Compliance & Privacy
CampaignOS provides built-in tools for managing consent, unsubscription, and data subject requests.
Unsubscribe
GET /api/unsubscribe
One-click unsubscribe via token or message ID.
Auth: None required
Query Parameters:
| Param | Type | Description |
|---|---|---|
token | string | Signed unsubscribe token |
mid | string | Message ID (alternative to token) |
channel | string | Specific channel to unsubscribe from |
Response:
{
"success": true,
"message": "You have been unsubscribed"
}POST /api/unsubscribe
Same as GET but accepts parameters in the request body.
Request Body:
{
"token": "abc123...",
"messageId": "msg_abc123",
"channel": "EMAIL"
}When a contact unsubscribes:
- Consent status is set to
OPTED_OUTfor the channel - An audit log entry is created
- Future sends are immediately suppressed
Preference Center
GET /api/preferences
Returns the contact’s current channel preferences.
Auth: Token-based (no session required)
Query Parameters:
| Param | Type | Description |
|---|---|---|
token | string | Signed preferences token |
contactId | string | Direct contact ID (alternative) |
Response:
{
"contact": {
"id": "ct_abc123",
"email": "jane@example.com",
"firstName": "Jane",
"lastName": "Smith"
},
"preferences": [
{ "channel": "EMAIL", "status": "OPTED_IN" },
{ "channel": "PUSH", "status": "OPTED_IN" },
{ "channel": "TELEGRAM", "status": "OPTED_OUT" },
{ "channel": "ONSITE", "status": "OPTED_IN" }
]
}PUT /api/preferences
Updates channel preferences.
Query Parameters: Same as GET (token or contactId)
Request Body:
{
"preferences": [
{ "channel": "EMAIL", "status": "OPTED_IN" },
{ "channel": "PUSH", "status": "OPTED_OUT" },
{ "channel": "TELEGRAM", "status": "OPTED_OUT" }
]
}Data Subject Requests (DSR)
Export My Data
GET /api/workspaces/{workspaceId}/contacts/{contactId}/exportReturns a complete data export for a contact including identities, consents, tags, events, messages, segment memberships, campaign enrollments, push subscriptions, and inbox threads.
Forget Me (Right to Erasure)
POST /api/workspaces/{workspaceId}/contacts/{contactId}/exportRequires ADMIN role.
Anonymizes the contact:
- Nulls all PII fields (name, email, phone)
- Deletes identities and push subscriptions
- Marks contact as anonymized
- Logs an audit event
Consent Channels
| Channel | Description |
|---|---|
EMAIL | Email communications |
PUSH | Web push notifications |
TELEGRAM | Telegram messages |
ONSITE | On-site modals, banners, toasts |
SMS | SMS messages |
Consent Statuses
| Status | Description |
|---|---|
OPTED_IN | Contact has given consent |
OPTED_OUT | Contact has withdrawn consent |
PENDING | Consent not yet confirmed |
DOUBLE_OPT_IN_PENDING | Awaiting double opt-in confirmation |
Automatic Unsubscribe Links
Every email message automatically includes:
- A one-click unsubscribe link (
{{unsubscribeUrl}}) - A link to the preference center (
{{preferencesUrl}})
These are injected as personalization tokens during template rendering.