The policy prohibits Klaviyo platform users from sending messages to any contact list that was purchased, rented, obtained through co-registration, or collected by any method other than direct and specific opt-in consent to receive communications from the account holder.
This analysis describes what Klaviyo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a direct list acquisition standard that affects the onboarding and data import workflows of all commercial Klaviyo users. Platform accounts using third-party sourced, co-registered, or purchased lists may be subject to suspension or termination under this clause.
Interpretive note: The provision does not specify what documentation of direct opt-in consent is required, nor whether implied consent arrangements (permissible under CASL) would satisfy this standard.
Under this clause, businesses using Klaviyo are required to ensure that every contact in their account has specifically opted in to receive communications from them directly. The agreement prohibits importing contacts from purchased, rented, or co-registration sources, which affects list management and campaign eligibility.
How other platforms handle this
You may not send any unsolicited commercial email (spam) that promotes our products or includes your Special Links.
Do not generate images for political campaigns or to try to influence the outcome of an election. Do not generate images to spread misinformation or disinformation.
OpenAI prohibits use of its services to build AI personas to conduct covert influence operations, generating content designed for political propaganda or astroturfing campaigns, creating fake social media profiles, and generating content that falsely portrays real people.
Monitoring
Klaviyo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"You may not use Klaviyo to send messages to lists that have been purchased, rented, or obtained through co-registration or other means where the recipient did not specifically and directly opt-in to receive communications from you.— Excerpt from Klaviyo's Klaviyo Acceptable Use Policy
1. REGULATORY LANDSCAPE: This provision engages CAN-SPAM (FTC enforcement) for email and TCPA (FCC enforcement) for SMS, both of which impose consent-based restrictions on commercial messaging. GDPR Article 6 and Article 7 require a lawful basis for processing, with consent as one permissible basis; the policy's opt-in standard may or may not satisfy GDPR's specific consent requirements depending on the consent mechanism used. CASL similarly requires express or implied consent for commercial electronic messages sent to Canadian recipients. 2. GOVERNANCE EXPOSURE: High. This provision creates direct account termination exposure for businesses that import contacts from list brokers, data aggregators, or co-registration networks, which are common practices in email marketing. Non-compliance may also trigger regulatory liability under TCPA or CAN-SPAM independent of Klaviyo's enforcement action. 3. JURISDICTION FLAGS: US-based businesses face heightened exposure under TCPA for SMS marketing, which requires prior express written consent for marketing messages; the policy's opt-in standard does not fully specify whether it satisfies TCPA's written consent requirement. EU/EEA users must ensure their opt-in mechanisms satisfy GDPR consent standards, including unbundled, granular, and documented consent. Canadian recipients require compliance with CASL's express consent provisions. 4. CONTRACT AND VENDOR IMPLICATIONS: Businesses that rely on third-party data vendors or list brokers should evaluate whether their vendor contracts and data sourcing practices are compatible with this provision. Existing vendor agreements that authorize use of co-registration or purchased data may conflict with this clause and could constitute a breach of the Klaviyo Terms of Service. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a data audit of all existing Klaviyo contact lists to verify opt-in provenance. Consent documentation should be retained for all contacts, and onboarding workflows should be reviewed to ensure new list imports are sourced exclusively from direct opt-in mechanisms. Contracts with third-party data vendors should be reviewed for compatibility with this clause.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 10 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a direct list acquisition standard that affects the onboarding and data import workflows of all commercial Klaviyo users. Platform accounts using third-party sourced, co-registered, or purchased lists may be subject to suspension or termination under this clause.
Under this clause, businesses using Klaviyo are required to ensure that every contact in their account has specifically opted in to receive communications from them directly. The agreement prohibits importing contacts from purchased, rented, or co-registration sources, which affects list management and campaign eligibility.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Klaviyo.