Done-for-you offer · Fractional CMO with AI Swarm · communication-broadcast 4-skill bundle · communication- broadcast agent
Per-location list segmentation for multi-location retail, multi-unit franchise, multi-location service brand, and DTC ecommerce operators — Snapshot + Segment + Sync + Suppress 4-skill bundle on the communication-broadcast agent, under a 5-anchor compliance overlay anchored on privacy patchwork + CCPA cross-context, Fair Housing + ECOA + Meta SCA + Google HEC + Colorado AI Act, FTC + Endorsement Guides + Fake Review, multichannel consent, and per-vertical + COPPA + AADC + DSA
You run lifecycle marketing across 50-1,500 locations with subscribers spanning multiple banners, multiple consent classes per channel, and multiple jurisdictions. Per-channel consent class differs per subscriber per channel — TCPA prior express written consent for SMS marketing + per-state mini- TCPA (Florida Telephone Solicitation Act 2021 + Oklahoma + Washington CEMA + Maryland) + 10DLC + The Campaign Registry; CAN-SPAM (15 USC 7701) for marketing email; CASL Section 6 for Canadian recipients; UK PECR Regulation 22 for UK; EU ePrivacy Article 13(3) for EU. State-comprehensive-privacy patchwork (CCPA + CPRA + 19+ state laws) imposes per-state opt-out propagation with state-specific mechanics. CCPA Section 1798.140(ae) cross-context-behavioral-advertising opt-out + Section 1798.121 sensitive PI opt-out require propagation across every destination. Fair Housing Act + Fair Lending + ECOA Regulation B + Meta Special Ad Category Housing/Employment/Credit + Google equivalent Personalized Advertising Restrictions on HEC apply when segments inform HEC-category ads; EEOC AI hiring guidance + Colorado AI Act (effective February 1, 2026) + NYC Local Law 144 + Illinois AI Video Interview Act + Maryland HB 1202 apply when segments inform consequential decisions. Per-vertical restrictions apply by vertical: HIPAA + Washington MHMDA when healthcare- PHI; GLBA Safeguards + FCRA when financial; per-vertical FDA OPDP + DEA + DISCUS + per--regulator + state licensing-board. COPPA + California AADC + Connecticut SB 3 + Maryland AADC + DSA Article 28 apply when minor audiences reachable. FTC ROSCA + Click-to-Cancel + state automatic renewal apply when subscription tier segments drive recurring- charge content. The CDP, lifecycle/CRM, identity resolution, consent management, reverse-ETL, ESP/SMS/push, and analytics vendors below ship strong primitives. The orchestration above them — operator-counsel-and-marketing-team-approved segment taxonomy + HEC-category guardrails + Colorado AI Act consequential-decision review + Fair Housing/Lending evaluation + per-channel consent class enforcement + CCPA cross-context propagation across destinations + per-vertical suppression + COPPA/AADC/DSA minor exclusions + FTC ROSCA/ Click-to-Cancel flow + audit trail — is operator-side architecture. You keep the CDP, the lifecycle/CRM, the identity resolution, the consent management, the reverse-ETL, the ESP/SMS/push relationships, the segment taxonomy, the HEC-category register, the Colorado AI Act + NYC LL144 review records, the per-vertical suppression registers, the WORM audit trail, and the policy-as-code policies. You keep the ability to in-house at any time.
Published September 24, 2026
The real ecosystem this sits above
CDP + identity resolution
CDP: Segment, mParticle, Rudderstack, Tealium, Hightouch, Census, ActionIQ, BlueConic, Treasure Data, Twilio Segment. Identity: LiveRamp, ID5, Acxiom, Throtle, InfoSum. Each ships strong subscriber-aggregation + identity primitives. Operator-counsel-approved segment taxonomy + per-channel consent class enforcement above them is operator-side architecture.
Lifecycle/CRM + ESP/SMS/push
Lifecycle/CRM: Klaviyo, Iterable, Braze, Customer.io, Salesforce Marketing Cloud, Mailchimp, Attentive, Postscript, Listrak, Cordial, Bloomreach, Ortto, Drip, HubSpot. ESP/SMS/push: Twilio, Bandwidth, Plivo, SendGrid, Mailgun, Postmark, Amazon SES. Each ships strong journey + send primitives. CCPA cross-context propagation + multichannel TCPA + CAN-SPAM + CASL enforcement above them is operator-side architecture.
