Cascade Overview
Cascade Mail is committed to operating in full compliance with applicable email and data protection regulations worldwide. As an email service provider, we both maintain our own compliance obligations and provide tools to help our customers meet theirs. This page describes the regulatory frameworks we support and the compliance features built into the Cascade Mail platform.
CAN-SPAM Act (United States)
CAN-SPAM Compliance U.S. Federal
The CAN-SPAM Act of 2003 establishes requirements for commercial email messages in the United States. Cascade Mail supports CAN-SPAM compliance through the following built-in features:
- Automatic inclusion of sender physical address in message footers
- One-click unsubscribe headers (RFC 8058) and visible unsubscribe links in every commercial message
- Automatic suppression of unsubscribed recipients within 24 hours
- Enforcement of accurate "From" and "Reply-To" header information
- Subject line content scanning to flag potentially deceptive content
- Clear identification of messages as advertisements when applicable
General Data Protection Regulation (GDPR)
GDPR Compliance European Union
The GDPR governs the processing of personal data of individuals in the European Economic Area. Cascade Mail supports GDPR compliance in the following ways:
- Data Processing Agreements (DPAs) available for all customers upon request
- Cascade Mail acts as a data processor; customers remain data controllers for subscriber data
- Support for data subject access requests (DSARs) including export and deletion
- Lawful basis tracking — tools to record and manage consent for each subscriber
- Data minimization — we collect and retain only the data necessary to provide the Service
- Right to erasure — complete deletion of subscriber data upon verified request
- Data portability — export subscriber data in standard machine-readable formats (CSV, JSON)
- Breach notification — commitment to notify affected customers within 72 hours of a confirmed data breach
CCPA / CPRA (California)
CCPA / CPRA Compliance California
The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), grant California residents specific rights regarding their personal information. Cascade Mail supports compliance through:
- We do not sell personal information to third parties
- Support for consumer rights requests: access, deletion, and opt-out
- Transparent data collection and usage practices documented in our Privacy Policy
- Service provider contractual commitments limiting our use of customer data
- Tools for customers to respond to consumer rights requests related to subscriber data
CASL (Canada)
CASL Compliance Canada
Canada's Anti-Spam Legislation (CASL) is among the strictest anti-spam laws in the world, requiring express consent for commercial electronic messages. Cascade Mail supports CASL compliance with:
- Consent type tracking (express vs. implied) with timestamp and source recording
- Consent expiration management for implied consent (automatic expiration after the statutory period)
- Required sender identification fields including business name, mailing address, and contact information
- Functional and prominently displayed unsubscribe mechanism in every message
- Unsubscribe processing within 10 business days as required by CASL
- Consent record retention for audit and compliance verification
Data Processing Agreements
Cascade Mail offers a standard Data Processing Agreement (DPA) that meets the requirements of GDPR Article 28 and other applicable data protection frameworks. Our DPA covers the nature and purpose of data processing, types of personal data processed, categories of data subjects, obligations and rights of the data controller (customer), security measures implemented by Cascade Mail, sub-processor management and notification procedures, data breach notification commitments, data return and deletion upon termination, and audit rights.
To request a signed DPA, contact compliance@cascade-mail.com.
Consent Management
Cascade Mail provides built-in consent management tools to help you maintain compliant subscriber lists. These include signup form builders with configurable consent language, double opt-in (confirmed opt-in) support for subscriber verification, consent timestamp and source tracking for every subscriber, granular consent categories allowing subscribers to choose communication types, preference center for subscribers to manage their own consent settings, and consent audit logs for regulatory compliance documentation.
Suppression List Management
Proper suppression list management is critical to compliance. Cascade Mail automatically maintains and enforces suppression lists including:
- Unsubscribe Suppression: Recipients who unsubscribe are automatically added to your account suppression list and will not receive further messages from your account.
- Bounce Suppression: Hard-bounced email addresses are automatically suppressed after the first hard bounce to protect your sender reputation and comply with ISP requirements.
- Complaint Suppression: Recipients who mark your email as spam via feedback loops are automatically suppressed.
- Global Suppression: Cascade Mail maintains a global suppression list of addresses that must never be emailed, including role-based addresses associated with abuse complaints and addresses identified through industry blocklists.
- Manual Suppression: You can manually add addresses to your suppression list at any time, and these suppressions persist even if the address is re-imported.
Suppression lists are maintained independently of subscriber lists and take precedence during message delivery. Suppressed addresses cannot be overridden without explicit removal from the suppression list.
Audit Trail
Cascade Mail maintains comprehensive audit trails to support your compliance efforts. All significant events are logged with timestamps, including subscriber consent events (opt-in, opt-out, consent changes), email delivery events (sent, delivered, bounced, complained), list management actions (import, export, segment creation), account configuration changes, API key creation and usage, and user login and access events.
Audit logs are available through the Cascade Mail dashboard and API, and can be exported for external compliance review or regulatory inquiries.
Anti-Abuse Measures
Cascade Mail proactively monitors for and prevents abusive sending practices through automated content screening for known spam patterns and phishing indicators, sending velocity monitoring to detect abnormal sending behavior, complaint rate monitoring with automatic throttling for accounts exceeding thresholds, integration with major ISP feedback loops (FBLs) for real-time complaint processing, blocklist monitoring for our sending IP addresses, and new account vetting and domain verification procedures.
Accounts found to be in violation of our Acceptable Use Policy are subject to immediate suspension pending review.
Your Compliance Obligations
As a Cascade Mail customer, you are responsible for obtaining and maintaining proper consent from your email recipients in accordance with applicable laws, accurately identifying yourself as the sender in all communications, including required physical address and unsubscribe mechanisms, honoring unsubscribe requests promptly, maintaining accurate and up-to-date subscriber data, ensuring that the content of your emails complies with applicable laws, responding to data subject access requests related to your subscriber data, and conducting data protection impact assessments where required by applicable regulation.
Cascade Mail provides the tools and infrastructure to support these obligations, but ultimate responsibility for compliance with applicable laws rests with you as the sender and data controller.
Contact
For compliance-related questions, DPA requests, or to report a compliance concern:
Salloq Software, LLC
Email: compliance@cascade-mail.com
Web: cascade-mail.com