If I reach the footer of an email in my inbox, it usually means one of two things: 1) The email was so engaging I read all the way to the end (that’s rare), or 2) I scrolled down to unsubscribe.
There, sandwiched between social icons and the company logo, lies the humble email disclaimer.
An email disclaimer is a legal statement that protects the sender from some legal liability. Legal disclosures may seem like the least exciting part of an email marketer’s job, but violating regulations can be costly.
I’m going to show you the types of email disclosures, examples of each, and best practices for a compliant, user-friendly disclosure.
Table of Contents
- What is an email disclaimer?
- When To Use an Email Disclaimer
- The Best Email Disclaimers
- Getting Disclaimers Right
What is an email disclaimer?
An email disclaimer is the text and links at the bottom of an email that contain essential information for the recipients, including the company’s terms and conditions, privacy policy, and how to unsubscribe.
Emails sent by an individual should place any email disclaimers in the signature, while mass emails should embed disclaimers in the footer. Setting them up this way means they appear consistent in every email you send.
When To Use an Email Disclaimer
When you need an email disclaimer, which ones to use depends largely on what business you’re in and where your customers live. Here are a few factors to consider:
- The purpose of the email (commercial or transactional).
- Whether your industry has specific regulations, like HIPAA.
- Whether your email contains trademarks or copyrighted information.
- Where you and your customers are located.
Location-Specific Email Regulations
Most countries have regulations concerning emails, including:
- CAN-SPAM Act (United States).
- CASL (Canada).
- GDPR (European Union).
- UK-GDPR (United Kingdom).
- California (CCPA), Colorado, Utah, and Virginia all have email laws that took effect in 2023.
At the end of the day, it doesn’t matter where your company is headquartered. If you have one person on your email address from any of the above places, you need to comply with the regulations for that area.
Working in marketing and communications for 15 years, I’ve worked with my fair share of attorneys. While it can feel creatively stifling to be told what you must and can’t include in your emails, it protects both you and your company.
Even the weakest of these regulations, CAN-SPAM, carries strict penalties. You can be fined up to $51,744 per email for any violations. In Europe or Canada, violations can run into the millions.
GDPR, CASL, and UK-GDPR are broad regulations covering how you should store and manage customer data (including email addresses). Across all these regulations, you should include in your email at a minimum:
- Company name.
- A physical address.
- Instructions or a link to unsubscribe.
In many cases, that’s just the beginning.
The Best Email Disclaimers
Just because email disclaimers are legal statements doesn’t mean they need to be boring or unintelligible. In fact, it’s your job to find a balance between compliance and clarity for users.
The email disclaimer is also valuable real estate. It’s a place where readers know to look for vital information about the sender: who they are, how to learn more, and how to engage with the brand by managing email preferences, etc.
It’s an often-overlooked place to build trust with your customers.
1. Email Confidentiality Notice
You’ve most likely seen a confidentiality disclaimer from someone like an accountant or attorney.
A typical notice might read, “This email and any information, files, or attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient…”
While legal experts differ on how much protection this affords the sender, it’s still a good idea to include it if your emails include personal information.
You might need it if: The email communication includes any personal information other than the person’s name. This could include membership numbers, payment information, or identifying information like date of birth.
Example: Expedia Group
The disclaimer in this footer is short and to the point, ensuring readers see it and understand why it’s important. I’m more likely to read the text because of its easy-to-consume length. There’s not too much to wrap my mind around.
What I like: The confidentiality disclaimer in Expedia’s standard email footer is much shorter and simpler than what you typically see. However, it appeals to common sense and shares the why: “This email and its links may contain your personal information; please only forward to people you trust.”
2. Privacy Policy
What’s the difference between confidentiality and privacy?
Confidentiality is an ethical responsibility preventing the disclosure of information, while privacy is a human right. This refers to respect for a person’s private life, home, and correspondence.
A privacy policy (or privacy notice) is a legal document that explains how an organization handles personal data. Both GDPR and CCPA (California) require that companies include a privacy policy in emails.
