Compliance Guardian Agent: Pre-Send Consent Check
Compliance Guardian Agent: Pre-Send Consent Check
Available from: v1.0.64
NurtureHub's Compliance Guardian is an AI agent that runs automatically before every outbound email send. It verifies that the recipient contact meets all required consent and compliance conditions. If any condition is not met, the send is blocked and the responsible agent is notified with a specific, actionable reason.
This feature helps UK property agencies meet their obligations under UK GDPR and PECR without requiring agents to manually manage consent records or suppression lists.
How It Works
When a send is triggered — whether as part of a nurture sequence or a one-off email — the Compliance Guardian intercepts it before delivery and runs four checks in sequence:
| # | Check | What It Verifies |
|---|---|---|
| 1 | GDPR Consent Status | The contact has a valid, recorded lawful basis for receiving marketing communications |
| 2 | Suppression List | The contact does not appear on any active suppression list |
| 3 | Marketing Preference Opt-In | The contact has explicitly opted in to receive communications via the email channel |
| 4 | Unsubscribe Status | The contact has not previously unsubscribed |
All four checks must pass for the send to proceed. Checks are evaluated in order; the first failure blocks the send and surfaces a reason.
Blocked Sends
When a send is blocked:
- The email is not delivered to the contact.
- The agent is notified with the specific check that failed and the reason (e.g. "Contact is on suppression list" or "No email marketing opt-in recorded").
- A log entry is created in the compliance audit log (see below).
No action is required to configure this behaviour — the Compliance Guardian runs on every send by default.
Compliance Audit Log
Every send decision produces a compliance audit log entry, regardless of whether the send was permitted or blocked.
Each log entry includes:
- Contact identifier
- Channel (
email) - Checks run and their individual outcomes
- Final decision (
permitted/blocked) - Block reason (if applicable)
- Timestamp (UTC)
The audit log is retained and queryable, providing a full record of compliance decisions for regulatory review or internal audits.
Consent Management API
The Consent Management API allows you to record consent events and sync suppression data programmatically.
Record an Opt-In Event
POST /api/v1/consent/opt-in
Content-Type: application/json
{
"contact_id": "string",
"channel": "email",
"recorded_at": "ISO 8601 timestamp",
"source": "string" // e.g. "website-form", "crm-sync", "agent-recorded"
}
Record an Opt-Out Event
POST /api/v1/consent/opt-out
Content-Type: application/json
{
"contact_id": "string",
"channel": "email",
"recorded_at": "ISO 8601 timestamp",
"reason": "string" // optional — e.g. "unsubscribe-link", "crm-update"
}
Sync Suppression Lists
POST /api/v1/consent/suppression/sync
Content-Type: application/json
{
"source": "string" // one of: "agentos", "reapit", "alto", "street", "loop"
}
This endpoint triggers a pull of the suppression list from the specified connected CRM and merges it into NurtureHub's suppression store. The sync is idempotent — running it multiple times will not duplicate records.
CRM Suppression Sync
Suppressions recorded in connected CRMs are automatically available for syncing. Supported sources:
- agentOS (native connection)
- Reapit
- Alto
- Street
- Loop
Suppressions can be synced on demand via the API or configured to run on a schedule within your integration settings.
Notes
- The Compliance Guardian is always on — it cannot be disabled.
- Consent and suppression data is scoped to your agency account and is never shared across accounts.
- All timestamps in the audit log and API are stored and returned in UTC.
- This feature does not replace legal advice. Agencies remain responsible for ensuring their consent collection processes meet UK GDPR requirements.