Sending Policy

Effective date: September 14, 2025 • Replaces all prior versions

This Sending Policy describes rules for using Piixoo to send electronic messages. It complements our Anti‑Abuse Policy, Terms of Service, Privacy Policy, and Data Processing Agreement (DPA). By sending through Piixoo you agree to these requirements.

1) Scope & Roles

• Customer controls recipient data and message content and must ensure a lawful basis for each message (e.g., explicit opt‑in).
• Piixoo provides tools (sending, warm‑up, analytics, suppressions) and enforces deliverability and anti‑abuse safeguards.

2) Consent & List Acquisition

• Send only to recipients who have provided valid, provable consent (time, source, method). Double opt‑in is recommended and may be required based on risk.
• Purchasing, renting, scraping, or appending email lists is prohibited. If you rely on referrals or B2B outreach, you must have a lawful basis and strict targeting and must honor opt‑out immediately.
• Maintain records of consent and subscription changes. Provide proof to Piixoo upon request.

3) Identity, Authentication & Routing

• Authenticate domains used in the From header with SPF, DKIM, and DMARC.
• Use accurate and recognizable From names and domains. No spoofing or misleading headers.
• Configure a monitored Return‑Path for bounces and an abuse@/postmaster@ inbox.
• Keep reverse DNS, MX, and TLS configurations up to date as applicable.

4) Content Standards

• Subjects and headers must not be deceptive. Include a valid physical mailing address where required by law.
• Marketing emails must include a visible, one‑click unsubscribe that is honored without undue delay.
• Prohibited content includes malware, phishing, illegal goods/services, hate or violence incitement, sexually explicit material to minors, and other content restricted by our Anti‑Abuse Policy.
• Large attachments and embedded executables are discouraged; use hosted links where possible.

5) List Hygiene & Suppressions

• Remove hard bounces, complaints, and unsubscribes immediately. Do not re‑mail suppressed addresses.
• Respect global and account‑level suppression lists.
• Use verification and segmentation for older or low‑engagement lists before high‑volume sends.

6) Warm‑Up & Rate Controls

• New domains or IPs must follow a gradual warm‑up plan. Abrupt volume spikes may be throttled or blocked.
• Piixoo may apply adaptive rate limits per domain, IP, or account to protect deliverability.

7) Reputation Thresholds

Operate below these targets; exceeding them may trigger remediation or suspension:

• Complaint rate (ISP FBL): target ≤ 0.10% per campaign; persistent ≥ 0.20% may result in throttling or suspension.
• Hard bounce rate: target ≤ 2.0% per campaign; persistent ≥ 5.0% may result in immediate suspension pending remediation.
• Block/deferral spikes: excessive blocks or timeouts may pause traffic for investigation.

8) Prohibited Uses

• Unsolicited bulk email, directory harvesting, dictionary attacks, or using third‑party lists without consent.
• Using Piixoo to test, distribute, or control botnets, malware, or exploits.
• Circumventing rate limits, warm‑up requirements, or reputation safeguards.

9) API, Webhooks & Automation

• Protect API keys and webhook endpoints. Rotate secrets promptly if exposed.
• Implement retries with backoff and idempotency for send operations.
• Process bounce and complaint webhooks to maintain suppression lists in near‑real time.

10) Monitoring & Enforcement

• Piixoo may analyze samples of message content, headers, and metrics to detect abuse signals.
• We may require corrective actions (list cleaning, template changes, segmentation, lower caps) as a condition of continued sending.
• We may throttle, queue, block, suspend, or terminate accounts for violations or threats to deliverability or security.

11) Data Protection & Security

• We process personal data according to our Privacy Policy and DPA.
• Implement appropriate access controls, encryption in transit, and least‑privilege principles.
• Retain logs and telemetry for a limited period for security, compliance, and troubleshooting.

12) Third‑Party Providers

We use third‑party infrastructure and subprocessors. Your use of Piixoo must comply with applicable third‑party terms, including acceptable use policies and service terms required by such providers.

13) Legal Compliance

You must comply with applicable laws and regulations governing electronic communications, including but not limited to CAN‑SPAM, CASL, UK PECR, GDPR (where applicable), and local consumer protection and privacy laws. You are responsible for determining the laws that apply to your sending.

14) Changes to this Policy

We may update this Policy to reflect changes in law, provider requirements, or best practices. We will post updates here and, where appropriate, notify you in the Service or by email. Continued use after the effective date constitutes acceptance.

15) Governing Law

This Policy is governed by the laws of the State of California, United States, with exclusive jurisdiction in the state and federal courts located in San Francisco, California, unless otherwise required by applicable law.