Regulatory framework
AdvertisingML operates in TCPA-sensitive verticals. This page describes the compliance posture applied across our publisher network at the platform layer, the documentation we maintain for advertisers, and the consumer rights we honor across all our editorial properties.
Federal frameworks
TCPA (Telephone Consumer Protection Act)
Every lead form on the AdvertisingML network captures prior express written consent for marketing calls, texts, and emails using the multi-seller consent framework affirmed in Insurance Marketing Coalition v. FCC (11th Cir. Jan 2025). Consent language names AdvertisingML and links to our maintained partners list so consumers know which advertisers may contact them. Consent records — including the certificate issued by ActiveProspect TrustedForm — are retained for at least four years.
CAN-SPAM Act
Email communications sent on behalf of AdvertisingML or its delivery partners conform to CAN-SPAM Act requirements: accurate sender identification, non-deceptive subject lines, valid physical postal address in the footer, working unsubscribe within ten business days, and no follow-up emails to unsubscribed addresses.
FCC consent revocation (effective April 11, 2025)
Consumers can revoke consent at any time through any reasonable means: reply STOP to a text, click unsubscribe in an email, ask a caller to be removed, or contact us at privacy@advertisingml.com. Revocations propagate across all marketing channels and to all named delivery partners within ten business days. Per FCC guidance, one confirmation text containing no marketing content is permitted within five minutes of an opt-out.
FCRA (where applicable)
In our personal finance vertical, self-disclosed credit information is collected with clear consumer-facing disclosure that the information is self-reported, may be used by lenders for prequalification, and may be verified through a permissible-purpose consumer report at the lender's application step.
FTC affiliate disclosure
AdvertisingML is compensated by advertisers when consumers complete offers via our network. This relationship is disclosed before any consumer call-to-action and detailed on our FTC disclosure page.
State frameworks
Florida Mini-TCPA (Telephone Solicitation Act, as amended)
Florida-resident consumers receive prior express written consent disclosures meeting Florida's enhanced standard for autodialed sales calls. Carve-outs and exceptions are tracked at the consent-template layer with version control.
Oklahoma Telephone Solicitation Act of 2022
Oklahoma-resident consumers receive prior express written consent disclosures meeting Oklahoma's enhanced standard.
Washington TCPA & Commercial Email Act
Washington-resident consumers receive equivalent enhanced consent disclosures. Commercial email is structured for compliance with Washington's commercial email requirements.
California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)
California-resident consumers have access to the full set of CCPA/CPRA rights: right to know, right to delete, right to correct, right to limit use of sensitive personal information, right to opt out of sale or sharing, and right of non-discrimination for exercising rights. Submit requests at /do-not-sell or email privacy@advertisingml.com.
Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other comprehensive state privacy laws
Equivalent data subject rights are honored for residents of all U.S. states with comprehensive privacy laws in effect, regardless of whether the state appears explicitly in this list.
International frameworks
GDPR (General Data Protection Regulation)
AdvertisingML primarily serves U.S. consumers. To the extent EU/EEA/UK consumers interact with our network, we operate as a controller for our processing activities, name a Data Protection Officer reachable at dpo@advertisingml.com, and honor GDPR data-subject rights including access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.
IAB Transparency & Consent Framework (TCF) v2.2
Consent management on properties serving EU/UK traffic is conducted through an IAB TCF v2.2-conformant consent management platform. Vendor consent strings are passed downstream to applicable partners.
Operational practices
TrustedForm Certify
Every lead form on the AdvertisingML network includes the TrustedForm Certify script. A consent certificate is generated on submission and the certificate URL is delivered alongside lead payload to advertisers, enabling independent verification of consent context, language, and timestamps.
Network-wide suppression list
Consumers who opt out of any communication channel are added to a suppression list propagated across all properties in the network and pushed to all delivery partners. Suppression operates at the email and phone level; matching is performed on normalized forms.
Advertiser licensing attestation
Advertisers in regulated verticals (insurance, lending, education, home services) attest at onboarding to current licensing in every jurisdiction they purchase leads for. License numbers are documented and re-verified annually. Mismatches between license posture and consumer geography are caught at the matching layer before delivery.
External counsel review
Consent disclosure language and material privacy policy changes are reviewed by external counsel specializing in TCPA and consumer privacy law at least annually.
Reporting and contact
Compliance inquiries: compliance@advertisingml.com
Privacy inquiries: privacy@advertisingml.com
Data protection officer: dpo@advertisingml.com