As well as the security policies outlined here, GDPR approach here and cookie usage outlined here, FeedBlitz goes further in order to help you and your team avoid inadvertently creating GDPR and PII privacy risks within the service.
Dual Opt-In
Dual opt-in is the gold standard of organic subscriber acquisition, and FeedBlitz always recommends that this for clients as best practice in a privacy-centric solution. We do, however, also offer a more flexible single opt-in solution, as a beta feature, for very well-qualified clients based on:
- Account standing.
- Historical mailing performance.
- Account size.
- Account longevity.
Once an account is eligible, single opt-in may be enabled for the account as a whole or on a per-list basis. It's important to note however:
- Dual opt-in will always apply in jurisdictions with strong privacy regulations, or where FeedBlitz cannot confidently determine the visitor's location, or where the subscription attempt triggers internal anti-abuse flags.
- API-based subscriptions will always be dual opt-in unless the appropriate HTTP header(s) are present.
- Single opt-in may be revoked at FeedBlitz's discretion at any time of the account is not in good standing, or the metrics indicate mailing quality no longer meets our standards.
If your organization is very focused on privacy regulations we do not recommend enabling single opt-in, in the event that your account should meet the qualification criteria.
Location-based settings
If the visitor is in a GDPR-covered jurisdiction, or where FeedBlitz cannot reliably determine the visitor's country, or a Do Not Track (DNT) header is sent by the browser, FeedBlitz assumes that they are covered by GDPR and sets the visitor's preferences accordingly as the request is processed (e.g. essential cookies only unless the visitor explicitly changes the setting). Ads, if controlled and inserted by FeedBlitz per your account and list settings, won't be served to these visitors.
Personally Identifiable Information (PII)
Enterprise customers may enable an account setting to prevent list owners from creating additional custom fields that would store PII, such as Name, City or Birthday. This eliminates the risk that a well-intentioned employee accidentally stores PII against company policies, such as from a new signup form.
All PII is encrypted at rest, regardless. Enterprise users may also request irrevocable physical deletion of PII if and when necessary.
IMPORTANT: Do Not Store Regulated Data in FeedBlitz
No matter what, you should never store personal, regulated / covered data in FeedBlitz, such as subscriber health information, government issued identity numbers, financial data, or information about minors. FeedBlitz is not, for example, a HIPAA compliant system.