Anti-Spam Policy
Effective date: 2026-05-28 · DRAFT v4 — counsel review required
> Not legal advice. Working draft. This Policy applies both to communications CRMish sends to you, and to communications you send to others using the Service.
1. Our commitment
CRMish (operated by JAS Operations LLC dba CRMish) treats anti-spam compliance as a core operating principle. We do not tolerate spam on the Service — either spam we send, or spam sent through the Service by users.
This Policy describes:
1. How we comply with anti-spam law when we communicate with you (§2). 2. The rules you agree to follow when you use the Service to communicate with others (§3). 3. What happens if you violate those rules (§4).
2. Email we send to you
We follow CAN-SPAM (U.S.), CASL (Canada), GDPR + PECR (EU/UK), and the Australian Spam Act for any email we send.
2.1 Transactional email
Transactional email is sent to fulfill the Service: password resets, account confirmations, billing receipts, invite acceptances, scheduled sprint nudges, daily-drop deliveries, security notices.
- You receive these because you have an account or have explicitly enabled the feature.
- You cannot opt out of strictly-necessary transactional email (security, billing) while your account is active. Deleting your account stops them.
- You can opt out of opt-in transactional email (push notifications, daily drop, scheduled sprint nudges) from Settings → Notifications inside the Service.
2.2 Product update email
Occasional emails about new features, planned changes, and customer-success tips.
- Default: on at signup.
- Opt-out: from Settings → Notifications, or the unsubscribe link in the footer of every product-update email.
2.3 Marketing email
Promotional offers, webinars, or content from CRMish.
- Default: off.
- We send these only if you explicitly opt in.
2.4 What we never do
We do not send unsolicited marketing email. We do not rent or sell your email address to anyone for marketing purposes. We do not share your email with our affiliates for marketing. We do not email contacts you have imported via webhook ingest — those belong to you.
3. Email and messaging you send through the Service
CRMish is a CRM, not a bulk-email tool. The Service does not currently send outbound marketing email on your behalf. If we add such a feature in the future, the rules in §3.1 below will apply.
3.1 If you ever send messages from CRMish to your contacts
When you use CRMish to send any commercial communication to a contact — whether via integrated email, SMS, or any messaging channel we add — you agree to:
1. Have a lawful basis for sending. Consent, contract, legitimate interest, or whatever your jurisdiction requires. 2. Identify yourself accurately. No false or misleading "From" addresses, "Reply-To" addresses, or subject lines. 3. Include your physical mailing address in commercial email (CAN-SPAM requirement). 4. Provide an unsubscribe link that works in one click without requiring login, and honor unsubscribes within 10 business days (CAN-SPAM) or sooner under stricter regimes. 5. Not contact people who have unsubscribed, even if you re-acquire their contact info from another source. 6. Not contact people on a suppression list maintained by you or by us. 7. Include accurate header information that does not falsify the origin of the message.
3.2 Webhook contact import — your responsibility
If you import contact records via our webhook integrations (ClickFunnels, GoHighLevel, Kajabi, etc.), you specifically represent and warrant that:
- Each contact has consented to receive communications from you, OR you have another lawful basis under applicable law.
- The funnel or service from which you import has presented the contact with disclosures consistent with applicable law (CAN-SPAM, GDPR Articles 13–14, CASL).
- You will honor any opt-out or deletion request received via any channel, including ones not yet routed through CRMish.
You are the data controller for contacts you import. CRMish acts as a data processor. See the Data Processing Addendum.
3.3 No purchased lists
You may not use the Service to manage or message contacts purchased from a list broker, scraped from public websites, or otherwise acquired without independent, verifiable consent.
3.4 No spamtraps, no harvested addresses
You may not use addresses that you know or have reason to know are spamtraps, role accounts (postmaster@, abuse@, etc., unless directly relevant), or harvested from public sources without consent.
4. Enforcement
If we determine, in good faith, that you have violated this Policy, we may:
- Warn you and request remediation.
- Suspend the affected feature.
- Suspend or terminate your account.
- Report violations to law enforcement or to recipient anti-spam authorities.
- Pursue civil remedies for damages caused to CRMish's deliverability or reputation (we share IP ranges with other customers; your spam hurts them).
You are responsible for any costs we incur as a result of your violation — including ISP fines, deliverability remediation, and legal fees. See Terms of Service §17.
5. Reporting suspected spam
If you receive spam that came through CRMish, or you believe a CRMish user is spamming you, report it to abuse@crmish.io. Include:
- The full headers of the message (if email).
- The platform / channel.
- Approximate date and time.
- Any URL the message linked to.
We investigate every report and respond within 5 business days.
6. Cooperation with authorities
We will cooperate with valid legal process and good-faith requests from regulators, ISPs, and recipient anti-spam authorities (e.g., FTC, CRTC, ICO, AEPD, OAIC) in connection with suspected spam originating from the Service.
7. Changes
We may update this Policy. Material changes will be posted here.
8. Contact
| For | Email | |---|---| | Spam reports | abuse@crmish.io | | Compliance questions | legal@crmish.io |
Document version: anti-spam-v1 · Last updated 2026-05-28.