Since the publication of the CNIL recommendation of April 14, 2026 Regarding consent for email tracking, one question consistently comes up among CRM managers and DPOs: Is my ESP ready? Rather than repeating the full analysis of the regulation here (already detailed in our reference article on opt-in consent in email marketingwe proposed to all email sending platforms on the market to answer a self-assessment questionnaire covering 15 criteria : consent collection, pixel behavior, withdrawal, proof, exemptions, and retroactivity. At this point, nine email routers have played along for now and have authorized us to publish their responses: Actito, Cheetah Digital by Zeta, Dialog Insight, NET HELIUM, NP6 by Chapsvision, Selligent by Zeta, Smartprofile, Sunflow, and Webmecanik. The article will be updated as new contributions are made.
This comparison is designed as a decision and challenge tool use it to choose an ESP, to query yours about its roadmap, or to frame your own compliance project.
Table of contents
This article is freely available.
It took time and expertise!
This month, thanks to our customer-sponsors: Actito, BPI France, Cardif, Citeo, Clarins, CMI France, Editis, Engie, France Télévisions, Le Parisien, Les Echos, Les Furets, Pierre Fabre, UMR, Voyageurs du monde... Thanks to the missions they entrust to us, we can write and share free content. They support our educational work to promote more responsible email. Become a customer and benefit from our expertise while supporting the production of open knowledge.
Email Sending Platform Comparison Methodology
This comparison is based on a Self-assessment questionnaire sent to the ESP editors, not on a technical audit on our part. The published responses are those declared by the editors themselves, after explicit agreement for publication.
The questionnaire covers 15 criteria grouped into six themes: consent management, pixel behavior, data management, exemption regime, consent withdrawal, proof and compliance, ESP's own purposes, contracts and retroactivity. For each criterion, the publisher indicates a status (✅ available, 🟡 being deployed, 🟠 planned, 🔴 not planned, ⚪ no response), a deadline if applicable, and a free comment to qualify the answer.
The detailed answers further down in the article are a Synthetic reformulation comments received, without rewriting the substance. When an editor has made an assumed implementation choice or a reservation of interpretation, we report it as is.
💡Are you an ESP and want to be featured in the comparison? Fill out the self-assessment form. If you have already submitted and wish to make an update, please complete the form again with the new information and write to us at yesreply@badsender.com to warn us.
Summary overview
(scroll right to see all summary solutions)
| Topic / Question | Actito | Cheetah Digital by Zeta | Dialog Insight | NET HELIUM | NP6 by Chapsvision * | Selligent by Zeta | Smartprofile | Sunflow | Webmecanik |
|---|---|---|---|---|---|---|---|---|---|
| Consent ManagementQ1. Several distinct consent fields (sending, opens, clicks, profiling) | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | Processing | Processing |
| Consent ManagementQ2. Customizable granularity (single or multiple fields) | 🟡 In progress – early July 2026 | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | Processing | 🔴 Unscheduled |
| Consent ManagementQ3. Same mechanics for clicks and opens | ✅ Available | Scheduled | Processing | ✅ Available | ✅ Available | Scheduled | ✅ Available | 🔴 Unscheduled | Processing |
| Pixel behaviorQ4. Pixel differentiated based on consent | 🔴 Unscheduled | ⚪ No reply | Scheduled | 🟠 Planned – mid-June 2026 | ✅ Available | ✅ Available | ✅ Available | 🔴 Unscheduled | Processing |
| Data ManagementQ5. Minimizing storage of opening dates (without consent) | 🟡 In progress – early July 2026 | ⚪ No reply | 🔴 Unscheduled | 🟠 Planned – mid-June 2026 | Scheduled | ✅ Available | Processing | Processing | Processing |
| Data ManagementQ6. Aggregated measurement method without individual tracking | 🟡 In progress – early July 2026 | Scheduled | ✅ Available | 🟠 Planned – mid-June 2026 | ✅ Available | ✅ Available | ✅ Available | ✅ Available | Processing |
| Exemption regimeQ7. Tracking without consent for exempted purposes | Processing | ✅ Available | 🔴 Unscheduled | 🟠 Planned – mid-June 2026 | ✅ Available | Processing | Processing | ✅ Available | ✅ Available |
