Back to Privacy Centre

Legal

Anti-Spam Policy

Last updated: 7 July 2026  ·  Operated by L. Bone trading as PolicifyAI

1.Our commitment to responsible email

PolicifyAI is committed to responsible, permission-based email communication. We believe that email is a privilege, not a right, and we take our obligations to users, regulators, and the broader email ecosystem seriously.

We will never send unsolicited commercial email. Every commercial or promotional email we send includes:

  • A clear, accurate subject line that truthfully represents the content of the email.
  • Accurate sender identification showing PolicifyAI as the sender.
  • Our physical or trading address, as required by applicable law.
  • A clear and functional one-click unsubscribe link in the email footer.
  • No deceptive routing information or falsified headers.

We operate a zero-tolerance policy towards spam. Any email sent from our domains (@policifyai.com) that you did not request or consent to should be reported to us immediately at [email protected].

3.Email categories we send

PolicifyAI sends two distinct categories of email: transactional emails and product/marketing emails. These categories have different legal bases and different opt-out rights.

CategoryLegal basisCan opt out?
Transactional — payment receipts, invoices, billing alertsContract performanceNo (required for account management)
Transactional — password reset, account security alertsContract performance / legitimate interestsNo (required for security)
Transactional — policy update notifications (your own policies changed)Contract performanceYes (in Settings → Notifications)
Transactional — policy share notificationsContract performanceYes (in Settings → Notifications)
Product — feature announcements, changelog updatesLegitimate interests (soft opt-in, existing customers) or consentYes — one-click unsubscribe
Product — service improvement noticesLegitimate interests or consentYes — one-click unsubscribe
Marketing — promotional offers, plan upgrade promptsConsent (explicit opt-in required)Yes — one-click unsubscribe

4.Transactional email details

Transactional emails are sent as a necessary part of our contractual relationship with you and for the security and management of your account. You cannot opt out of all transactional emails and continue using the Service — some are essential for account security and billing.

4.1 Types of transactional emails we send
  • Payment receipts and invoices — sent after each successful payment, containing your invoice details. Required by applicable tax law.
  • Subscription change confirmations — sent when you upgrade, downgrade, or cancel your subscription.
  • Payment failure alerts — sent when a payment fails, with instructions on how to update your billing details.
  • Password reset emails — sent when you request a password reset. Single-use link, expires after 1 hour.
  • Account security alerts — sent when unusual account activity is detected, such as sign-ins from new devices or locations.
  • Policy share notifications — sent when you share a generated policy with another user or when a shared policy is updated (can be disabled in Settings → Notifications).
  • Policy update notifications — sent when a policy you have published is updated with a new version (can be disabled in Settings → Notifications).

Transactional emails are delivered via Resend from the domain policifyai.com or authorised subdomains. All legitimate transactional emails from PolicifyAI will have a valid DKIM signature and will pass SPF and DMARC checks.

5.Marketing and product email details

Marketing and product update emails are sent only where we have a valid legal basis to do so under UK PECR and applicable law.

5.1 Soft opt-in (UK PECR Regulation 22(3))

We rely on the "soft opt-in" (or "existing customer exception") under UK PECR Regulation 22(3) to send product update and feature announcement emails to existing customers without a separate opt-in, provided that:

  • You are an existing customer who has purchased or used the Service.
  • The email relates to similar products or services to those you purchased (i.e. PolicifyAI platform features and updates — not unrelated third-party products).
  • At signup, our Terms of Service and this policy (linked from the signup form) disclose that we may send product update emails and how to opt out — and every such email includes a one-click unsubscribe link, giving you the opportunity to opt out at any time.
  • You have not opted out of such communications.
5.2 What we never do
  • We do not purchase, rent, or use mailing lists from third parties.
  • We do not scrape or harvest email addresses from websites or other sources.
  • We do not use pre-ticked opt-in boxes or disguised opt-in mechanisms.
  • We do not send commercial emails to addresses that have not had a relationship with PolicifyAI.
  • We do not send marketing emails on behalf of third parties.

6.Unsubscribing from marketing emails

You can unsubscribe from marketing and product update emails at any time. We offer multiple methods:

6.1 One-click unsubscribe link

Every marketing and product update email includes a one-click unsubscribe link in the footer. Clicking this link immediately removes you from the relevant mailing list without requiring you to log in. Unsubscribe requests are processed within 3 business days, though most are processed instantly.

6.2 Account settings

You can manage your email preferences at any time from your account dashboard under Dashboard → Settings → Notifications. You can independently control:

  • Product update and feature announcement emails (on/off)
  • Policy share notification emails (on/off)
  • Policy version update notification emails (on/off)
6.3 Email request

You can also request removal from marketing communications by emailing [email protected] with the subject "Unsubscribe". We will process your request within 3 business days and send a confirmation email.

