Understanding consent in profiles

You will learn 

Learn how to understand consent in profiles and best practices for email and SMS compliance.

Rules around customer consent vary between email and SMS. It is crucial to understand these differences to comply with international laws and maintain a positive relationship with your customers. 

Viewing a profile’s consent status

To see if a profile is able to receive messages and has provided consent, navigate to their profile.

At the top of the Details tab of a profile page, you'll see the profile’s consent status and ability to receive messages by channel. The different statuses you may see are:

• Subscribed
  The Subscribed status (represented by a green checkmark) indicates that the profile has provided explicit consent to receive marketing and is reachable through the channel.
  
  
  
• Unsubscribed 
  Unsubscribed (represented by a red indicator) means that the profile is unable to receive marketing through the channel because they have explicitly opted-out. Note that consent status and suppression status are separate from each other. For example, a profile that is subscribed can be manually suppressed.
  
• Never subscribed
  Never subscribed (represented by a yellow exclamation) means the profile has neither subscribed nor opted out of email marketing. They are able to receive emails since they are not suppressed (e.g., an abandoned cart flow email), but you should exercise caution when contacting them.
  

By expanding a channel, you can see additional details around the profile’s subscription status.

If a profile is not able to receive messages because they are suppressed, there are details around their suppression at the bottom of the channel when expanded.

For more information on suppression and unsubscribes, see our guide on suppressed profiles in Klaviyo. 

Profiles that have never subscribed 

There are certain methods of adding a profile that will result in a consent status of Never Subscribed, resulting in a yellow checkmark for the email channel on a profile if they are not also suppressed. For example, subscribers that provided their information when starting a checkout without opting in to email marketing, would have a consent status of Never Subscribed.

These profiles are able to receive emails, but you should exercise caution when contacting them. Depending on your local regulations you may be permitted to email these profiles if you believe they have implied consent. Make sure to use good list cleaning practices and consider each contact’s engagement when deciding whether to send to them.

Email

When someone subscribes to one of your lists (e.g., through a signup form) their consent status is marked as Subscribed in Klaviyo. This results in the creation of their profile in your account (if it does not already exist) and a green checkmark representing their subscription status.

GDPR

In some cases, international laws will affect email consent. A prime example of this is GDPR, which governs residents of the EU. For information on how to remain compliant and access appropriate consent for EU customers, please see our article on collecting GDPR-compliant consent.

Best practice

It is best practice to have double opt-in enabled in your account. This means that, when a customer subscribes via a signup form or other subscription method, they will receive a confirmation email to verify that they want to subscribe. Double opt-in ensures that you maintain good deliverability and avoid spam traps that negatively affect your sender reputation.

Klaviyo also requires that you include an unsubscribe link in all of your emails. This is required by US law and ensures a seamless experience for your customers, improving email deliverability. It is always better that someone unsubscribes from your content rather than marks it as spam. You can customize your unsubscribe link as well to fit your business style and needs.

SMS marketing and transactional

SMS consent is collected separately from email consent. If you have email consent for a profile, that does not mean that you can legally send that same contact text messages and vice versa.

In order to send an SMS message to a profile, you must collect their SMS consent. You can ask for SMS consent in a landing page on your site, prompt website visitors to subscribe in a signup form, or request it from email subscribers in a campaign. To learn more about how to gain SMS consent, head to our guide on collecting SMS subscribers.

SMS marketing consent includes the ability to send a profile transactional messages, but the opposite is not true. If someone only has SMS transactional consent, they can only receive SMS transactional flow or conversational messages. 

Once SMS consent is provided by a profile, you will see another green checkmark denoting their consent status next to their phone number on the Details tab of the profile page.

Best practices

Like email, the double opt-in process for SMS is highly recommended. This will confirm that the phone number of the recipient is legitimate, provide you with a record of consent, and allow text message recipients to opt-out if they change their mind.