| Withdrawal of consentQ8. Automatic withdrawal link in the footer and unsubscribe page | ✅ Available | Scheduled | ✅ Available | 🔴 Unscheduled | ✅ Available | 🔴 Unscheduled | ✅ Available | Processing | ✅ Available |
| Withdrawal of consentQ9. Email no-re-entry withdrawal page | ✅ Available | Scheduled | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | Processing | ✅ Available |
| Withdrawal of consentQ10. Withdrawal of tracking without unsubscribing | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | ✅ Available | Processing | ✅ Available |
| Proof and complianceQ11. Individualized proof of consent, exportable | ✅ Available | ✅ Available | ✅ Available | ⚪ No reply | ✅ Available | ✅ Available | ✅ Available | Processing | ✅ Available |
| Proof and complianceQ12. Retroactive neutralization of already sent pixels | ✅ Available | ⚪ No reply | 🔴 Unscheduled | 🟠 Scheduled – July 2026 | 🔴 Unscheduled | ✅ Available | ✅ Available | 🔴 Unscheduled | Processing |
| Specific objectivesQ13. Use of customer data for the ESP's own purposes | 🔴 Unscheduled | 🔴 Unscheduled | 🔴 Unscheduled | ⚪ No reply | 🔴 Unscheduled | ⚪ No reply | 🔴 Unscheduled | ✅ Available | 🔴 Unscheduled |
| Legal and contractsQ14. Updated DPA and product documentation (CNIL April 14, 2026) | Processing | Processing | ⚪ No reply | Scheduled | ✅ Available | ✅ Available | Processing | Processing | Processing |
| RetroactivityQ15. Cleaning of interaction history in case of withdrawal | Scheduled | ⚪ No reply | ⚪ No reply | 🟠 Scheduled – July 2026 | 🔴 Unscheduled | 🔴 Unscheduled | 🔴 Unscheduled | Processing | ⚪ No reply |
| ESP | Actito | Cheetah Digital | Dialog Insight | NET HELIUM | NP6 * | Selligent | Smartprofile | Sunflow | Webmecanik |
Caption ✅ Available · 🟡 Deploying · 🟠 Planned · 🔴 Not planned at this stage · ⚪ No response
Detailed responses from emailing platforms
The summary table provides a quick overview of the progress of each ESP, but it inevitably oversimplifies nuances. However, regarding regulations on consent for tracking, it is often the implementation choices that make the difference: an identical status can cover very different technical realities, and some email solution providers make choices that are worth examining in detail (single pixel vs. differentiated pixel, automatic tracking vs. client-configured, responsibility for proof borne by the platform or by the advertiser...).
The analyses below reproduce, in alphabetical and thematic order, the responses declared by the ESPs to the self-assessment questionnaire, incorporating the announced deadlines and the nuances expressed in the free comments. The objective is not to rank, but to give the keys to interpretation in order to know how to implement consent for tracking in your campaign management tool.
If you have any doubts, please do not hesitate to contact the support for your email sending solution.
Actito
Consent Management (Q1–Q3) Actito distinguishes three types of consent: consent for sending (via subscriptions / opt-ins), consent for processing marketing data, and consent for tracking. The «trackingConsent» field currently covers both opens and clicks across all channels as a single entity. A product update is expected. early July 2026 introduce configurable granularity and a customer-configurable scope.
Pixel Behavior (Q4) — No pixel differentiated according to consent. Actito made the conscious choice to keep a unique pixel with subsequent technical processing, in order to continue to feed the last opening date (without time) necessary for the management of inactive users as provided by the CNIL.
Data Management (Q5–Q6) — Today, the last opening date of profiles without consent is not updated, and their data is filtered from campaign and domain reports. Starting from early July 2026, this date will be updated to the exact day (without time, overwritten with each new opening) and the reports will include Anonymized aggregated statistics for non-consenting recipients.
Exemption Regime (Q7) — Deploying.
Withdrawal of consent (Q8–Q10) The «trackingConsent» is managed natively through preference centers linked to unsubscribe links, with the possibility of landing pages or specific links. Withdrawal works without re-entering an email, and a recipient can withdraw their consent for tracking without unsubscribing.
Proof and Compliance (Q11–Q12) Any update to «trackingConsent» is saved with its date, method, and source (Actito preference center or client import). After a withdrawal, No new opening interactions on emails already sent are counted., the functional equivalent of retroactive nullification.
