C

Join the waitlist

End-User Consent Guide

Effective Date: [Date]

Last Updated: [Date]

As a CustomerCove user, you are collecting behavioral data, survey responses, and (optionally) sending emails to your users. Many privacy laws — including GDPR (EU/UK), CPRA (California), PIPEDA (Canada), and PECR (UK) — require you to:

  • Inform your users what data is being collected and why
  • Identify CustomerCove as a third-party service provider
  • Obtain valid consent (when required)
  • Allow users to opt out or withdraw consent

When is consent required?

ActivityConsent Required?Notes
Collecting anonymous usage data (EU/UK)Yes (if identifiable)Required if tracking user actions persistently
Sending emails to usersYes (marketing), Sometimes (transactional)Rules vary by region
Triggering in-app surveysYes (if tied to identity or behavioral data)Consent or clear notice required

What to tell your users

Here’s sample language to include in your Privacy Policy:

We use CustomerCove, a product analytics and engagement tool, to understand how users interact with our product, deliver in-app surveys, and send behavior-based emails. CustomerCove may collect anonymized click data, page visits, session length, and responses to surveys. You can opt out or withdraw your consent at any time.

And in your cookie/tracking consent banner:

We use analytics tools (including CustomerCove) to improve your experience. This includes tracking usage and sending surveys or emails. Learn more or manage your preferences.

How to Use CustomerCove’s Tracking SDK with Consent

Do NOT initialize CustomerCove’s tracking until the user has consented.

Here’s a safe implementation pattern:


    if (userHasConsented) {
  customerCove.init({
    apiKey: 'xyz',
    userId: 'abc123',
    enableTracking: true,
    enableSurveys: true,
    enableEmails: true,
  });
}

If you are using our built-in consent banner, you can enable autoInit: true once consent is captured internally.

Optional: Resetting/Withdrawing Consent

If a user revokes consent, you should:

  • Stop firing tracking events
  • Stop triggering surveys
  • Stop sending behavioural emails (unless transactional)
  • Optionally, call:
    customerCove.disableTracking()

GDPR/CPRA-Specific Tips

RequirementHow to Meet it
Purpose limitationExplain exactly what you collect + why
Freely given consentNo pre-checked boxes or vague popups
Record of consentUse our consent logging (coming soon) or store your own logs

Important Legal Reminder

CustomerCove provides these tools as a convenience. However, you (the customer) are ultimately responsible for ensuring that your data collection and use complies with applicable laws and regulations.

We recommend consulting with your legal counsel for high-risk or regulated industries (healthcare, finance, etc.)

Contact

If you have any questions, you can contact us at privacy@customercove.io or support@customercove.io.

  • "We", "Us", "Our" means [Your Company Name], a company incorporated in [Your Jurisdiction].
  • Onboarding emails
  • Product announcements
  • Survey invitations
  • Usage nudges
  • Feedback requests

2. Prohibited Usage

You may not use the Email Services to:

  • Send unsolicited commercial emails ("spam")
  • Use misleading subject lines, sender names, or headers
  • Harvest or buy email lists
  • Send emails without valid user consent (per region)
  • Send emails to users who have opted out or withdrawn consent
  • Send phishing, scams, malware, or fraudulent messages
  • Include third-party tracking pixels or cookies that collect personal data without consent

3. Consent Requirements (Global Compliance)

By using CustomerCove’s Email Services, you represent and warrant that:

  • You have obtained valid consent from each email recipient, as required by their local law.
  • You maintain records of consent (e.g., timestamps, opt-in method, signup source).
  • You include a clear unsubscribe link in every non-transactional email.
  • You identify yourself clearly in every email (including company name and contact address).

If in doubt, we recommend you follow GDPR/CASL rules — they require explicit, informed opt-in, not just implied consent.

4. Unsubscribe / Opt-Out Handling

You must:

  • Include a one-click unsubscribe link in every email
  • Honor opt-outs within 10 business days (or sooner)
  • Not attempt to re-subscribe users who opted out unless they re-consent

5. Customer Liability

Customer is solely responsible for the content, recipients, and legality of all emails sent via CustomerCove. Provider is not liable for:

  • Failure to obtain consent
  • Email content that violates laws or third-party rights
  • Blacklist events, bounce penalties, or spam complaints resulting from Customer’s misuse

6. Monitoring and Enforcement

CustomerCove may monitor outbound email sending behavior to:

  • Detect bounce rates, spam complaints, open rates, etc.
  • Investigate reports of abuse or policy violations
  • Rate-limit, pause, or suspend email sending if thresholds are exceeded

7. Suspension & Termination

Violations of this policy may result in:

  • Temporary suspension of email functionality
  • Permanent ban from using email services
  • Account termination, at CustomerCove’s discretion

8. Email Infrastructure and Subprocessors

CustomerCove uses third-party services to send emails, including:

  • [SendGrid / SES / Postmark]
  • These subprocessors are subject to the Data Processing Agreement (DPA) available at: [https://customercove.io/legal/dpa]

9. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via email or in-app notice. Continued use of the Email Services after changes constitutes acceptance.

10. Contact

If you have any questions, you can contact us at privacy@customercove.io or support@customercove.io.