GCS Messaging Compliance Policy

1. Purpose

This Messaging Compliance Policy describes GCS's approval-first approach to email and customer communications. It is CASL-aware for Canadian commercial electronic messages and should be reviewed by counsel before relying on it for any regulated messaging program.

The policy is meant to guide a paid pilot without pretending that the platform alone guarantees compliance. Messaging compliance depends on the client relationship, consent records, message purpose, sender identity, provider configuration, and the final text actually sent.

2. Transactional versus commercial messages

Transactional or account messages may relate to setup, billing, activation, security, support, or access. Commercial customer follow-up may promote services, recover quotes, seek bookings, reactivate old leads, or encourage a customer action. Different rules may apply depending on message purpose and jurisdiction.

A message that begins as operational can become commercial if it encourages a purchase, booking, quote acceptance, renewal, or reactivation. Clients should review borderline messages carefully, especially when combining service information with promotional language.

3. Consent requirements

Commercial electronic messages may require express consent, implied consent, or another lawful basis. The client is responsible for the customer relationship and for confirming appropriate consent unless GCS account settings, provider rules, and documented compliance workflows are configured to support that requirement.

Examples of relevant consent context may include an active customer relationship, a recent inquiry, a quote request, a business card, an existing contract, or express permission. These examples are not legal conclusions and must be verified against applicable law and facts.

4. Identification requirements

Commercial electronic messages must include required sender identification where applicable, such as the business name, contact details, and other information required by law. Drafts prepared by GCS must be reviewed before use to confirm the correct sender identity and contact information.

If a message is sent on behalf of a client business, the client should confirm who is identified as the sender, what mailing address or contact channel is included, and whether any third-party platform or service provider must also be identified.

5. Unsubscribe requirements

Commercial electronic messages must include a valid unsubscribe mechanism where required. The client is responsible for honoring unsubscribe requests and suppression status unless the GCS account is configured with provider-level suppression handling and reviewed compliance settings.

Unsubscribe handling should be practical, prompt, and documented. If GCS only prepares drafts, the client must ensure the final sending system includes the required mechanism and that future drafts do not ignore known opt-outs.

6. Suppression lists

Suppression lists, opt-out status, bounced addresses, complaint records, and do-not-contact notes should be maintained accurately. Clients must not bypass suppression controls or ask GCS to prepare messages to people who should not receive them.

If suppression data lives in an email provider, CRM, spreadsheet, or client notes rather than GCS, the client must reconcile that status before approving a message. GCS cannot safely infer consent or suppression status from incomplete records.

7. Client responsibility

The client remains responsible for customer-facing messages, customer consent, relationship context, message approval, sender identity, unsubscribe handling, and proof of consent. GCS can prepare email drafts, but the client must review and approve customer-facing messages before use.

Client approval should include confirming that the recipient is the right person, the message is accurate, the commercial purpose is allowed, the customer has not opted out, and the timing does not create a privacy, harassment, or consumer-protection concern.

8. Approval-first customer messaging

GCS defaults to approval-first customer messaging. Customer follow-up drafts, owner notifications, quote recovery prompts, and reactivation suggestions are prepared internally for owner review and are not sent externally by default.

Approval-first design is a risk-control measure, not a legal safe harbour. Human review must be meaningful, and clients should not bulk-approve messages without checking consent, message type, and customer context.

During a paid pilot, this means GCS may help the client identify what could be said next, while the client decides whether the message should be used at all. If there is uncertainty about consent, suppression, identity, unsubscribe language, or customer sensitivity, the safer workflow is to pause and seek legal or operational review before sending.

9. No automatic campaigns by default

GCS does not automatically send marketing campaigns or commercial customer follow-up by default. External sending requires provider configuration, account rules, consent settings, suppression handling, and a workflow that has been reviewed for the intended use.

If future campaign features are enabled, they should include documented sender details, list source controls, consent proof expectations, unsubscribe handling, rate limits, provider compliance checks, and a clear record of who approved the send.

10. Customer email drafts

GCS can prepare email drafts and owner-review materials. The client is responsible for approving the final content, checking accuracy, confirming customer consent, and ensuring any required identification and unsubscribe information is included before a commercial electronic message is sent.

Drafts may need edits for pricing, warranties, availability, service area, customer history, legal disclaimers, tone, and personalization. A draft should not be copied into an email provider without final review.

11. Recordkeeping and consent proof

Clients should maintain records of consent, customer relationship history, unsubscribe requests, message approvals, suppression status, and message content. GCS records may assist operational review but should not be treated as complete legal proof without counsel review.

Records should ideally show when consent was obtained, what relationship supports implied consent, what message was approved, who approved it, when it was sent, and how unsubscribe requests were processed. Missing records increase compliance risk.

12. Cross-border messages

Messages to recipients outside Canada may raise additional rules, including CAN-SPAM, TCPA-like rules, state privacy laws, telecom rules, or platform-provider policies. Cross-border campaigns and future SMS or voice features require separate legal and provider review.

Different channels can create different obligations. Email, SMS, phone calls, voicemail drops, and voice assistants should not be treated as interchangeable, and enabling one channel does not mean another channel is approved.

13. Lawyer-review notice

This Messaging Compliance Policy is a serious CASL-aware draft for review and does not guarantee legal compliance outcomes. Draft for review. Not legal advice. Lawyer review required before full commercial reliance.

Before any commercial messaging workflow is enabled for production, the client and GCS should confirm the message categories, consent sources, suppression process, sender identity, unsubscribe mechanism, provider configuration, approval record, and escalation path for complaints or opt-out disputes.

The final policy should also match actual email-provider capabilities, customer data flows, and the client's documented sales process.