Because these are long, most brands link out to the full policy. The policy should be in plain language, concise, transparent, and in an easily accessible form.
You might need it if: Any of your recipients lives in Europe, California, Colorado, Utah, or Virginia, or you want to offer more transparency on how customer data is used.
Example: Hyatt Group
The brief privacy policy here links to the full policy if anyone wants to access it to understand how exactly Hyatt is using their private information.
It also clearly states what rights their clients have, “…to access, to rectify and to object for legitimate reasons to the processing of your data.”
Sharing this information allows Hyatt customers to know that they still have rights regarding how their data is used, even though it is already supposed to be protected by the privacy policy.
What I like: Hyatt links its privacy policy to a company value — respecting customers. I like that they also give a way to contact them with feedback or questions about data use.
3. Unmonitored Email Disclaimer
What happens when a customer replies to your mass email?
If you use an email platform to send email distributions, you can make your reply-to email any email address that you want — including one that doesn’t match the sender’s email.
Small businesses often use a generic email address or even the founder’s email as a reply-to email so they can keep all their responses in one inbox.
Larger companies that use a CRM or ticketing system often want their customers to submit questions and support tickets a different way — so their reply-to email is unmonitored.
If that’s you, you need to let your customers know how to get in touch with you instead of replying.
You might need it if: The reply-to email is different from the sender email or is unmonitored.
Example: TripAdvisor
When writing a newsletter, people might have questions. And, when those questions arise, recipients may want to hit reply.
If they receive a bounce back unexpectedly, they may feel abandoned — completely left in the dark. A disclaimer can help you direct them to the right place.
Tripadvisor lets email recipients know that this email address cannot receive responses and directs them to their Help Center instead.
What I like: TripAdvisor’s email disclaimer about replies is concise but clear. They give an alternate way for customers to get in touch with TripAdvisor if they need to.
4. Copyright and Trademark Notices
If your company owns trademarks or copyrighted information, it’s important to protect your intellectual property. Adding a copyright and trademark notice lets your readers know that the content can’t be duplicated without permission.
You might need it if: Your email references any trademarks or copyrighted information owned by you or anyone else. This could include references to partners, products, platforms (like the Apple or Google Play stores), and more.
Example: Adobe
Adobe’s trademark notice is easy to read and comprehensive. It lists the top trademarks protected by law and links to a full list of trademark guidelines.
You don’t need a legal background to understand what it’s saying — don’t use the company’s branding irresponsibly. You can also tell what belongs to Adobe and what does not.
What I like: This tidy little phrase protects Adobe from accidental trademark violation: “All other trademarks are the property of their respective owners.”
5. Terms and Conditions/Offer Restrictions
If you run email promotions, this disclaimer is for you.
The terms and conditions in your email footer act as the fine print for consumers. Let’s say that you run a promotion for a free tumbler with every purchase.
You need to let your customer know when the promotion ends and if there are any location restrictions or minimum purchase amount.
You don’t want to take up space in your header and body copy for every detail, but they’re still important to include — hence the email disclaimer.
You might need it if: You sell products or services or are running any kind of a sale, contest, or sweepstakes. Terms and conditions are particularly important if you offer any financial products like credit card offers or are running sweepstakes that might have tax implications.
Example: Primary
Some promotional disclaimers include big blocks of text with promotional periods, location restrictions, and more offer-specific details.
Instead of unique disclaimers for each promotion, online retailer Primary uses this blanket approach: “All promotions are limited time only, while supplies last. Sale prices as marked and subject to change.”
What I like: To further protect themselves from liability, Primary includes the phrase that they reserve “the right to modify or cancel promotions at any time.”
6. HIPAA Email Disclaimer
If you’re in the healthcare industry, you are no doubt already familiar with HIPAA.
At first glance, a HIPAA email disclaimer looks a lot like a confidentiality notice.
It often contains the same language that the email contains confidential information that is only intended for the recipient.
HIPAA email disclaimers go a step further by describing the different ways the company may communicate with you and share medical information and telling you how to change your preferences if you need to.
Adding a disclaimer isn’t enough to make your email HIPAA-compliant — for instance, customers must opt-in, and emails must be encrypted — but it’s a start.
You might need it if: You’re a healthcare provider or insurer transmitting information electronically.
Example: Ascension St. Vincent
The HIPAA disclaimer here describes in plain language how the medical practice communicates with patients and examples of confidential information it might send. It gives a clear way to contact them to update communication preferences.
What I like: The disclaimer includes responsibility for the recipient in the case of a mis-send. They need to inform Ascension St. Vincent and then delete it immediately and permanently.
7. Unsubscribe Link
When a customer wants to end the relationship, make it easy for them to find it with an email disclaimer.
A one-click unsubscribe option is the best practice, but you can give other options like unsubscribing by email or an email preferences center.
Keep it light. You can inject a little personality here, like the example below, but don’t take it to the extreme where you’re shaming the recipient.
Pro tip: To prevent unsubscribes, offer context on how the recipient landed on your email list in the first place, for example: “This email was sent to you because you signed up for our newsletter at [website URL].”
You might need it if: You send mass emails. That’s it. Unsubscribe instructions are required in emails by law in the U.S., Canada, and Europe.
Example: Chubbies
What I like: Men’s retailer Chubbies adds personality and humor into its unsubscribe text but still makes it clear how to take yourself off the list. If you take the time to get to this portion of the email, you can have a little laugh. This was a clever way to add an extra splash of personality to the newsletter.
8. Combo Disclaimers
In most cases, companies have multiple disclaimers they need to include in their footer.
The more that you have, the more important it becomes to reduce the text and lay out your disclaimers in a way that readers can easily scan and find what they need.
You might need it if: You have more than one disclaimer you need to include.
Example: Ikea
Ikea works in dozens of countries and hundreds of markets, so it keeps its disclaimers simple and uses links to send users to its contact, privacy policy, and unsubscribe pages.
What I like: Ikea provides exactly what it needs to while keeping its footer clean and to the point. The company blends best practices and several types of disclaimers to create something comprehensive. Don’t be afraid to mix and match.
Getting Disclaimers Right
If you’re like me, writing legal documents is outside of your wheelhouse. Don’t worry. With some outside resources, you can make your email program compliant without compromising quality.
1. Work with your legal department.
I’ve worked for companies regulated by the SEC and FTC whose legal teams wanted to review every single piece of marketing collateral we produced.
Some of the attorneys I worked with were fantastic, while others didn’t get it (one wanted to add disclaimers longer than my ad’s character count).
To avoid conflict and overbearing reviews, be proactive in building a relationship with your legal counsel.
Ask them to educate you on legal issues for email communications, to create a list of terms for you to avoid, and to help create your disclaimers.
2. Avoid legalese.
Legal writing is like its own language. It’s difficult to avoid legalese in writing documents, but it isn’t impossible. Ask your legal team if you can edit some of the disclosures into plain language (think simple words, short sentences, active voice).
While your company’s privacy policy may be out of your control, your emails aren’t. Give a short paraphrase on why your privacy policy matters before linking to it in your email. Here’s an example:
We care about your privacy! That’s why we won’t ever sell your data to a third party. View our privacy policy.
3. Know when to link out.
In emails, particularly on mobile, sentences quickly turn into long walls of text. Email disclaimers should be user-friendly and scannable with a clean design. That way, your readers can find what they need quickly without frustration.
Many companies decide to provide links to their privacy policy, email preferences center, and contact page. For complex businesses, this keeps everything simple, clean, and easy to find.
4. Create a comprehensive compliance program.
Last, remember that email disclaimers are just one way to protect your business. Adding a HIPAA disclaimer isn’t enough on its own to make you HIPAA-compliant, just like adding a privacy policy won’t make you compliant with GDPR.
These disclaimers are one small piece of the big picture which is data collection and management. Put a strategy in place to implement best practices for email marketing and keep your team abreast of regulatory changes.
It’s a big task, but the payoff of greater customer trust and business protection makes it worth it.