Own purposes (Q13) — Actito states that it does not use its clients' tracking data for its own purposes.
Legal (Q14) — DPA and product documentation update in progress.
Retroactivity (Q15) — Planned. The terms of historical data cleaning are still under analysis.
Helpful links:
Cheetah Digital by Zeta
Consent Management (Q1–Q3) Cheetah Digital already offers dedicated consent fields per channel for sending, as well as configurable granularity. A specific field for tracking opens is currently being deployed (deadline June 2026; an equivalent for click tracking is planned for a later time.
Pixel Behavior (Q4) — Unanswered at this stage — the roadmap still needs to be clarified.
Data Management (Q5–Q6) — Storage minimization: no response at this time. An aggregated measurement mode without individual tracking is planned.
Exemption Regime (Q7) — Available.
Withdrawal of consent (Q8–Q10) — Tracking removal without unsubscription is available. However, automatic management of the removal link in the footer and the removal page without re-entering the email are scheduled, These are the two main decommissioning projects remaining to be delivered.
Proof and Compliance (Q11–Q12) — Individualized proof of consent available. Retroactive neutralization of pixels already sent: no response at this stage.
Own purposes (Q13) — Cheetah Digital states that it does not use its customers' behavioral data for its own purposes.
Legal (Q14) — Update in progress: Customers are starting to receive dedicated communications, with product documentation being updated.
Retroactivity (Q15) — No response at this time.
Dialog Insight
Consent Management (Q1–Q3) — The platform already manages several distinct consent fields and configurable granularity. The alignment of mechanics between click tracking and open tracking is currently being deployed.
Pixel Behavior (Q4) Pixel differentiated by consent status planned, with no announced deadline.
Data Management (Q5–Q6) — No minimization is planned at this stage for storing recipient opening dates without consent. On the other hand, a mode of aggregate measure without individual tracking is already available.
Exemption Regime (Q7) — Not planned at this stage.
Withdrawal of consent (Q8–Q10) The entire withdrawal process is in place: automatic link in the footer, withdrawal page without email re-entry, and the ability to withdraw consent for tracking without unsubscribing.
Proof and Compliance (Q11–Q12) — Individualized proof of consent available and exportable. Retroactive neutralization of pixels already sent, on the other hand, is not unforeseen.
Own purposes (Q13) — Dialog Insight states that it does not use its clients' behavioral data for its own purposes.
Legal (Q14) and retroactivity — No response at the moment. It would be helpful if the publisher clarified its position on updating the DPA following the recommendation of April 14, 2026, and on clearing the history in case of withdrawal.
Helpful links:
NET HELIUM
Consent Management (Q1–Q3) — The number of distinct consents is flexible. Initially designed to manage multiple newsletter editions, the mechanism is reusable for tracking consent, with a campaign linked to a specific opt-in. Interesting methodological choice: click and opening are treated jointly, a clicked tracked link is also considered an indicator of opening, the objective is to make the analysis reliable against false positives related to robotic openings and clicks.
Pixel Behavior (Q4) — Differentiated pixel scheduled for mid-June 2026.
Data Management (Q5–Q6) Due date mid-June 2026. The last opened and last clicked dates are already available for customers who want to manage contact obsolescence. Access to this information at the campaign level for recipients without consent still needs to be removed. Regarding aggregate measurement, a discussion is ongoing for Low-volume B2B campaigns, where just specifying the domain may be enough to re-identify a recipient.
Exemption Regime (Q7) — Scheduled for mid-June 2026, via a system of «consent zones» attachable to a campaign, certain zones will be exempt and the choice will rest with the user.
Withdrawal of consent (Q8–Q10) — No automatic unsubscribe link management: NET HELIUM gives the client control over the preference management form and the content of the header/footer blocks, with significant flexibility (single link, multiple links, single or multiple forms). On the other hand, the unsubscribe page works without re-entering an email, and tracking/unsubscription can be separated.
Proof and Compliance (Q11–Q12) — Nuanced response on Q11: timestamp, source, and purpose (via the consent field name and comment) are already managed, but exporting the comment detailing the purpose and managing an informational version are neither present nor planned. On Q12 (due date July 2026), the pixels already sent cannot disappear, but the processing done when an event is triggered will take consent into account at the moment of clicking or opening, not at the time of shipment.
Own purposes (Q13) — Nuanced response: yes on improving the deliverability engine and product optimization; no on personal data; yes for general trends (for example, more favorable dispatch times by business sector).
Legal (Q14) Scheduled update.
Retroactivity (Q15) Due date July 2026. Neutralization of stored data upon withdrawal, in post-processing (not in real-time for performance reasons).
NP6 by Chapsvision
Consent Management (Q1–Q3) — Multiple distinct consent fields, configurable granularity, and alignment of click/open mechanics: everything is already available.
Pixel Behavior (Q4) — NP6 does not generate not a pixel out of place in the strict sense, but performs a differentiated tracking by anonymizing non-consenting populations. Equivalent functional effect on the data side, to be contrasted with a strict reading of the CNIL recommendation on the technical side.
Data Management (Q5–Q6) The minimization of opening date storage is scheduled, NP6 indicates waiting for clarification from the CNIL before planning a product enhancement. The aggregated measure by campaign or domain is already available.
Exemption Regime (Q7) — Available.
Withdrawal of consent (Q8–Q10) — The consent withdrawal field for tracking is addable in unsubscribe forms, but this integration is not automatic. The opt-out page works without re-entering an email, and tracking/unsubscribe dissociation is possible.
Proof and Compliance (Q11–Q12) — No individualized proof by default on the platform side: NP6 considers that its Clients are responsible for collecting evidence., but they can integrate the evidence by configuring the data model in the platform. Retroactive neutralization of pixels is not planned.
Own purposes (Q13) No, no data from tracking
Legal (Q14) — The DPA and product documentation incorporate the use of consent management features for tracking. for several years, and additional information has become available since the recommendation was published.
Retroactivity (Q15) — Not planned at this stage.
Helpful links:
Selligent by Zeta
Consent Management (Q1–Q3) Selligent manages multiple distinct consent fields (sending, contact-level open tracking, journey-level click tracking, cross-channel profiling) and configurable granularity (single field or multiple fields depending on the client's strategy). The alignment of click/open mechanics, on the other hand, planned Today, click tracking is disabled at the journey level but does not benefit from the same individual consent mechanism or an anonymization layer equivalent to that for opens.
Pixel Behavior (Q4) — Available. Selligent delivers a Anonymous or unpersonalized pixel to recipients without consent, for aggregated measurement purposes only. The publisher indicates they want to enhance this mechanism with more granular controls as the CNIL provides further clarification.
Data Management (Q5–Q6) — Minimization and aggregated measurement are already available: for recipients without consent, no identifiable opening history is linked to the profile, and measurement is done in aggregate, in a logic of minimization aligned with CNIL expectations.
Exemption Regime (Q7) — In preparation for deployment, notably for the specific processing of transactional emails and other strictly necessary purposes.
Withdrawal of consent (Q8–Q10) — Opt-out tracking without unsubscribing is available, as well as the opt-out page without re-entering your email. On the other hand, integrating the opt-out link in the footer remains a Manual configuration step On the client side, Selligent identifies automation as a possible future evolution.
Proof and Compliance (Q11–Q12) — Individual proof available. On retroactive neutralization: the pixel already sent cannot be modified, but the processing of subsequent interactions can adapt in nearly real-time to the change in consent.
Own purposes (Q13) Selligent states that it does not use customer-generated behavioral data for its own commercial, profiling, or marketing purposes.
Legal (Q14) — DPA and product documentation up to date.
Retroactivity (Q15) — Not planned at this stage. The publisher indicates that they have «right to be forgotten» mechanisms for individual requests, but automatic history deletion at the time of withdrawal is not yet in the backlog.
Useful links:
Smartprofile
Consent Management (Q1–Q3) Smartprofile offers a new type of consent linked to contacts in the customer data model, which is historized and manageable via an unsubscribe link, form, import, or API. Multi-field granularity is integrated by default into the French customer data model, and the collection of opens and clicks is managed based on the tracking consent value.
Pixel Behavior (Q4) — Differentiated Pixel already available: the data is uploaded to the individual level or not depending on the consent value, at the time of click or opening.
Data Management (Q5–Q6) — Aggregate measurement is available. Storage minimization is being deployed, coupled with exemption management: depending on the contact and the campaign, the date of the last opening day may or may not be provided, depending on whether the campaign grants exemption rights for non-consenting contacts.
Exemption Regime (Q7) — In deployment, managed on a case-by-case basis in the countryside.
Withdrawal of consent (Q8–Q10) — Unsubscribe link managed directly in emails and via a preference center accessible by a dedicated link, confirmation page to validate unsubscribing without re-entering email, and native dissociation between unsubscribing and opting out of tracking.
Proof and Compliance (Q11–Q12) — Historical and exportable consent data on demand. On retroactive neutralization, admitted and well-explained bias: individualization management is done at the time of click or opening, not at shipping. Specifically, if a withdrawal occurs between the sending and opening of an email, the event is not reflected at the contact level.
Own purposes (Q13) Smartprofile states that it does not use its clients' behavioral data for its own purposes: the data is only reprocessed for the users' use (deliverability, scoring, etc.).
Legal (Q14) — DPA and product documentation update in progress.
Retroactivity (Q15) — Not planned at this stage.
Helpful links:
Sunflow
Consent Management (Q1–Q3) — Two distinct consents are managed in the customer record (marketing consent and open tracking consent), and the granularity is configurable, all of which is currently being deployed. Extending the same mechanics to clicks is not planned at this stage. Sunflow indicates await clarification from the CNIL on click tracking.
Pixel Behavior (Q4) — Undifferentiated pixel not expected.
Data Management (Q5–Q6) Minimizing storage of opening dates during deployment. Aggregate measure already available.
Exemption Regime (Q7) — Available.
Withdrawal of consent (Q8–Q10) The entire withdrawal process (link in the footer, no re-entry page, tracking/unsubscription dissociation) is being deployed.
Proof and Compliance (Q11–Q12) — Individualized proof being deployed. Retroactive pixel neutralization is not planned: Sunflow indicates that will depend on what can be done with your router.
Own purposes (Q13) — Yes, for purposes of deliverability guarantee. Position to clarify with clients who want strict separation.
Legal (Q14) Updating.
Retroactivity (Q15) — Deploying.
Webmecanik
Consent Management (Q1–Q3) — Webmecanik Automation allows for the management of distinct consents by channel (email, SMS) and by tracking level (opens, clicks), currently being deployed. The management relies on a unique champion Regarding contacts, whose usage can be associated with multiple purposes, a configurable granularity with several distinct fields is not provided. The same rules are applied to opens and clicks.
Pixel Behavior (Q4) — Currently being deployed. When consent is given, the pixel loads normally. In the absence of consent, The openings are anonymized while retaining an event record for statistical purposes.
Data Management (Q5–Q6) — Minimization and aggregate measurement being deployed, with anonymized counting of opens and clicks for non-consenting contacts.
Exemption Regime (Q7) — Available.
Withdrawal of consent (Q8–Q10) — Everything is available: access to consent management for tracking via the preference center accessible from emails, opt-out page without re-entry via personalized link, and separation between consent to receive and consent to tracking.
Proof and Compliance (Q11–Q12) — Individualized proof available: each contact record logs consent actions (granting and withdrawal) with timestamps, in compliance with GDPR and exportable in case of an audit. Retroactive pixel neutralization is currently being deployed.
Own purposes (Q13) — Webmecanik declares that it do not use its customers' tracking data for its own purposes: the data remains isolated within the customer's environment, is not shared, and is not used to enrich proprietary databases or train global models.
Legal (Q14) Updating.
Retroactivity (Q15) — No response at this time.
Helpful links:
Badsender Compliance Support
At Badsender, we have spent a lot of hours to review the CNIL recommendation of April 14, 2026, confront its theoretical reading with the operational constraints of CRM teams, and dialogue with ESP editors to understand their implementation choices. Our detailed analysis of the subject can be found here.
We also already started working with several clients on their compliance, which gives us the necessary hindsight to distinguish real issues from false debates, and to anticipate questions that no one asks during the framing phase but which inevitably arise during implementation.
Our missions generally revolve around three phases :
- Framing workshop, reflection, and information gathering — to start from real-world use cases, the organization's technical and legal constraints, and the existing tools.
- Drafting a recommendation letter then iterative refinement with stakeholders (CRM, Legal, IT, DPO) until a shared goal is reached.
- Support in implementation : site management, ongoing arbitration, and monitoring of dependencies with the ESP and any third-party service providers.
Want to discuss it for your context? Contact us !
Leave a Reply