CASL Compliance
at LoanFlow

1. What is CASL?

Canada's Anti-Spam Legislation (CASL) is one of the world's most stringent anti-spam laws. It governs the sending of commercial electronic messages (CEMs) — including email, SMS, and certain social media messages — to Canadian recipients.

Under CASL, you must have consent before sending any CEM. There are two types:

• Express Consent: The recipient has explicitly opted in to receive messages from you. This is the gold standard and has no expiry date (until withdrawn).
• Implied Consent: A business relationship exists (e.g., an existing client, someone who has inquired about your services) that permits sending CEMs for a limited time — generally 18 months from the last transaction or inquiry.

Every CEM must also include clear identification of the sender, a valid mailing address, and a functional unsubscribe mechanism.

2. How LoanFlow Enforces CASL

• Consent Timestamps: Every consent record is timestamped with date, time, and source (form, verbal, etc.) and stored immutably in your account.
• Opt-Out Management: Unsubscribe requests are processed within the 10-business-day window required by CASL and automatically suppress all future messages.
• Suppression Lists: Unsubscribed contacts are permanently added to your suppression list and cannot be messaged, even if re-added to your contacts.
• Sender Identification: Every outgoing message automatically includes your business name, address, and unsubscribe link as required by law.
• Audit Trail: A complete, exportable audit log of all consent records, opt-outs, and message sends is available in your account dashboard.

3. Express Consent Features in LoanFlow

• Consent Capture Forms: LoanFlow's landing pages and lead forms include pre-built, CASL-compliant consent checkboxes with compliant language that cannot be pre-ticked.
• Audit Trail: Every express consent capture is logged with timestamp, IP address, form version, and the exact consent language displayed.
• Expiry Tracking: While express consent doesn't expire, LoanFlow tracks consent age and surfaces contacts whose express consent was granted over 3 years ago for your optional re-confirmation campaigns.
• Consent Source Tracking: Each contact's consent type and source is visible directly in their CRM profile.

4. Implied Consent Management

• 18-Month Rule Automation: LoanFlow automatically tracks the 18-month implied consent window for each contact based on their last transaction or inquiry date.
• Automatic Expiry Alerts: You'll receive alerts 60, 30, and 7 days before a contact's implied consent expires, giving you time to run a re-consent campaign.
• Automatic Expiry: When implied consent expires and no express consent has been captured, LoanFlow automatically moves the contact to a suppressed state and stops all outbound messaging.

5. Unsubscribe & Opt-Out

• One-Click Unsubscribe: Every email and SMS sent through LoanFlow includes a functioning, one-click unsubscribe mechanism that requires no login.
• 10-Business-Day Processing: CASL requires unsubscribe requests be honoured within 10 business days. LoanFlow processes them instantly and automatically.
• CAN-SPAM vs CASL: Note that CASL is significantly stricter than the US CAN-SPAM Act. CAN-SPAM requires a 10-day processing window and allows opt-out lists to be shared commercially. CASL does not permit either. LoanFlow is built to the CASL standard, not CAN-SPAM.

6. Your Responsibilities as a LoanFlow User

While LoanFlow provides the technical infrastructure for CASL compliance, you are ultimately responsible for:

• Ensuring you have valid consent before importing contacts and sending messages
• Accurately recording the source and type of consent in each contact's record
• Not attempting to circumvent LoanFlow's suppression list or consent management features
• Keeping your sender identification information accurate and current
• Seeking independent legal advice for complex compliance questions

7. CASL Violation Penalties

8. Contact Compliance Team