S'abonner
← Legal

Marketing Communications

v0.1.0-draft · Effective TBD · DRAFT · Audience: subscriber

Translation pending. The English-language source is shown below until a reviewed translation is available.

DRAFT, pending counsel review. This document is an internal draft prepared on 2026-04-26 by the engineering team. It has NOT been reviewed by external legal counsel. Do not rely on it for legal advice. Effective date is a placeholder pending sign-off. Apostle Pty Ltd makes no representation that this draft satisfies any specific jurisdictional requirement until counsel-reviewed.

PYLON Marketing Communications Policy

This policy explains how Apostle Pty Ltd (PYLON, we) sends emails and other electronic communications to people who have a PYLON account or have subscribed to a PYLON newsletter. It is consistent with the global anti-spam laws that apply to PYLON, including:

  • the United States CAN-SPAM Act of 2003 (15 U.S.C. §§7701–7713) and the FTC's CAN-SPAM Rule (16 CFR Part 316);
  • the Australian Spam Act 2003 (Cth) and the Spam (Consequential Amendments) Act 2003 administered by the ACMA;
  • the EU GDPR (Regulation (EU) 2016/679) Articles 6, 7, 13 and 21, and the EU ePrivacy Directive 2002/58/EC as amended;
  • the UK GDPR and the UK Privacy and Electronic Communications Regulations (PECR) 2003;
  • the Canadian Anti-Spam Legislation (CASL), S.C. 2010, c.23; and
  • the California CalOPPA (Cal. Bus. & Prof. Code §22575) and the CCPA/CPRA opt-out rights for sensitive use of personal information.

It supplements the Privacy Policy and the Terms of Service.

Table of contents

  1. The categories of communications we send
  2. How consent is obtained and recorded
  3. Frequency and content
  4. Identifying information in every email
  5. Unsubscribe and preference management
  6. Suppression list and bounce handling
  7. SMS, push and other channels
  8. Special rules by jurisdiction
  9. Contact and version

1. The categories of communications we send

We send three categories of communications. Each is governed by a different consent and opt-out regime.

1.1 Transactional

Always sent. These are necessary for the operation of your Account or your Subscription, and they are exempt from "marketing" definitions under most jurisdictions' spam laws (e.g., CAN-SPAM "transactional or relationship" content; Australian Spam Act "designated commercial electronic message" exemptions for facilitation of an existing relationship).

Examples:

  • magic-link sign-in emails;
  • email-verification challenges;
  • two-factor authentication codes and recovery-code reminders;
  • billing receipts, invoices, refund confirmations, payment-failed notices;
  • subscription change confirmations (renewal, cancellation, pause, upgrade, downgrade);
  • security alerts (new device sign-in, unusual access, password change, 2FA-disabled);
  • legal notices (DMCA receipt, counter-notice forwarded, court request received and complied with);
  • privacy-rights responses (GDPR export ready, GDPR deletion scheduled, GDPR deletion completed);
  • service-status notifications about an outage affecting your Subscription;
  • changes to the Terms of Service, Privacy Policy or Subscription Agreement that we are required to notify you of.

You cannot opt out of transactional emails while you have an active Account or Subscription. If you do not want to receive any of them, close your Account.

1.2 Product updates

Sent with consent (where required), opt-out otherwise. These are service-related communications that are not strictly necessary but inform you about features, changes, and selected catalogue highlights.

Examples:

  • new-feature announcements;
  • new-title arrivals on the catalogue (curated digest, not per-title spam);
  • editorial newsletters from our curators;
  • Q&A and watch-party announcements that are relevant to titles in your watchlist or recent watch history.

For users in the EU, UK, EEA, Switzerland, Australia and Canada, product-update emails are sent only with your prior, informed, opt-in consent. The opt-in is presented at sign-up as an unticked checkbox. Existing-customer "soft opt-in" exceptions (Article 13(2) ePrivacy Directive; Australian Spam Act inferred consent within an existing-customer relationship) may be relied on for closely-related communications, but we default to express consent.

For users in the United States and other CAN-SPAM-only jurisdictions, product-update emails may be sent on an opt-out basis consistent with CAN-SPAM, with a working unsubscribe link in every message.

1.3 Marketing

Sent with consent. These are messages whose primary purpose is to advertise or promote a product or service.

Examples:

  • promotional discounts;
  • referral campaigns;
  • gift-code campaigns;
  • partnerships with third-party Creators or platforms (only where the message is sent by us, not by the third party).

Marketing emails are sent only with your prior, informed, opt-in consent in every jurisdiction. We do not rely on a soft opt-in for marketing.

2. How consent is obtained and recorded

2.1 At sign-up

The sign-up form contains:

  • a mandatory acceptance of the Terms of Service and Privacy Policy (which is not consent to marketing);
  • an optional, unticked checkbox for product-update communications;
  • an optional, unticked checkbox for marketing communications;
  • for users where Cloudflare's IP geolocation indicates an EU/UK/AU/ EEA/CA jurisdiction, both checkboxes are unticked and the language is express ("yes, I want to receive marketing emails").