Important: Unsubscribing from marketing emails does not affect your receipt of transactional emails such as payment receipts, password resets, and security alerts. These cannot be disabled as they are essential for the security and management of your account.

7.Sender identification and authentication

All legitimate email from PolicifyAI is sent from the following domains and sub-domains:

All outgoing email is authenticated with:

  • DKIM (DomainKeys Identified Mail) — cryptographic signature allowing recipients to verify the email originated from policifyai.com or mail.policifyai.com.
  • SPF (Sender Policy Framework) — DNS record specifying which mail servers are authorised to send email on behalf of policifyai.com.
  • DMARC (Domain-based Message Authentication, Reporting and Conformance) — policy published at the domain level instructing receiving mail servers on how to handle emails that fail DKIM or SPF checks. Our DMARC policy is set to "reject" for unauthorised senders.

If you receive an email purporting to be from PolicifyAI that fails these checks, or that you did not request, please forward it to [email protected] immediately.

8.Email service provider (Resend)

All transactional and product/marketing email delivery is handled by Resend (resend.com), a US-based email infrastructure provider.

Resend acts as a data processor for email delivery purposes and is listed as a sub-processor in our sub-processors list. Data shared with Resend for email delivery is limited to:

  • Your email address (recipient)
  • The content of the email being sent (subject line, body)
  • Email delivery metadata (timestamps, open/click events where tracked)

Resend maintains its own anti-spam and infrastructure policies, including full DKIM, SPF, and DMARC authentication for all outgoing email, and compliance with CAN-SPAM, CASL, and applicable international anti-spam laws.

Transfer of data to Resend (US) is governed by the EU Standard Contractual Clauses and UK IDTA. Resend's Privacy Policy is available at resend.com/legal/privacy-policy.

9.Prohibited use of the platform

You may not use PolicifyAI or any policy document generated through it to facilitate spam, phishing, or deceptive email practices. Specifically, you may not:

  • Generate false privacy policies: Generate privacy policies that misrepresent how you collect, use, share, or process email addresses or other personal data — for example, stating you will not sell data when you do, or omitting disclosure of third-party email sharing.
  • Legitimise spam operations: Use PolicifyAI-generated documents to provide a veneer of legitimacy to operations that send unsolicited commercial email or that violate anti-spam laws.
  • Deceptive data collection: Collect email addresses through deceptive means including fake forms, web scraping, address harvesting, pre-ticked opt-in boxes, or other means that do not obtain genuine informed consent.
  • Phishing and fraud: Generate, publish, or use policies in connection with phishing, financial fraud, identity theft, or other unlawful schemes.
  • Third-party spam: Use PolicifyAI to generate policies for third-party businesses or operations that engage in prohibited email practices, where you are aware of or have reasonable reason to suspect such practices.

Violations of these prohibitions will result in immediate account suspension without notice or refund and may be reported to the ICO, Ofcom, the FTC (US), CRTC (Canada), or other relevant authorities. PolicifyAI reserves the right to terminate any account used in connection with spam operations and to cooperate with law enforcement investigations.

10.Reporting spam or abuse

If you receive email that appears to come from a PolicifyAI domain and you believe it to be unsolicited, phishing, or abusive, please report it to us immediately:

  • Email: [email protected]
  • Include: Forward the full email including headers if possible, or describe what you received.

We investigate all spam reports within 3 business days. Where the report involves a compromised account or a spoofed PolicifyAI sender, we will take immediate action including revoking compromised credentials and updating our DMARC/SPF records as necessary.

Reporting abuse of generated policies

If you have discovered that a third party is using a PolicifyAI-generated policy document to deceive or defraud end users — for example, by publishing a privacy policy that falsely describes data practices — please contact us with:

  • The domain or URL of the offending policy
  • A description of the deceptive practice you have observed
  • Any supporting evidence (screenshots, emails, etc.)

We will investigate and, where we confirm abuse, terminate the relevant account and notify appropriate authorities. Email abuse reports to [email protected] or security concerns to [email protected].

External reporting

You may also report spam or phishing emails to your national authority:

  • UK: Action Fraud (actionfraud.police.uk) or report to your email provider's spam filter.
  • EU: Contact your national data protection authority or consumer protection agency.
  • US: FTC at reportfraud.ftc.gov or forward to [email protected].
  • Canada: CRTC at fightspam.gc.ca.

11.Changes to this policy

We may update this Anti-Spam Policy from time to time to reflect changes in applicable law, regulatory guidance, or our email practices. We will notify you of material changes by:

  • Sending an email notice to the address on your account at least 30 days before changes take effect.
  • Displaying a notice within the Service at least 30 days before changes take effect.
  • Updating the "Last updated" date at the top of this page.

12.Contact

For questions about this policy, email preferences, or to report email abuse: