Preference Center
The preference center is the rider-facing page where customers manage which marketing channels they want, how often they hear from you, and which language to receive messages in. It is required by CAN-SPAM and GDPR and gets you most of the way to TCPA compliance for free.
Where it lives
Each rider has a unique token URL: /preferences/[token]. The token is included in every email and SMS via the {{preference_center.url}} variable.
What Riders Can Do
| Action | Effect |
|---|---|
| Toggle email | Pauses all marketing emails (transactional still sends) |
| Toggle SMS | Pauses all marketing SMS (operational still sends) |
| Toggle push | Pauses all marketing push notifications |
| Change frequency | Daily / weekly / monthly cap on marketing messages |
| Change language | Updates customers.language, all future sends use the new locale |
| Unsubscribe all | Adds a global suppression and disables all channels |
Each toggle writes to subscription_preferences and creates an engage_compliance_audit_log row.
Branding
The preference center renders per-subaccount branding from your subaccounts.brand_* columns:
brand_name- headingbrand_logo_url- top-left logobrand_color_primary- accent color for buttons and togglesbrand_color_background- page backgroundlegal_address- footersupport_email- "Contact us" link in footer
If you have not set those fields, the page falls back to the Levy default styling.
Localization
The preference center is fully localized in English, German, Spanish, French, and Portuguese. The rendered language is determined by customers.language - whichever locale they had at the time the token was minted.
The page also exposes a language picker that updates customers.language immediately, so a rider who realizes their account language is wrong can fix it from the preference page.
One-Click Unsubscribe (RFC 8058)
Engage implements one-click unsubscribe to satisfy the Postmark / Gmail requirement and the CAN-SPAM "easy unsubscribe" rule.
Every email includes two headers:
List-Unsubscribe: <https://[your-domain]/api/engage/u/[token]>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
When a rider clicks the "Unsubscribe" link in Gmail's header (or any other mail client that supports the header), Gmail POSTs to that URL. The handler:
- Marks the rider as opted out of email globally.
- Adds a global suppression entry.
- Writes the audit log row.
- Returns a 200 OK to Gmail.
The rider then sees a confirmation page at /preferences/[token]?unsubscribed=true that explains what happened and gives them a "Wait, I'd rather just reduce frequency" undo option.
Token Expiry
Preference tokens are long-lived (90 days from mint). They do not expire on use - the same token works as many times as needed during its lifetime.
If a token expires, the rider lands on /preferences/invalid with a "Resend my preference link" form that takes their email and mints a fresh token if the email matches a real customer.
Channel Suppression vs Frequency
The toggle and the frequency dial do different things:
| Setting | Effect |
|---|---|
| Channel toggle off | Zero marketing sends on that channel - all future campaign sends are suppressed |
| Frequency: daily | Up to one marketing send per day across all journeys and campaigns |
| Frequency: weekly | Up to one marketing send per week |
| Frequency: monthly | Up to one marketing send per month |
| Frequency: none | Same as turning the channel off |
Frequency caps are enforced at queue time. If two campaigns both try to send on the same day and the rider is on weekly, the second one is held until the cap window opens up.
What "Marketing" Means
The preference center only governs marketing messages. Operational messages still send regardless of preferences:
- Receipt emails
- Ride confirmations
- Force-end notifications
- Failed payment notifications
- Account security messages
If a rider has unsubscribed from all marketing and their next ride force-ends, they still get the force-end apology - that's an operational message, not marketing.
GDPR Consent Records
Every preference change creates an engage_compliance_audit_log row with:
- The rider's
customer_id - The change (which channel, which value)
- Timestamp
- IP address (if available)
- User agent (if available)
These records are immutable and retained for 10 years to satisfy CASL.
Right-to-Be-Forgotten
If a rider exercises GDPR / CCPA right-to-be-forgotten:
- Their
customersrow is markedis_deleted = true(or hard-deleted depending on policy). - All
journey_runsfor that customer haveexited_atset immediately. - PII fields in
engagement_eventsare nulled out (the event timestamps remain for analytics). - The audit log row for the RTBF action itself is retained.
The customer ID becomes inert - no future sends are possible.
Bypassing the Preference Center
There is no way for an operator to override a rider's preferences. Even a force-send from the admin panel checks the suppression list and the preference center settings before dispatching. This is intentional.
Best Practices
- Always include
{{preference_center.url}}in your footer. Templates without it fail compliance validation at publish time. - Don't try to game frequency caps. Engage will hold messages, not violate them. Better to design fewer, higher-quality sends than to hit the cap constantly.
- Brand the page. A preference center with your logo and colors feels like part of your service. An un-branded one feels like a third-party form.
- Watch for high unsubscribe rates. A spike usually means you sent something off-brand, too frequent, or to the wrong segment. The unsub rate is in Engagement Analytics.
Need Help?
For preference center help, contact support@levyelectric.com.