2.2 Newsletter subscribers (anonymous)

If you subscribe to a PYLON newsletter without creating an Account, we record:

  • your email address;
  • the segment you subscribed to (e.g., general, for-filmmakers);
  • a verification token sent by email (double opt-in for EU/UK/AU/CA jurisdictions);
  • the timestamp of the subscription and the timestamp of verification.

You verify by clicking the link in the verification email. Without verification, we will not include you in any newsletter dispatch in double-opt-in jurisdictions.

2.3 Record-keeping

For each user, we keep:

  • the date and source of the consent (sign-up flow, account preferences page, public newsletter form);
  • the version of this policy in effect at the time;
  • a hash of the IP / user-agent at the time of consent (privacy- preserving evidence of the consent action);
  • every change to the consent state and when it occurred;
  • the date and source of any unsubscribe.

Records are retained for the longer of seven (7) years or the period required by applicable spam law (CASL §13(1), three years records; Australian Spam Act, recommended retention to defend an ACMA complaint).

3. Frequency and content

3.1 Frequency

We aim for the least intrusive frequency consistent with the purpose:

  • Transactional, only when triggered;
  • Product updates, at most weekly, ordinarily monthly;
  • Marketing, at most weekly, ordinarily monthly; we do not run high-cadence promotional drip campaigns.

If a campaign would exceed weekly cadence, we will say so at opt-in and at the start of the campaign so you can opt out before the volume increases.

3.2 Content

We will not send content that is misleading, deceptive, or inconsistent with PYLON's values. In particular, we will not:

  • use deceptive subject lines (CAN-SPAM §5(a)(2); Australian Spam Act §17);
  • conceal the sender's identity (CAN-SPAM §5(a)(1); Australian Spam Act §17);
  • send content unrelated to the consent you gave (e.g., we will not send marketing to a user who only opted in to product updates);
  • bundle promotional content into transactional messages in a way that converts the message into a marketing communication for legal purposes;
  • use sensitive demographic categories (race, religion, political affiliation, health, sexual orientation) to target a campaign; or
  • send to under-18 users (see the Children's Privacy Notice §3.4).

4. Identifying information in every email

Every commercial email we send (categories 1.2 and 1.3 above) contains:

  • a clear identification of the sender as Apostle Pty Ltd (CAN-SPAM §5(a)(5); Australian Spam Act §18; CASL §6(2)(a));
  • a valid physical postal address of Apostle Pty Ltd, namely [REGISTERED ADDRESS: TBD] (CAN-SPAM §5(a)(5); CASL §6(2)(c));
  • a clear statement of the purpose of the email (CAN-SPAM §5(a)(3) "advertisement" identifier where applicable);
  • a functioning unsubscribe link (CAN-SPAM §5(a)(3); Australian Spam Act §18; CASL §11; PECR reg 22(3));
  • the sender address, for transactional we use [email protected]; for newsletters we use a personality address such as [email protected] or [email protected]; in both cases, replies to the same address reach a monitored mailbox.

We do not send from forged or harvested email addresses. We do not use open relays or third-party servers without authorisation. Our sending infrastructure runs through Resend, which provides SPF, DKIM and DMARC alignment for the pylon.video domain.

5. Unsubscribe and preference management

5.1 Where you can unsubscribe

  • the unsubscribe link at the bottom of every commercial email (one-click in the email client where the email client supports RFC 8058 List-Unsubscribe-Post; otherwise a one-click landing page);
  • the Account → Communications preferences page in-product;
  • a reply with the word "unsubscribe", we honour this even though it is not a required channel, because we read replies; and
  • by emailing [email protected].

5.2 How fast we honour an unsubscribe

We honour unsubscribe requests:

  • immediately for the in-product preferences page (it writes through directly to our database);
  • within ten (10) business days for any other channel, the CAN-SPAM statutory window;
  • in practice, our automated pipeline applies the unsubscribe flag within minutes and any in-flight email is suppressed at the dispatch step.

5.3 Granular preferences

Where you can, you can choose:

  • Transactional, always on, cannot be turned off without closing the Account;
  • Product updates, on/off;
  • Newsletter, on/off, and which newsletter segments;
  • Marketing, on/off.

5.4 No fee, no friction

Unsubscribing is free. We do not require you to log in to unsubscribe (the unsubscribe link in our emails works without a session). We do not require you to confirm via a CAPTCHA. We do not ask you to give a reason, though we offer the chance, you can skip it.

6. Suppression list and bounce handling

6.1 Hard bounces

When a recipient address hard-bounces (the receiving server says the address does not exist or has been permanently rejected), we:

  • mark the email as suppressed in our database (users.email_hard_bounced_at for account-holders; the newsletter table for newsletter-only recipients);
  • stop sending to the address until you re-confirm it;
  • do not retry the same message.

