Skip to main content

Overview

Email opt-in requirements vary by region and impact how you collect customer information during checkout. Understanding these regulations helps you stay compliant while building your email list. Different countries have different laws governing how businesses can collect and use email addresses for marketing purposes. This article covers opt-in requirements for major regions so you can configure your checkout appropriately.
Warning: This article provides general guidance only and does not constitute legal advice. You are responsible for ensuring your checkout and marketing practices comply with applicable laws in your jurisdiction and the jurisdictions of your customers. Consult with a qualified legal professional for specific compliance questions.

United States

The United States operates under the CAN-SPAM Act, which governs commercial email communications.

Key requirements

  • Opt-out required: You must provide a clear way for recipients to unsubscribe from future emails
  • Implied consent allowed: You can email customers who have made a purchase or inquiry
  • Accurate sender information: Emails must include valid sender details and physical address
  • Honest subject lines: Subject lines must accurately reflect the email content

Checkout configuration

For US-based customers, you can:
  • Add customers to your email list after purchase (transactional relationship)
  • Include an optional marketing opt-in checkbox for additional communications
  • Always provide an unsubscribe option in marketing emails

European Union (GDPR)

The General Data Protection Regulation (GDPR) sets strict standards for data collection and email marketing in the EU.

Key requirements

  • Explicit consent required: You must obtain clear, affirmative consent before sending marketing emails
  • Separate consent: Marketing consent must be separate from terms acceptance
  • Pre-checked boxes prohibited: Opt-in checkboxes cannot be pre-selected
  • Easy withdrawal: Customers must be able to withdraw consent as easily as they gave it
  • Data access rights: Customers can request access to or deletion of their data

Checkout configuration

For EU-based customers:
  • Include an unchecked marketing consent checkbox
  • Clearly explain what customers are consenting to
  • Keep records of consent for compliance purposes
  • Transactional emails (order confirmations, access details) do not require marketing consent

Canada (CASL)

Canada’s Anti-Spam Legislation (CASL) is among the strictest email marketing laws globally.

Key requirements

  • Express consent preferred: Obtain explicit permission before sending commercial emails
  • Implied consent limited: Implied consent from purchases expires after 24 months
  • Clear identification: Emails must clearly identify the sender
  • Unsubscribe mechanism: Must process unsubscribe requests within 10 business days

Checkout configuration

For Canadian customers:
  • Include an explicit marketing consent checkbox
  • Document when and how consent was obtained
  • Track consent expiration for implied consent
  • Honor unsubscribe requests promptly

Australia (Spam Act)

Australia’s Spam Act 2003 regulates commercial electronic messages.

Key requirements

  • Consent required: You need consent before sending commercial emails
  • Inferred consent allowed: Existing business relationships can imply consent
  • Sender identification: Emails must clearly identify the sender
  • Functional unsubscribe: Must include a working unsubscribe option

Checkout configuration

For Australian customers:
  • Include an opt-in checkbox for marketing communications
  • Transactional emails related to purchases are generally permitted
  • Maintain clear records of consent
  • Process unsubscribe requests within 5 business days

Configure opt-in settings

To set up email opt-in options on your checkout:
  1. Navigate to Sales in your dashboard
  2. Select your offer and open checkout settings
  3. Go to Form Fields
  4. Enable the marketing consent checkbox
  5. Customize the consent language as needed
  6. Save your changes
Tip: Consider using different checkout configurations for different regions if you have a global audience. This helps ensure compliance while maximizing your ability to communicate with customers who want to hear from you.

FAQs

Do I need separate opt-in for transactional and marketing emails?

Transactional emails (order confirmations, access instructions, account updates) generally don’t require marketing consent. Marketing emails (promotions, newsletters, product announcements) do require appropriate consent based on the customer’s region.

What if I don’t know where my customer is located?

When customer location is uncertain, apply the strictest applicable standard. Using GDPR-compliant practices (explicit opt-in) for all customers is a safe approach. Retain consent records for as long as you’re sending marketing emails to that contact, plus any additional period required by applicable law. Many businesses keep records for at least 3-5 years.

Can I email customers who purchased but didn’t opt in?

This depends on the region. In the US and Australia, you generally can send marketing emails based on an existing business relationship. In the EU (GDPR) and Canada (CASL), explicit consent is typically required for marketing emails.