Reverse-ETL + consent management
Reverse-ETL: Hightouch, Census, Rudderstack, Polytomic, Workato. Consent: OneTrust, TrustArc, Ketch, Securiti, BigID. Each ships strong sync + consent primitives. Per- destination opt-out propagation + per-subscriber per- channel consent class verification above them is operator- side architecture.
Analytics
Google Analytics 4, Adobe Analytics, Amplitude, Mixpanel, Heap. Each ships strong measurement primitives. Per- segment downstream-effect measurement that respects per- jurisdiction consent class above them is operator-side architecture.
Policy-as-code + WORM + legal research
Policy-as-code: OPA Rego, AWS Cedar, Casbin, Cerbos, Oso. WORM: AWS S3 Object Lock, GCS retention, Azure Blob immutable, Snowflake Time Travel. Legal research: Westlaw, Lexis+, Bloomberg Law, Practical Law, Compliance.ai. Each ships strong primitives. The 5-anchor compliance gate that maps privacy + Fair Housing/ECOA + FTC + multichannel consent + per-vertical onto an operator-counsel-approved policy bundle is operator-side architecture.
Frequently asked
What does per-location list segmentation actually deliver, and how does the 4-skill bundle decompose?
An orchestration layer that sits above the operator CDP + lifecycle/CRM + identity resolution + consent management + reverse-ETL + ESP/SMS/push + analytics + policy-as-code + WORM-storage stack and produces per-location subscriber audiences that the operator marketing team can broadcast to without violating consent class, privacy patchwork, Fair Housing or Fair Lending, per-vertical advertising rules, or per-platform terms. The skill is a four-skill bundle on the communication-broadcast agent. Skill 1 — Snapshot: take a per-location subscriber snapshot from the operator CDP (Segment, mParticle, Rudderstack, Tealium, Hightouch, Census, ActionIQ, BlueConic, Treasure Data — operator chooses) at the operator-marketing-team-set cadence. The snapshot includes the subscriber identifier, location association(s) — a subscriber may belong to multiple locations if the operator runs multi-banner — current tier status when loyalty is in scope, recent transaction history through the operator data warehouse, recent engagement signals through the operator lifecycle/CRM (Klaviyo, Iterable, Braze, Customer.io, Salesforce Marketing Cloud, Mailchimp, Attentive, Postscript, Listrak, Cordial, Bloomreach, Ortto, Drip, HubSpot — operator chooses), and the current consent state per channel (email, SMS, push, direct-mail, voice). Skill 2 — Segment: compute per-location segments using operator-counsel-and-marketing-team-approved segment definitions. Segment definitions distinguish between (a) descriptive segments (RFM, lifecycle stage, tier, recent purchase category — pure description of past behavior), (b) predictive segments (propensity-to-purchase, propensity-to-churn, LTV projection — modeled outputs with uncertainty), (c) AI-decision segments (segments that drive AI-recommended actions affecting the subscriber). The taxonomy matters because AI-decision segments touching housing, employment, credit, healthcare, education, financial services, government services, essential services, insurance, or legal services trigger Colorado AI Act (effective February 1, 2026) consequential-decision framework. The Segment skill does not autonomously create AI-decision segments on those categories; operator counsel and operator data science team approve them with the documented algorithmic discrimination risk management, consumer notice, and appeals process required by the statute. Skill 3 — Sync: emit the segments to destination channels through the operator-chosen reverse-ETL vendor (Hightouch, Census, Rudderstack, Polytomic, Workato — operator chooses) into ESP/SMS/push platforms (Twilio, Bandwidth, Plivo, SendGrid, Mailgun, Postmark, Amazon SES — operator chooses), into lifecycle/CRM journey orchestration, and into ad-platform audiences for paid retargeting where the operator’s CCPA cross-context-behavioral-advertising posture allows. Sync enforces per-channel consent class verification per subscriber per segment — a subscriber on a Klaviyo email-marketing list may not be on the SMS-marketing list (each channel requires its own TCPA prior express written consent + CAN-SPAM + CASL + UK PECR + EU ePrivacy consent class). Skill 4 — Suppress: maintain per-subscriber suppression registers (DNC across channels, opt-out across channels, hard bounces, complaint thresholds, sensitive PI opt-outs, CCPA cross-context-behavioral-advertising opt-outs, GDPR Article 22 objections, state-comprehensive-privacy opt-outs, Washington MHMDA health-data opt-outs, COPPA + AADC under-13 exclusions, BAA-required HIPAA exclusions when healthcare-vertical, Fair Housing + ECOA exclusions when HEC-category segments). Suppress propagates to every Sync target before any send. The CDP, lifecycle/CRM, identity resolution, consent management, reverse-ETL, ESP/SMS/push, analytics vendors below ship strong primitives. The orchestration above them — operator-counsel-and-marketing-team-approved segment taxonomy, per-channel consent class enforcement, per-jurisdiction privacy opt-out propagation, Fair Housing + ECOA + Meta SCA + Google HEC + Colorado AI Act consequential-decision boundary, per-vertical HIPAA + GLBA + FCRA + COPPA + AADC + DSA enforcement, audit trail — is operator-side architecture.
