Replace global email blacklist with list-based consent

mayanayza · mayanayza · commit a2569fab29c2 · 2026-02-10T19:29:07.000-05:00
- Add Brevo list management (add/remove contacts to lists) to client
- Set email_blacklisted=false for all app signups, use list membership
  for Product Updates (all users) and Marketing (opt-in only)
- Track SCANOPY_MARKETING_OPT_IN and SCANOPY_MARKETING_OPT_IN_DATE
- Default marketing checkbox to unchecked (GDPR compliance)
- Update marketing label to clarify scope (partnerships, press, news)
diff --git a/backend/src/server/brevo/client.rs b/backend/src/server/brevo/client.rs
@@ -1,8 +1,8 @@
 use crate::server::brevo::types::{
-    CompanyAttributes, CompanyListResponse, CompanyResponse, ContactAttributes,
-    CreateCompanyRequest, CreateContactRequest, CreateContactResponse, CreateDealRequest,
-    CreateDealResponse, EventIdentifiers, LinkUnlinkRequest, TrackEventRequest,
-    UpdateCompanyRequest, UpdateContactRequest,
+    AddContactsToListRequest, CompanyAttributes, CompanyListResponse, CompanyResponse,
+    ContactAttributes, CreateCompanyRequest, CreateContactRequest, CreateContactResponse,
+    CreateDealRequest, CreateDealResponse, EventIdentifiers, LinkUnlinkRequest,
+    RemoveContactsFromListRequest, TrackEventRequest, UpdateCompanyRequest, UpdateContactRequest,
 };
 use anyhow::{Result, anyhow};
 use backon::{ExponentialBuilder, Retryable};
@@ -589,6 +589,115 @@ impl BrevoClient {
             .await
     }
 
+    /// Add contacts to a Brevo list
+    pub async fn add_contacts_to_list(&self, list_id: i64, emails: Vec<String>) -> Result<()> {
+        let url = format!("{}/contacts/lists/{}/contacts/add", BREVO_API_BASE, list_id);
+        let body = AddContactsToListRequest { emails };
+
+        let operation = || async {
+            self.wait_for_rate_limit().await;
+
+            let response = self
+                .client
+                .post(&url)
+                .header("api-key", &self.api_key)
+                .header("Content-Type", "application/json")
+                .json(&body)
+                .send()
+                .await
+                .map_err(|e| anyhow!("Brevo add to list failed: {}", e))?;
+
+            let status = response.status();
+
+            if status.is_success() {
+                return Ok(());
+            }
+
+            let error_body = response
+                .text()
+                .await
+                .unwrap_or_else(|_| "Unknown error".to_string());
+
+            if Self::is_retryable_error(status) {
+                return Err(anyhow!(
+                    "Brevo list add error (retryable) {}: {}",
+                    status,
+                    error_body
+                ));
+            }
+
+            Err(anyhow!("Brevo list add error {}: {}", status, error_body))
+        };
+
+        operation
+            .retry(
+                ExponentialBuilder::default()
+                    .with_max_times(3)
+                    .with_min_delay(std::time::Duration::from_millis(500))
+                    .with_max_delay(std::time::Duration::from_secs(10)),
+            )
+            .when(|e| e.to_string().contains("retryable"))
+            .await
+    }
+
+    /// Remove contacts from a Brevo list
+    pub async fn remove_contacts_from_list(&self, list_id: i64, emails: Vec<String>) -> Result<()> {
+        let url = format!(
+            "{}/contacts/lists/{}/contacts/remove",
+            BREVO_API_BASE, list_id
+        );
+        let body = RemoveContactsFromListRequest { emails };
+
+        let operation = || async {
+            self.wait_for_rate_limit().await;
+
+            let response = self
+                .client
+                .post(&url)
+                .header("api-key", &self.api_key)
+                .header("Content-Type", "application/json")
+                .json(&body)
+                .send()
+                .await
+                .map_err(|e| anyhow!("Brevo remove from list failed: {}", e))?;
+
+            let status = response.status();
+
+            if status.is_success() {
+                return Ok(());
+            }
+
+            let error_body = response
+                .text()
+                .await
+                .unwrap_or_else(|_| "Unknown error".to_string());
+
+            if Self::is_retryable_error(status) {
+                return Err(anyhow!(
+                    "Brevo list remove error (retryable) {}: {}",
+                    status,
+                    error_body
+                ));
+            }
+
+            Err(anyhow!(
+                "Brevo list remove error {}: {}",
+                status,
+                error_body
+            ))
+        };
+
+        operation
+            .retry(
+                ExponentialBuilder::default()
+                    .with_max_times(3)
+                    .with_min_delay(std::time::Duration::from_millis(500))
+                    .with_max_delay(std::time::Duration::from_secs(10)),
+            )
+            .when(|e| e.to_string().contains("retryable"))
+            .await
+    }
+
     /// Create or update contact, then create or update company, linking them.
     /// Returns the Brevo company ID to be stored on the organization record.
     pub async fn sync_contact_and_company(
diff --git a/backend/src/server/brevo/service.rs b/backend/src/server/brevo/service.rs
@@ -23,6 +23,11 @@ use chrono::Utc;
 use std::sync::Arc;
 use uuid::Uuid;
 
+/// Brevo list ID for "App Users - Product Updates" (all app signups)
+const BREVO_PRODUCT_UPDATES_LIST_ID: i64 = 9;
+/// Brevo list ID for "App Users - Marketing" (explicit opt-in only)
+const BREVO_MARKETING_LIST_ID: i64 = 10;
+
 /// Service for syncing data to Brevo CRM
 pub struct BrevoService {
     pub client: Arc<BrevoClient>,
@@ -260,7 +265,9 @@ impl BrevoService {
             .with_role("owner")
             .with_signup_date(event.timestamp)
             .with_last_login_date(event.timestamp)
-            .with_email_blacklisted(!marketing_opt_in);
+            .with_email_blacklisted(false)
+            .with_marketing_opt_in(marketing_opt_in)
+            .with_marketing_opt_in_date(event.timestamp);
 
         if let Some(use_case) = &use_case {
             contact_attrs = contact_attrs.with_use_case(use_case);
@@ -295,6 +302,25 @@ impl BrevoService {
             .sync_contact_and_company(email.as_ref(), contact_attrs, org_name, company_attrs)
             .await?;
 
+        // Add to "Product Updates" list (all signups)
+        if let Err(e) = self
+            .client
+            .add_contacts_to_list(BREVO_PRODUCT_UPDATES_LIST_ID, vec![email.to_string()])
+            .await
+        {
+            tracing::warn!(error = %e, "Failed to add contact to Product Updates list");
+        }
+
+        // Add to "Marketing" list only if opted in
+        if marketing_opt_in
+            && let Err(e) = self
+                .client
+                .add_contacts_to_list(BREVO_MARKETING_LIST_ID, vec![email.to_string()])
+                .await
+        {
+            tracing::warn!(error = %e, "Failed to add contact to Marketing list");
+        }
+
         // Store the company ID on the organization
         if let Some(mut org) = self
             .organization_service
diff --git a/backend/src/server/brevo/types.rs b/backend/src/server/brevo/types.rs
@@ -20,6 +20,8 @@ pub struct ContactAttributes {
     /// Brevo built-in field (not a custom attribute) — controls email campaign eligibility.
     /// true = blocklisted from campaigns, false = can receive campaigns.
     pub email_blacklisted: Option<bool>,
+    pub scanopy_marketing_opt_in: Option<bool>,
+    pub scanopy_marketing_opt_in_date: Option<String>,
 }
 
 impl ContactAttributes {
@@ -72,6 +74,16 @@ impl ContactAttributes {
         self
     }
 
