Skip to main content
grid_view
Skode

Opt-In & Consent Policy

Last updated: March 15, 2026

This Opt-In and Consent Policy ("Policy") describes how Skode Technologies ("Skode," "we," "us," or "our") and our customers must collect, manage, and document consent for communications sent through the Skode CRM and Skode Flow platforms ("Services"). This Policy applies to all communication channels available through our platform, including email, SMS, WhatsApp, push notifications, and in-app messaging.

1. Purpose

Valid consent is the foundation of responsible marketing and communications. This Policy ensures that all communications sent through Skode are based on properly obtained, documented, and manageable consent, in compliance with applicable data protection and electronic communication laws worldwide.

2. Consent Principles

All consent collected through or used with Skode's platform must adhere to the following principles:

  • Freely Given: Consent must be a genuine choice. It must not be bundled with acceptance of terms and conditions or made a precondition for receiving a service, unless the communication is necessary to deliver that service.
  • Specific: Consent must be given for a specific purpose and specific types of communications. Blanket consent for all marketing activities is not sufficient.
  • Informed: The individual must be clearly told what they are consenting to, including the type of messages, the frequency, the sender identity, and how to withdraw consent.
  • Unambiguous: Consent must be given through a clear affirmative action (e.g., ticking an unchecked box, clicking a button, sending a keyword). Silence, pre-ticked boxes, or inactivity do not constitute valid consent.

3. Consent Collection Methods

Skode supports the following consent collection methods. All methods must comply with the principles stated above:

  • Web Forms: Online signup forms, landing pages, or checkout flows where the user actively opts in by checking an unchecked consent box or clicking a "Subscribe" button. The form must clearly describe what the user is consenting to.
  • SMS Keyword Opt-In: Users text a specific keyword (e.g., "JOIN" or "YES") to a designated number. An automatic confirmation message must be sent describing the service, message frequency, and opt-out instructions.
  • In-App Consent: Consent collected within the Skode platform or your own application through a clearly labeled consent mechanism (toggle, checkbox, or explicit button).
  • IVR (Interactive Voice Response): Consent collected via phone call where the user provides verbal or keypress confirmation. The consent must be recorded or logged with a timestamp.
  • Paper Forms: Physical consent forms (e.g., at events or in-store) that must be digitized and uploaded to Skode with the date, method, and language of consent.

4. Requirements Per Channel

4.1 WhatsApp

  • Active opt-in required before sending any message.
  • Separate consent required for marketing, utility, and authentication messages.
  • Pre-checked consent boxes are strictly prohibited.
  • Must comply with the WhatsApp Business Compliance Policy.

4.2 SMS

  • Prior express written consent required (TCPA standard for marketing messages).
  • Consent disclosure must include message frequency and data rate warnings.
  • Double opt-in is strongly recommended for marketing SMS.
  • Must comply with the SMS Compliance Policy.

4.3 Email

  • Consent required for marketing emails. Soft opt-in permitted for existing customers (UK PECR, GDPR) where there is an existing customer relationship and the messages relate to similar products.
  • Transactional emails (order confirmations, invoices, security alerts) do not require marketing consent.
  • Must comply with the Email Sending and Deliverability Policy.

4.4 Push Notifications

  • Browser-level permission prompt serves as the consent mechanism for web push notifications.
  • In-app push notification consent should be collected through a clear, separate prompt.
  • Must comply with the Push Notification Disclosure.

4.5 TikTok

  • Lead Gen Form submissions constitute consent for the specific purpose disclosed on the form.
  • TikTok business messaging requires opt-in before sending business-initiated messages.
  • All necessary and verifiable consents must be obtained for TikTok data processing in compliance with TikTok's Business Products (Data) Terms.
  • TikTok Pixel deployment requires prior consent through your website's cookie consent mechanism (GDPR/ePrivacy requirement).

4.6 Snapchat

  • Snap Kit (Login Kit) OAuth authorization flow constitutes consent for profile data access.
  • Snap Conversions API data sharing requires disclosure and consent through your website's cookie consent mechanism.
  • Users must be able to revoke Snap Kit access through Snapchat Settings > Connected Apps at any time.
  • Must comply with the Snap Developer Terms.

4.7 Telegram

  • Telegram bots may only respond to user-initiated interactions. Bots cannot initiate conversations with users who have not first messaged the bot.
  • Users can block the bot at any time to immediately withdraw consent and stop data collection.
  • Broadcast messages are permitted only to subscribers who have voluntarily started a conversation with the bot.
  • Must comply with the Telegram Bot Developer Terms of Service.