Where does single-vendor segmentation stop compounding for multi-location operators?
Single-vendor segmentation is solved. Klaviyo ships strong Shopify-native segmentation. Iterable + Braze + Customer.io ship strong omnichannel segmentation. Salesforce Marketing Cloud ships strong enterprise segmentation. Segment + mParticle + Rudderstack + Tealium + Hightouch + Census ship strong CDP and reverse-ETL. The compound case the communication-broadcast agent has to handle is the one where (a) a single subscriber may belong to multiple banners and multiple locations under a multi-banner operator and the operator-counsel-approved cross-banner data-sharing policy controls which cross-banner segment assignments are permissible without violating the subscriber-side consent boundary, (b) per-channel consent class differs per subscriber per channel — TCPA prior express written consent for SMS marketing is a distinct consent class from CAN-SPAM-compliant email marketing is a distinct consent class from outbound voice marketing is a distinct consent class from direct-mail; per-state mini-TCPA (Florida Telephone Solicitation Act 2021 + Oklahoma + Washington CEMA + Maryland) layers additional consent requirements; CASL Section 6 for Canadian recipients + UK PECR Regulation 22 for UK + EU ePrivacy Article 13(3) for EU layer international consent regimes, (c) state-comprehensive-privacy patchwork imposes per-state opt-out propagation — CCPA Section 1798.120 right-to-opt-out-of-sale/sharing + Section 1798.140(ae) cross-context-behavioral-advertising opt-out + Section 1798.121 sensitive PI opt-out plus 19+ state laws with state-specific opt-out mechanics and response windows, (d) Fair Housing Act + Fair Lending + Equal Credit Opportunity Act Regulation B + Meta Special Ad Category Housing/Employment/Credit + Google equivalent Personalized Advertising Restrictions on HEC apply when segments inform HEC-category ad targeting; EEOC AI hiring guidance + September 2024 ADA AI guidance + Colorado AI Act (effective February 1, 2026) + NYC Local Law 144 + Illinois Artificial Intelligence Video Interview Act + Maryland HB 1202 apply when segments inform consequential decisions, (e) per-vertical restrictions apply by vertical — HIPAA + Washington My Health My Data Act when healthcare-vertical PHI is in scope; GLBA Safeguards Rule when financial-data; FCRA 15 USC 1681 when segmentation triggers consumer-reporting consequences; per-vertical FDA OPDP for pharma; DEA for controlled-substance; DISCUS for alcohol; per--regulator for ; FDA CTP for tobacco; state licensing-board for licensed professionals, (f) COPPA + California AADC (effective July 2024) + Connecticut SB 3 + Maryland AADC + DSA Article 28 restrict segmentation and targeting when under-13 or under-18 audiences are reachable, (g) FTC ROSCA + Click-to-Cancel + state automatic renewal apply when subscription-tier segments drive recurring-charge content. Without an orchestration layer above the CDP + lifecycle/CRM + identity + consent + reverse-ETL + ESP/SMS/push vendors, per-channel consent class enforcement breaks (a subscriber receives marketing SMS without the operator-counsel-approved TCPA prior express written consent path), CCPA cross-context propagation fails across destinations, Fair Housing + ECOA + Meta SCA + Google HEC enforcement gaps surface when HEC-category segments are built, per-vertical restrictions get applied inconsistently per destination, COPPA + AADC + DSA Article 28 leaks when minor audiences are reachable, and the audit trail of "which subscriber, in which segment, against which counsel-policy-version, with which per-channel consent class, propagated to which destinations with which opt-out suppression" fragments across consoles. The orchestration above the vendors is what holds the cross-channel + cross-jurisdiction + cross-vertical + cross-audience invariants.
How does Skill 2 Segment handle Fair Housing + Fair Lending + ECOA + Meta SCA + Google HEC + EEOC + Colorado AI Act consequential decisions?