+    pub fn with_marketing_opt_in(mut self, opt_in: bool) -> Self {
+        self.scanopy_marketing_opt_in = Some(opt_in);
+        self
+    }
+
+    pub fn with_marketing_opt_in_date(mut self, date: DateTime<Utc>) -> Self {
+        self.scanopy_marketing_opt_in_date = Some(date.to_rfc3339());
+        self
+    }
+
     /// Convert to Brevo API attributes map (UPPERCASE keys)
     pub fn to_attributes(&self) -> HashMap<String, serde_json::Value> {
         let mut attrs = HashMap::new();
@@ -103,6 +115,15 @@ impl ContactAttributes {
         if let Some(v) = &self.scanopy_last_login_date {
             attrs.insert("SCANOPY_LAST_LOGIN_DATE".to_string(), serde_json::json!(v));
         }
+        if let Some(v) = self.scanopy_marketing_opt_in {
+            attrs.insert("SCANOPY_MARKETING_OPT_IN".to_string(), serde_json::json!(v));
+        }
+        if let Some(v) = &self.scanopy_marketing_opt_in_date {
+            attrs.insert(
+                "SCANOPY_MARKETING_OPT_IN_DATE".to_string(),
+                serde_json::json!(v),
+            );
+        }
         attrs
     }
 }
@@ -503,3 +524,15 @@ pub struct EventIdentifiers {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub email_id: Option<String>,
 }
+
+/// POST /contacts/lists/{listId}/contacts/add
+#[derive(Debug, Clone, Serialize)]
+pub struct AddContactsToListRequest {
+    pub emails: Vec<String>,
+}
+
+/// POST /contacts/lists/{listId}/contacts/remove
+#[derive(Debug, Clone, Serialize)]
+pub struct RemoveContactsFromListRequest {
+    pub emails: Vec<String>,
+}
diff --git a/messages/en.json b/messages/en.json
@@ -35,7 +35,7 @@
 	"auth_signInToScanopy": "Sign in to Scanopy",
 	"auth_signInWith": "Sign in with {provider}",
 	"auth_signInWithEmail": "Sign In with Email",
-	"auth_signUpForUpdates": "Sign up for product updates via email",
+	"auth_signUpForUpdates": "Keep me posted on Scanopy partnerships, press, and community news",
 	"auth_signingIn": "Signing in...",
 	"auth_termsAndPrivacy": "I agree to the <a class='text-link' target='_blank' href='https://scanopy.net/terms'>terms</a> and <a target='_blank' class='text-link' href='https://scanopy.net/privacy'>privacy policy</a>",
 	"auth_youreInvitedBody": "You have been invited to join {orgName} by {invitedBy}. Please sign in or register to continue.",
diff --git a/messages/fr.json b/messages/fr.json
@@ -33,7 +33,7 @@
     "auth_signInToScanopy": "Se connecter à Scanopy",
     "auth_signInWith": "Se connecter avec {provider}",
     "auth_signInWithEmail": "S'enregistrer avec une adresse électronique",
-    "auth_signUpForUpdates": "S'enregistrer pour des mises à jour produit par adresse électronique",
+    "auth_signUpForUpdates": "",
     "auth_signingIn": "Enregistrement...",
     "auth_termsAndPrivacy": "J'accepte les termes <a class='text-link' target='_blank' href='https://scanopy.net/terms'></a>et<a target='_blank' class='text-link' href='https://scanopy.net/privacy'>la politique de gestion de la vie privée</a>",
     "auth_youreAllSetBodyMultiple": "Enregistrez vous pour finir l'installation. Vos services vont commencer à scanner \"{networkNames}\" et compléter votre carte réseau.",
diff --git a/ui/src/lib/features/auth/components/RegisterModal.svelte b/ui/src/lib/features/auth/components/RegisterModal.svelte
@@ -73,7 +73,7 @@
 			email: '',
 			password: '',
 			confirmPassword: '',
-			subscribed: true,
+			subscribed: false,
 			terms_accepted: false
 		},
 		onSubmit: async ({ value }) => {
@@ -99,7 +99,7 @@
 			email: '',
 			password: '',
 			confirmPassword: '',
-			subscribed: true,
+			subscribed: false,
 			terms_accepted: false
 		});
 		subStep = 'email';
