top of page

As we construct an intent-based advertising network that benefits consumers, businesses, and publishers, we at Star Leadz are mindful of privacy and follow all applicable laws and regulations.

Disclaimer: This webpage about the CAN-SPAM Act, the CCPA, and GDPR is provided for informational purposes only and does not constitute legal advice or establish an attorney-client relationship with Sunstein LLP. This is not a full list of all regulations under the CAN-SPAM Act, CCPA, or GDPR. If you have any queries concerning the CAN-SPAM Act, CCPA, or GDPR, please consult with your legal counsel.

Star Leadz  Compliance with Privacy Laws

Overview of Star Leadz Privacy Compliance

There is a lot of ambiguity concerning sales outreach, the CAN-SPAM Act of 2003 in the United States, the General Data Protection Regulation of the European Union, and the California Consumer Privacy Act of 2018. We'll do our best to clear up any misconceptions below.

Star Leadz' X-Ray tool complies with the CAN-SPAM Act of 2003.

Star Leadz's X-Ray tool complies with the European Union's General Data Protection Regulation. Our compliance is achieved by eliminating email addresses owned by persons from the European Union.

Star Leadz' X-Ray tool complies with California's Consumer Privacy Act. Our system excludes email addresses owned by California citizens.


We will now discuss what the CAN-SPAM Act requires. According to the Federal Trade Commission, the CAN-SPAM Act applies to all commercial messages, which are defined as "any electronic mail message whose primary purpose is the commercial advertisement or promotion of a commercial product or service," including any email that promotes content on a commercial website.

The CAN-SPAM Act has seven core requirements:

Do not provide inaccurate or misleading header information.
Avoid false subject lines.
Identify the communication as an advertisement.
Tell recipients where you are located.
Provide instructions for opting out of future emails and respond to requests immediately.
Examine what others are doing on your behalf.
Let us go one by one.

Don’t use false or misleading header information.

The “From,” “To,” “Reply-To,” and routing information (including the originating domain and email address) must be accurate. They must identify the person or business who initiated the message.

Star Leadz does not allow users to manipulate this information in our system.

Don’t use deceptive subject lines.

The subject line must reflect the content of the message.

Identify the message as an ad.

It must be clear and conspicuous that the message is an advertisement.

Tell recipients where you’re located.

A business is required to include a valid physical postal address in its email. This can be:

  • Current street address

  • A P.O. box you’ve registered with the United States Postal Service

  • A private mailbox you’ve registered with a commercial mail receiving agency under Postal Service regulations.

Tell recipients how they can opt out of getting future emails from you.
A business's message must contain:

A clear and noticeable explanation of how the receiver can opt out of receiving future emails from you. This notice must be simple for the average person to recognize, read, and comprehend.
Provide a return email address or another simple internet-based method for consumers to convey their decision to opt out to you.
You may allow recipients to opt out of certain emails from you, but you must always include an opt-out option for all emails. Star Leadz does not let senders delete opt-out buttons from email messages.


Honor opt-out requests promptly.

No matter how you choose to accept opt-out requests, the option must be able to process opt-out requests for at least 30 days after the email is sent.

You must honor the opt-out request within 10 business days of receiving. If you are sending emails via’s system, this will be done automatically.

You cannot charge a fee as a condition of honoring the opt-out request.

You cannot require the recipient to give you any personally identifying information other than their email address as a condition of honoring the opt-out request.

You cannot make the recipient take any step other than sending a reply or visiting a single page on an Internet website as a condition of honoring the opt-out request.

Once someone has sent you an opt-out request, you cannot sell or transfer their email address. The only exception is that you may transfer the email addresses of people who have opted out to a company you’ve hired to help you comply with the CAN-SPAM Act.

California Consumer Privacy Act (CCPA)

I'm a paragraph. Click here to add your own text and edit me. It's easy.

Star Leadz rejects emails from California residents. The California Consumer Privacy Act compels companies that meet certain criteria to grant the following rights to California consumers:

The right to be informed about the personal information a company obtains about individuals and how it is used and shared.
The right to remove personal information obtained from them (with some restrictions).

The right to opt out of selling or disclosing their personal information
The right to non-discrimination when exercising their CCPA rights
The right to correct erroneous personal information that a business holds about them
The right to restrict the use and disclosure of sensitive personal information gathered about them.

According to the Office of the Attorney General of California, the CCPA applies to for-profit firms doing business in California that meet any of the following criteria:

If you earn more than $25 million per year, buy, sell, or trade personal information from 100,000 or more California persons, households, or devices.

They generate 50% or more of their annual revenue from selling personal information on California citizens.
The Office of the Attorney General of California website provides more information on what is explicitly expected of companies that meet at least one of these criteria.

For answers to frequently asked questions concerning the CCPA, please see "FAQs about the CCPA."


The European Union’s General Data Privacy Regulation (GDPR)

Star Leadz excludes EU nationals and residents.
According to the European Union, the GDPR applies to anybody who processes personal data of EU citizens or residents, or who provides goods or services to them. Even if you are not in the EU, you are subject to the GDPR if you meet either of the criteria.

There are two levels of penalty for breaking GDPR. They are capped at €20 million or 4% of global income (whichever is greater). Data subjects have the right to seek restitution for damages.

Article 6 of the GDPR specifies the only circumstances under which personal data can be processed legally.

Here is the information provided on the GDPR website.

- The data subject provided you with specific, unequivocal consent to handle the data. (For example, they opted onto your marketing email list.)
- Processing is required to execute or prepare to enter into a contract in which the data subject is a party. (For example, you must conduct a background check before leasing property to a prospective renter.)
- You must process it in order to meet your legal obligations. (For example, you receive an order from the court in your jurisdiction.)

- You have a legitimate interest in processing someone's personal information. This is the most flexible legal foundation, but the "fundamental rights and freedoms of the data subject" always take precedence over your interests, especially if it is a child's data.

- To save a person's life, you must process their data. (For example, you will probably know when this one applies.)
- Processing is required to complete a work in the public interest or to carry out an official function. (For example, you are a private garbage collection company.)

Under no other circumstances are you permitted to acquire, store, or sell an individual's data.

bottom of page