Consent & Communication Policy

1. Policy Overview

CapEngage requires explicit consent for certain types of communications and data processing. This policy outlines our consent requirements, how we obtain consent, and how users can manage their consent preferences.

Our consent practices comply with GDPR, CCPA, India's DPDP Act, and other applicable privacy regulations.

2. Types of Consent

2.1 Communication Consent

We require consent for:

• Marketing Communications: Promotional emails, SMS, push notifications
• WhatsApp Messages: Business-initiated messages per WhatsApp policy
• SMS Marketing: Promotional text messages (TCPA compliance)
• Product Updates: New feature announcements, product news

2.2 Data Processing Consent

We require consent for:

• Analytics: Usage analytics and product improvement
• AI Training: Using anonymized data for AI model improvement
• Cross-Context Use: Using data across different services
• Personalization: Personalized recommendations and content

2.3 Essential Communications

Service-critical communications (account security, billing, service alerts) do not require separate consent as they are necessary for service delivery.

3. Obtaining Consent

3.1 Opt-In Mechanisms

• Unchecked checkboxes for marketing communications (no pre-checked boxes)
• Separate consent dialogs for each consent type
• Clear, specific descriptions of what consent covers
• Explicit affirmative action to grant consent

3.2 Consent Timing

Consent is obtained at:

• Account registration
• Enabling a new communication channel
• Before first marketing communication
• When introducing new data processing purposes

3.3 Consent Documentation

We maintain records of when and how consent was obtained, including timestamp, consent scope, and the method used.

4. Managing Consent

4.1 Withdrawal

Users can withdraw consent at any time through:

• Account settings → Communications preferences
• Unsubscribe links in every marketing email
• Reply "STOP" to SMS messages
• Contacting support@capengage.com

4.2 Granular Control

Users can manage consent preferences by:

• Communication type (email, SMS, WhatsApp, push)
• Communication purpose (marketing, product updates, transactional)
• Frequency preferences
• Data processing purposes

4.3 Processing Timeline

Consent changes are processed within 24 hours. Marketing communications may continue for up to 48 hours during processing.

5. Channel-Specific Consent Requirements

5.1 Email

• Explicit opt-in for marketing emails
• CAN-SPAM Act compliance (US)
• Clear unsubscribe mechanism in every email
• Physical mailing address included

5.2 SMS

• Express written consent for marketing SMS (TCPA)
• "STOP" opt-out mechanism
• Honor opt-outs immediately
• Respect quiet hours (8 AM - 9 PM local time)

5.3 WhatsApp

• Opt-in consent per WhatsApp Business Policy
• Use approved message templates
• 24-hour window for customer service messages
• Allow users to opt-out easily

5.4 Push Notifications

Browser and app-level consent obtained before sending push notifications. Users can disable notifications in browser/device settings.

6. Third-Party Consent

When integrating with third-party services:

• We obtain consent before sharing data with third parties
• Third-party consent requirements are respected
• Users are informed about third-party data sharing
• Consent can be managed per third-party integration

7. Consent Records

We maintain consent records including:

• Date and time of consent
• Consent scope and purpose
• Method of consent (checkbox, signature, etc.)
• IP address and device information (for verification)
• Withdrawal history