Consent-aware list construction. Retention-aware suppression. Legal-basis tagging on every export. Geographic-segmentation aware — EU subjects routed through GDPR-compliant flows, California subjects through CCPA-compliant flows.
When a subject withdraws consent in the privacy center, the suppression flows through to every list export downstream. Marketing campaigns built off a stale list export will rebuild correctly on the next refresh — withdrawn-consent and opted-out subjects fall out automatically.
Every export header carries the legal-basis claim — GDPR Article 6(1)(a) consent, 6(1)(f) legitimate interest, or the CCPA-equivalent label. When a regulator or DPO asks "on what basis are you processing this list," the answer is on the export.
EU subjects route through GDPR-compliant consent flows; California subjects route through CCPA-compliant opt-out flows. The same list construction call produces the right output for each regulatory regime — your marketing team picks the audience; the platform handles the legal layer.
Every list export captured with the construction parameters, the consent state at export time, and the suppression set applied. When a regulator asks "who was on this list and why was it sent to them," the audit log answers with the consent record.
Compliant Marketing List Service is included in Enterprise.