A recipient marking a text message as spam carries greater consequences than a recipient marking an email as spam. If you are reported as spam by recipients, you may be subject to hefty fines. SMS consent laws depend on the country. To comply with their laws, Klaviyo requires that you send certain keyword responses to customers. These keyword responses are free of charge and can be edited. Note that any optional keywords, such as custom subscribe keywords, are not free. 

Push notifications

In order to send a push notification to a profile, you must collect their explicit consent first.

Push notification consent is collected separately from email and SMS consent. If you have consent for a different channel, that does not mean that you can send push notifications to that contact until they specifically opt in to receive push notifications.

Once a profile grants consent, you will see a green check mark denoting their consent status on their profile page.

Best practices

To collect push notification consent, you must provide customers with a permission screen prompt during their first interaction with your mobile app. It is best practice for your permission screen prompt to include consent language that provides the following information and allows them to opt in or opt out:

• What types of notifications your brand sends
  Include details about the different push notifications your brand plans to send (for example, account changes, account changes, reminders, and special discounts).
• Why users should opt in
  Include information around why a customer should provide permissions (for example, to receive important updates or early access to sales).

Updating subscriptions and suppressions

You can update subscriptions and suppressions for a recipient on the Details tab of the profile page as well.

Resubscribe or remove suppressions from a profile 

If a profile has unsubscribed or marked an email as spam, you can resubscribe them if necessary. Ensure that this profile would like to be subscribed and receive marketing before resubscribing.

To resubscribe a profile that is unreachable because they unsubscribed or marked an email as spam, click on the menu next to the consent indicator for the profile:

You can also remove any suppressions for profiles that may be suppressed from specific lists.

When a profile is suppressed from a specific list, you can remove that list specific suppression by selecting Remove for the appropriate list.

Suppress or unsubscribe a profile 

You can also suppress and unsubscribe a profile on the Details tab. To do this, click on menu next to the consent indicator on a profile:

Subscription events

When a profile provides consent to receive marketing, Klaviyo will set an event on the profile to capture this. This event is set when the profile successfully subscribes to a channel, and was previously never subscribed, unsubscribed, or manually suppressed. 

Depending on the channel a profile has subscribed to, these events are:

• Subscribed to email marketing 

• Subscribed to SMS marketing

If a profile is added to a list when they subscribe, the Subscribed to list event will also appear on their event timeline. 

When profiles unsubscribe, events are also captured on their event timeline to reflect this. The Clicked and Unsubscribed from Email event is emitted when a profile clicks the unsubscribe link in an email to unsubscribe from email marketing. This event is only set when a profile takes action to unsubscribe themselves by clicking on the link in an email. 

The Unsubscribed from Email marketing event is also set whenever a profile has email marketing consent removed, including when it's done manually for a profile by a user on your account or through Klaviyo’s APIs.

Additionally, if a profile is removed from a list when they unsubscribe, the Unsubscribed from list event will also appear on their event timeline. 

For SMS marketing, the Unsubscribed for SMS event is set whenever a profile is unsubscribed for the SMS channel. 

You can use these subscription events to understand when profiles have opted in and out of a channel, and can be segmented on to create groups of profiles with similar subscribe or unsubscribe dates. 

Onsite tracking 

By enabling basic onsite tracking on your website, you can collect helpful information around browsing activity that can be leveraged to further personalize your marketing.

When you add onsite tracking to your site, Klaviyo will only track the browsing activity of "known browsers" — i.e. browsers that have visited, engaged, and been identified (or "cookied"), at least once before. Klaviyo will not track anonymous browsers.

There are two main ways Klaviyo is able to identify customers and cookie them so they are tracked during all future visits to your page and their onsite behavior tracked: 

A visitor will be identified when they:

• Submit a Klaviyo signup form 
• Click a link from a Klaviyo email 

Additional resources

• The difference between SMS and email
• How to collect SMS consent
• Frequently asked questions about GDPR