5. Double Opt-In Recommendation

Skode strongly recommends using double opt-in (confirmed opt-in) for all marketing communications. Double opt-in involves:

  • Step 1: The user submits their contact information through a consent collection method (e.g., web form, SMS keyword).
  • Step 2: A confirmation message is sent to the provided contact (email or SMS) asking the user to verify their consent by clicking a link or replying with a confirmation keyword.
  • Step 3: Only after the user confirms (Step 2) is the consent considered valid and marketing communications may begin.

Double opt-in reduces complaint rates, improves deliverability, provides stronger evidence of consent for regulatory compliance, and is required by law in some jurisdictions (e.g., Germany under GDPR interpretation).

6. Consent Records

You must maintain a timestamped audit trail of all consent activities. For each consent record, the following information must be stored:

  • The contact's identifier (email address, phone number).
  • The date and time consent was given.
  • The method of consent (web form, SMS keyword, in-app, IVR, paper form).
  • The specific language or disclosure presented to the individual at the time of consent.
  • The channel(s) consented to (email, SMS, WhatsApp, push).
  • The type of communications consented to (marketing, transactional, etc.).
  • The IP address or device identifier (for online consent).
  • Whether double opt-in was used, and the date/time of confirmation.

Consent records must be retained for a minimum of 5 years after the last communication sent under that consent, or longer if required by applicable law. Skode provides built-in consent tracking and audit trail features within the platform.

7. Consent Withdrawal

Individuals must be able to withdraw their consent easily and at any time. Withdrawal must be:

  • As easy as giving consent: If consent was given with one click, it should be withdrawable with one click.
  • Free of charge: No fees, penalties, or disadvantages for withdrawing consent.
  • Promptly effective: Consent withdrawal must be processed within 24 hours for SMS and WhatsApp, within 2 business days for email, and immediately for push notifications.
  • Channel-specific: Withdrawing consent for one channel does not automatically withdraw consent for other channels, unless the individual requests so.

8. Re-Consent

In certain circumstances, you may need to obtain fresh consent from your contacts:

  • When your processing purposes change materially from what was originally consented to.
  • When existing consent records do not meet current legal standards.
  • When a regulatory authority requires re-consent.
  • When consent has expired (if a time limit was specified at collection).

Re-consent campaigns must be conducted through approved communication channels and must clearly explain why fresh consent is being requested.

9. Age Verification

Special consent rules apply to children and minors:

  • United States and United Kingdom: Parental or guardian consent is required for individuals under 13 years of age (COPPA and UK Age Appropriate Design Code).
  • European Union: Parental or guardian consent is required for individuals under 16 years of age (or the applicable age set by each EU member state, ranging from 13 to 16) for information society services.
  • India: Parental or guardian consent is required for individuals under 18 years of age under the Digital Personal Data Protection Act, 2023.
  • United Arab Emirates: Parental or guardian consent is required for individuals under 18 years of age.

Skode's Services are not directed at children. If you become aware that a child has provided personal data or consent without proper parental authorization, you must notify us immediately at privacy@skodeai.com.

10. GDPR Consent Requirements

For individuals in the European Economic Area (EEA) and United Kingdom, consent must comply with the General Data Protection Regulation (GDPR). In addition to the principles above:

  • Consent must be granular (separate consent for different processing activities).
  • Consent must not be bundled with acceptance of terms and conditions.
  • You must be able to demonstrate that consent was obtained (accountability principle).
  • Consent must be reviewed and refreshed periodically.
  • Where processing is based on legitimate interests rather than consent, you must conduct and document a Legitimate Interests Assessment (LIA).

11. DPDPA Consent Requirements

For individuals in India, consent must comply with the Digital Personal Data Protection Act, 2023 (DPDPA). In addition to the principles above:

  • Consent must be free, specific, informed, unconditional, and unambiguous.
  • Consent must be given through a clear affirmative action.
  • Consent may be withdrawn at any time.
  • A Data Fiduciary must provide a notice (in English and any language specified in the Eighth Schedule of the Constitution of India) describing the personal data to be processed and the purpose of processing.
  • Special protections apply to the data of children (under 18 years) and persons with disabilities.

12. Consent for AI Processing

Where your CRM data is processed by AI features (voice transcription, lead scoring, deal predictions, sentiment analysis, email drafting), the following consent considerations apply:

  • Users must be informed that their data may be processed by AI systems, including third-party AI providers (e.g., OpenAI). This is disclosed in our AI Transparency Policy.
  • Under GDPR Article 22, individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Where automated decision-making is used (e.g., lead scoring affecting sales outreach priority), you must provide meaningful information about the logic involved.
  • Users may opt out of AI processing features at any time through the platform settings.

13. Contact Information

If you have questions about this Policy or need assistance with consent management, please contact us: