Promotional emails promote a product or service (for example, recovery emails, newsletters, promotions) and represent an opportunity to strengthen and expand your relationship with customers. This FAQ outlines some best practices for enabling compliance, but you should be aware of laws that restrict your ability to use your customers’ personal data for promotional content—check with your legal counsel if you’re unsure.
Best practices for compliance
Privacy and marketing laws require companies to notify or gain consent from customers before sending promotional emails and promptly honor unsubscribe requests.
Checkout helps you optimize collection of customer opt-in and opt-out permissions.
The laws around consent to use personal data such as emails to send promotional messages differ by country. For US merchants and customers, laws generally allow sending promotional messages as long as you offer an opt-out opportunity and honor any unsubscribe requests that you have received. Many rest of world jurisdictions require an affirmative consent flow.
When you enable promotional emails, Checkout presents a checkbox beneath the email field that reads “Keep me updated with news and personalized offers.” It can be unclear which country’s laws apply to a particular transaction. Because of this, Stripe uses logic that considers both the jurisdiction of your Stripe account and the IP address of the customer to determine whether the default is for the checkbox to be checked or unchecked. When our logic determines that either your Stripe account or the customer is located in a jurisdiction that requires (or is otherwise advisable to obtain) affirmative consent, by default, we present such customers with the unchecked checkbox.
This feature can also help you send abandoned cart or “recovery" emails, which are encouraging emails sent to customers who almost made a purchase. In the case of recovery emails, you only receive the email addresses of prospective customers who’ve entered their email addresses into your checkout form and have given permission to receive promotional emails (that is, the email address is validated and the checkbox is checked when the checkout session expires). We recommend that you use these emails only for sending recovery emails and limit targeting broader marketing campaigns to customers who have successfully completed a purchase and provided consent.
In either case, if the customer notifies you that they don’t want to receive promotional content or you have another reason to believe they don’t want their personal data used to send promotional emails, don’t send the emails, despite the permission provided from Checkout.
Customer unsubscribe requests
All promotional emails must include information about the sender and a way for customers to unsubscribe, and you must promptly honor all unsubscribe requests. Customers who have unsubscribed shouldn’t receive promotional emails unless they subsequently express consent. To make sure you meet requirements in your jurisdiction, provide customers the opportunity to withdraw their consent or unsubscribe to future marketing content directly from your website or an easily-accessible customer service process. The process for withdrawing consent should be as easy as providing consent.
If a customer reaches out to Stripe with a request to delete their personal information or to stop using it for promotional purposes, Stripe won’t act on that request. Stripe acts as a service provider/processor to you, and will treat these unsubscribe requests like other “data subject requests” that Stripe receives regarding your customers. Stripe will redirect the customer back to you to respond to, and honor, their requests.