you sent
Sent to all account holders — required for service operation. CAN-SPAM exempt.
// WORKSPACE BRIEFINGS
Daily DARA Briefing · weekly Sales Pulse · activation digest
Sent ONLY to accounts whose owner ticked the consent box at signup. Owner can disable at Settings → Notifications.
// MARKETING / PRODUCT
New-feature announcements · case studies · ~4 emails per quarter, max
Sent ONLY to verified opt-in addresses. Unsubscribe header + footer link in every send.

We do not buy email lists. We do not scrape public sources. We do not append addresses from data brokers. Every recipient is a person who typed their email into one of our forms and ticked a box.

// 3 · HOW WE VERIFY

Audit trail + bounce monitoring keeps the list clean.

  • Pydantic-enforced server-side check — the email_consent field is required at the API boundary. Bypassing the UI returns a 400 error.
  • Timestamp + IP logged on every opt-in (email_consent_at, email_consent_ip). Available on request for any individual record.
  • Resend bounce webhook auto-removes hard-bounced addresses from future sends. Soft bounces tracked and suppressed after 3 consecutive fails.
  • One-click unsubscribe in every non-transactional email. Honored within 60 seconds (writes to email_unsubscribed_at), filtering all future sends globally for that address.
  • 14-day re-confirmation for any opt-in older than 24 months on quiet accounts.
// 4 · UNSUBSCRIBE

Three ways out, no questions asked.

  • Click the unsubscribe link in any DARA email — instant, no login required.
  • From the app: Settings → Notifications → toggle individual email categories off.
  • Email unsubscribe@daraos.ai from the address you'd like removed.

    • Questions, complaints, or audit requests?

    We respond within one business day. Auditors and ESP compliance teams can request the consent log for any address by emailing our security team.

    SECURITY@DARAOS.AITRUST CENTER
    BACK TO HOMEPAGE