01 What is Spam?

Spam is any unsolicited, unauthorized, or unwanted electronic communication sent in bulk or otherwise in violation of applicable law or platform rules. This includes:

• Marketing emails or SMS sent to recipients who have not consented to receive them
• Messages sent to harvested, purchased, or scraped contact lists
• Messages with deceptive subject lines, sender names, or content
• Messages that fail to identify the sender or provide a valid opt-out mechanism
• Communications that violate TRAI regulations, the DPDP Act 2023, the IT Act 2000, or anti-spam laws of any jurisdiction where the recipient is located (CAN-SPAM, GDPR/ePrivacy, CASL, etc.)

02 Customer Obligations

When you use the Services to send communications, you agree to the following:

2.1 Consent

• Only send communications to recipients who have given valid consent or with whom you have an existing customer relationship that legally permits the communication
• Maintain records of consent and provide proof on request
• For DPDP Act compliance, ensure consent is free, specific, informed, unconditional, and unambiguous

2.2 Honest Content

• Use accurate sender identification (name, brand, return address)
• Do not use misleading subject lines or "from" headers
• Clearly identify promotional content as advertising where required

2.3 Opt-Out

• Include a clear, functional unsubscribe or opt-out option in every marketing communication
• Honor opt-out requests promptly — within 10 business days at most, and ideally immediately
• Do not require recipients to log in, pay, or provide additional information to opt out

2.4 List Hygiene

• Do not send to purchased, rented, scraped, or otherwise unauthorized lists
• Remove invalid, bounced, or unsubscribed addresses promptly

2.5 Transactional vs Marketing

• Use transactional channels (tracking, NDR, order confirmations) only for legitimate transactional purposes
• Do not insert marketing offers into transactional messages in a way that violates applicable law

2.6 Compliance with Platform Rules

• Comply with the rules of any third-party messaging provider used through the Services (e.g., WhatsApp Business Platform policies, SMS aggregator rules, email provider terms)

03 Cobay's Role and Rights

Cobay provides the infrastructure to send communications; you are responsible for the content, consent, and lawfulness of every message you send.

We may, at our sole discretion:

• Monitor sending patterns, bounce rates, complaint rates, and other indicators of abuse
• Throttle, block, or refuse to send communications that we reasonably believe violate this policy
• Require evidence of consent for any sending activity
• Suspend or terminate accounts that violate this policy, in addition to any other remedies under the Terms of Service
• Report serious violations to law enforcement and to upstream providers (email, SMS, WhatsApp)

04 Reporting Spam

If you have received spam sent through the Services, please report it to abuse@cobay.com with:

• A copy of the message (including full headers, if email)
• The date and time received
• Your contact details (optional, but helpful for follow-up)

We will investigate and take appropriate action.

05 Indemnification

You agree to indemnify and hold harmless Cobay against any claims, fines, penalties, or damages (including legal fees) arising from communications you send through the Services in violation of this policy or applicable law.

06 Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the Services or by email. Continued use of the Services after changes means you accept the updated policy.