6.2 Spam complaints

When a recipient marks our email as spam (a Feedback Loop notification from a major mailbox provider), we:

  • mark the address as suppressed;
  • record the complaint;
  • do not send to the address again unless re-confirmed.

6.3 Suppression list scope

The suppression list is global to PYLON sending. If you are suppressed for the newsletter, you will not receive marketing emails either. Transactional emails are still sent to a suppressed address where required for security or legal compliance (for example, a GDPR deletion confirmation), but we record that the address is likely to fail.

6.4 Re-confirmation

You can re-confirm a suppressed address by signing in and re-verifying email, or by emailing [email protected] and asking for re-confirmation. We will send a one-click verification link to the address; clicking it lifts the suppression.

7. SMS, push and other channels

We do not currently send SMS marketing messages. If we begin doing so, we will:

  • collect explicit prior consent under the US Telephone Consumer Protection Act (TCPA) and the FCC's TCPA rules;
  • comply with the Australian Spam Act SMS provisions;
  • comply with CASL for Canadian numbers;
  • include a working STOP keyword;
  • adhere to the carrier short-code rules where we use a short code.

We send transactional push notifications through the mobile app where you have granted notification permission to the app at the operating-system level. Marketing push notifications are off by default and require an in-app opt-in.

We do not run telemarketing or robocalls.

8. Special rules by jurisdiction

8.1 EU and UK

  • GDPR Art. 6(1)(a) consent is the legal basis for marketing to EU/UK users;
  • the consent is opt-in, freely given, specific, informed, unambiguous and separately recorded;
  • we honour the right to object under Art. 21(2) for direct marketing, an objection has the effect of an unsubscribe;
  • under the ePrivacy Directive Art. 13, we honour the soft opt-in for closely-related products, but we default to express opt-in.

8.2 Australia

  • under the Spam Act 2003, sending requires either express consent or inferred consent in an established business relationship;
  • the message must identify the sender (us), include accurate contact details, and provide a functional unsubscribe;
  • the unsubscribe must be honoured within five (5) business days (s 18(2)), we honour faster.

8.3 United States

  • CAN-SPAM allows opt-out for marketing, with a clear and conspicuous unsubscribe;
  • some US states (notably California, with CalOPPA) impose additional notice obligations satisfied via the Privacy Policy;
  • TCPA governs SMS and call marketing, see section 7.

8.4 Canada

  • CASL requires express consent for commercial electronic messages, with very limited "implied consent" carve-outs;
  • a CASL-compliant unsubscribe is required;
  • records of consent and of the unsubscribe must be retained (we retain three years per s 13).

8.5 Other jurisdictions

We comply with the equivalent rules in any country where we have identified subscribers in material numbers. If you believe a message we sent does not comply with your local law, contact [email protected].

9. Operational details, sending infrastructure

9.1 Authentication

Every email we send from pylon.video is authenticated with:

  • SPF, v=spf1 include:_spf.resend.com ~all (or the current Resend-published macro);
  • DKIM, 2048-bit RSA key published in pylon.video DNS, rotated periodically;
  • DMARC, v=DMARC1; p=quarantine; rua=mailto:dmarc@ pylon.video; aspf=s; adkim=s initially, escalated to p=reject after a stable observation window.

This protects both our deliverability and the recipients of any spoofed mail purporting to come from pylon.video.

9.2 Bounce and complaint handling

Bounces and complaints are processed via Resend webhooks. The webhook handler at apps/api/src/webhooks/resend.ts writes a suppression flag to the relevant table on hard bounce or complaint, which our apps/api/src/queue/email-consumer.ts consults before each dispatch. A suppressed email never receives a marketing or product-update message; transactional messages are dispatched only where required for legal or security purposes and the failure is logged for human review.

9.3 Deliverability monitoring

We monitor sender-reputation signals (Google Postmaster Tools, Microsoft SNDS, Yahoo Sender Hub) on a routine cadence. If a domain reputation slips, we pause non-essential sending until the underlying signal recovers and we identify the cause.

10. Records and audit

We keep three classes of evidence for each commercial email we send:

  • the rendered message, including subject, from, list- unsubscribe headers, and body, retained for a minimum of seven (7) years for litigation defence;
  • the dispatch log, recipient hash, send timestamp, message identifier, retained for the same period; and
  • the consent state at the time of sending, retained for the longer of seven (7) years and the period the recipient remains an active user.

A user exercising a privacy-rights request under the Privacy Policy §8 can obtain a copy of their consent history.

11. Contact and version

Marketing-preferences and privacy enquiries: [email protected] Unsubscribe link: included in every commercial email Postal: Apostle Pty Ltd, [REGISTERED ADDRESS: TBD]

Sender addresses currently in use:

Apostle Pty Ltd [REGISTERED ADDRESS: TBD] [ABN: TBD] · [ACN: TBD] [Authorised signatory: TBD]

Sibling documents

Version history

Version Date Author Notes
0.1.0-draft 2026-04-26 engineering Initial draft, pre-counsel review