Segment runs a per-segment-class compliance cascade. Step 1 — segment taxonomy classification. Operator-counsel-and-marketing-team-approved policy classifies each segment by class: descriptive (RFM, lifecycle stage, tier, recent purchase category) vs predictive (propensity, LTV projection — modeled with uncertainty) vs AI-decision (segments that drive recommended actions affecting the subscriber). AI-decision segments are further classified by domain: marketing-routine (segment routes to a marketing message; consequence is the receipt of an ad), HEC-adjacent (segment touches housing, employment, or credit ad targeting which falls under Meta Special Ad Category and Google’s equivalent Personalized Advertising Restrictions), consequential-decision (segment touches Colorado AI Act enumerated categories — employment, education, financial services, essential services, government services, healthcare, housing, insurance, legal services — and the segment’s output feeds a decision producing significant effects on the consumer). Step 2 — HEC-category guardrails. When a segment is HEC-adjacent (used for housing, employment, or credit advertising), Meta’s SCA mandates the use of the SCA-limited audience-targeting subset and the SCA delivery model; Google equivalent Personalized Advertising Restrictions on housing, employment, credit apply at Google Ads. The Segment skill refuses to build HEC-adjacent segments using prohibited targeting (demographic targeting that would be restricted under SCA/HEC), and routes HEC-adjacent segments through the SCA/HEC-compliant path. Step 3 — Colorado AI Act consequential-decision compliance. When a segment is consequential-decision-class (Colorado AI Act effective February 1, 2026), the segment cannot ship to production without operator-counsel-and-operator-data-science-team-approved algorithmic discrimination risk management documentation + consumer notice + appeals process built around the segment use case. EEOC AI hiring guidance and September 2024 ADA AI guidance apply when employment-related; NYC Local Law 144 bias-audit requirements apply for automated employment decision tools; Illinois Artificial Intelligence Video Interview Act applies for AI video interview analysis; Maryland HB 1202 applies for AI hiring tools. The Segment skill routes consequential-decision-class segments to operator counsel for review and refuses to autonomously build or ship them. Step 4 — Fair Housing + Fair Lending. Fair Housing Act + HUD AI/algorithmic-decisionmaking guidance + state fair-housing acts apply when segments inform housing-adjacent decisions. Fair Lending + ECOA Regulation B 12 CFR 1002 notice-of-action + CFPB UDAAP apply when segments inform credit decisions. The Segment skill routes Fair Housing/Lending-implicating segments through operator counsel. Step 5 — California ADMT. California Automated Decisionmaking Technology regulations under CCPA/CPRA (CPPA implementation rulemaking ongoing through 2024-2025) add consumer notice + opt-out + access + appeal for ADM decisions producing significant effects. The Segment skill tags California-resident-targeting consequential segments with ADMT-flag for compliance evaluation. Step 6 — Audit attestation. Per-segment per-class assignment writes to WORM audit trail with rule-citation evidence and counsel-policy-version. The audit trail supports defense in HUD inquiries, CFPB enforcement, EEOC inquiries, Colorado AG enforcement under Colorado AI Act, NYC LL144 bias-audit reviews, and CPPA ADMT enforcement.
How does Skill 4 Suppress maintain per-channel TCPA + 10DLC + CAN-SPAM + CASL + UK PECR + EU ePrivacy consent class plus CCPA cross-context-behavioral-advertising opt-out propagation across destinations?
Suppress runs as a per-subscriber per-channel per-destination opt-out propagation layer that fires before every Sync. Step 1 — TCPA + 10DLC + state mini-TCPA per-recipient SMS consent class. TCPA prior express written consent for marketing SMS is a distinct class from informational consent and a distinct class from transactional consent; per-state mini-TCPA (Florida Telephone Solicitation Act 2021 + Oklahoma + Washington CEMA + Maryland) layers state-specific enhanced consent requirements. 10DLC + The Campaign Registry per-campaign use case and per-carrier vetting govern SMS routing. The Suppress skill verifies per-subscriber per-channel consent class against the operator consent-management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID — operator chooses) before each SMS send. Subscribers without operator-counsel-approved SMS marketing consent class do not receive marketing SMS regardless of segment membership. Step 2 — CAN-SPAM (15 USC 7701) + state CAN-SPAM equivalents (where applicable) for email marketing. Compliant unsubscribe + sender identification + physical address + subject-line and from-line accuracy. The Suppress skill verifies operator-side compliance configuration with the ESP. Step 3 — CASL Section 6 (Canada) + UK PECR Regulation 22 (UK) + EU ePrivacy Article 13(3) (EU) for international recipients. CASL imposes express or implied consent for commercial electronic messages with stricter standards than CAN-SPAM; UK PECR Regulation 22 requires opt-in for direct marketing electronic communications; EU ePrivacy Article 13(3) requires opt-in for unsolicited direct-marketing communications. The Suppress skill routes recipients to the per-jurisdiction consent regime by subscriber residence jurisdiction. Step 4 — CCPA Section 1798.140(ae) cross-context-behavioral-advertising opt-out propagation. When a California-resident subscriber exercises the cross-context-behavioral-advertising opt-out, the opt-out propagates through the operator consent-management vendor to each ad platform via the platform’s consent-management or audience-suppression API (Google Restricted Data Processing, Meta Limited Data Use, similar). The Suppress skill verifies the propagation has reached each Sync destination before audience-class segments fire. Step 5 — state-comprehensive-privacy patchwork (Texas DPSA + Virginia CDPA + Connecticut CTDPA + Colorado CPA + Utah CPA + Oregon CPA + Tennessee IPA + Maryland Online Data Privacy Act + Washington My Health My Data Act + Florida DBR + Delaware PDPA + Indiana CDPA + Iowa CDPA + Montana CDPA + Nebraska Data Privacy Act + Rhode Island DTPPA + Minnesota MCDPA) per-state opt-out propagation. Step 6 — GDPR Article 22 opt-out + Article 35 DPIA-flagged segments + ePrivacy. Step 7 — per-vertical suppression. HIPAA when healthcare-vertical PHI requires BAA coverage at destination; Washington MHMDA health-data opt-out propagation; GLBA Safeguards when financial-data; FCRA suppression when consumer-reporting-adjacent; per-vertical FDA OPDP + DEA + DISCUS + per--regulator suppression. Step 8 — COPPA + California AADC + Connecticut SB 3 + Maryland AADC + DSA Article 28 minor-audience exclusion. Step 9 — DNC suppression (Federal DNC + per-state DNC) when outbound voice or SMS. Step 10 — audit attestation. Per-subscriber per-channel per-destination Suppress decision writes to WORM audit trail with rule-citation evidence and counsel-policy-version. Failed Suppress events block the corresponding Sync; the audit trail supports state-AG, CPPA, EU supervisory-authority, and per-vertical regulator inquiries.
What compliance does the orchestration enforce, and how does it map to privacy + Fair Housing/ECOA + FTC + multichannel consent + per-vertical?
Five anchors. Anchor 1 — Privacy. CCPA Section 1798.120 right-to-opt-out-of-sale/sharing + Section 1798.140(ae) cross-context-behavioral-advertising opt-out + Section 1798.121 sensitive PI opt-out + state-comprehensive-privacy patchwork (Texas DPSA + Virginia CDPA + Connecticut CTDPA + Colorado CPA + Utah CPA + Oregon CPA + Tennessee IPA + Maryland Online Data Privacy Act + Washington MHMDA + Florida DBR + Delaware PDPA + Indiana CDPA + Iowa CDPA + Montana CDPA + Nebraska Data Privacy Act + Rhode Island DTPPA + Minnesota MCDPA + New Jersey AB 1971). GDPR Articles 6 (lawful basis) + 9 (special-category) + 22 (solely automated decisionmaking when segments produce significant effects) + 26 (joint controller) + 30 (records of processing) + Article 35 DPIA when high-risk processing + ePrivacy Directive 2002/58/EC. UK GDPR + UK PECR. California ADMT regulations under CCPA/CPRA (CPPA rulemaking). Anchor 2 — Fair Housing + Fair Lending + employment-AI. Fair Housing Act + HUD AI/algorithmic-decisionmaking guidance + state fair-housing acts. Fair Lending + ECOA Regulation B 12 CFR 1002 + CFPB UDAAP + state UDAP. Meta Special Ad Category Housing/Employment/Credit + Social Issues + Google equivalent Personalized Advertising Restrictions on HEC + healthcare + social issues. EEOC AI hiring guidance + September 2024 ADA AI guidance. Colorado AI Act (Senate Bill 24-205 effective February 1, 2026) consequential decisions framework. NYC Local Law 144 (effective July 2023) bias audits + notice for AEDTs. Illinois Artificial Intelligence Video Interview Act. Maryland HB 1202 AI hiring tools. Anchor 3 — FTC Section 5 + Lanham Act 15 USC 1125(a) + state UDAP + FTC Endorsement Guides 2024 (AI-generated review + influencer disclosure) + FTC Fake Review Rule 16 CFR Part 465 (effective October 2024) + FTC Negative Option Rule + FTC ROSCA + FTC Click-to-Cancel Rule + state automatic renewal laws (California Business and Professions Code 17602 + New York General Business Law 527 + state patchwork) when subscription tier segments. Anchor 4 — Multichannel consent. TCPA (47 USC 227 + 47 CFR 64.1200) prior express written consent for marketing SMS + 10DLC + The Campaign Registry + state mini-TCPA (Florida Telephone Solicitation Act 2021 + Oklahoma + Washington CEMA + Maryland) + CAN-SPAM (15 USC 7701) for marketing email + CASL Section 6 (Canada) + UK PECR Regulation 22 (UK) + EU ePrivacy Article 13(3) (EU) + Federal DNC + per-state DNC when outbound voice or SMS + FCC Reassigned Numbers Database for outbound callback verification + STIR/SHAKEN for outbound caller-ID. Anchor 5 — Per-vertical segmentation restrictions. Healthcare (HIPAA 45 CFR Parts 160 + 164 when PHI in segment + Washington MHMDA effective April 2024 + state health-data patchwork + state medical-board advertising restrictions when targeting). Financial services (GLBA Safeguards Rule + FCRA 15 USC 1681 when segmentation triggers consumer-reporting consequences + ECOA Reg B). Pharma (FDA Office of Prescription Drug Promotion DTC). Controlled substances (DEA advertising restrictions). Alcohol (DISCUS Code + TTB + per-state liquor-board + per-state shipping legality). (per--regulator + near-total platform prohibition + CBD carve-outs). Tobacco (FDA Center for Tobacco Products + 21 CFR 1140 + per-state vape-flavor bans). Insurance (state insurance-commissioner). Real estate (state real-estate-commission). Minor audiences (COPPA 15 USC 6501 + California Age-Appropriate Design Code Act effective July 2024 + Connecticut SB 3 + Maryland AADC + DSA Article 28). Broader gate also enforced: ADA Title III + WCAG 2.2 AA for output dashboards + per-state pricing-display rules via policy-as-code (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso). WORM audit trail (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-statute retention (TCPA 4yr + CAN-SPAM 5yr + CASL 6yr + GDPR 6yr + CCPA 3yr + COPPA 1yr after relationship ends + ECOA 25mo + FCRA 25mo + Fair Housing variable + FTC 7yr + state-AG variable + HIPAA 6yr) per operator counsel policy.
What does the engagement look like across Tier 1 → Tier 2 → Tier 3, and what does the Tier 3 reporting cycle commit to?
Tier 1 AI Readiness Assessment (2-3 weeks, diagnostic): audits the operator current per-location list segmentation posture against the 4-skill bundle + 5-anchor compliance overlay + per-vendor CDP + lifecycle/CRM + identity resolution + consent management + reverse-ETL + ESP/SMS/push + analytics state; deliverable is a gap-pack report identifying which segments lack operator-counsel taxonomy classification (descriptive vs predictive vs AI-decision), which HEC-adjacent segments are using prohibited targeting under Meta SCA + Google HEC, which consequential-decision-class segments lack Colorado AI Act algorithmic discrimination risk management + consumer notice + appeals process, which Fair Housing or Fair Lending-implicating segments lack counsel review, which channels lack per-subscriber consent class verification under TCPA + 10DLC + CAN-SPAM + CASL + UK PECR + EU ePrivacy, which destinations lack CCPA cross-context-behavioral-advertising opt-out propagation, which per-vertical segments (healthcare/financial/pharma//alcohol/tobacco/insurance/real-estate) lack vertical-specific enforcement, whether COPPA + California AADC + Connecticut SB 3 + Maryland AADC + DSA Article 28 minor exclusions are wired, whether subscription tier segments comply with FTC ROSCA + Click-to-Cancel + state automatic renewal, and a recommended remediation sequence for Tier 2. Tier 2 AI Swarm Setup Sprint (4-8 weeks): builds the 4-skill bundle on the communication-broadcast agent, wires CDP + lifecycle/CRM + identity resolution + consent management + reverse-ETL + ESP/SMS/push + analytics vendors (operator-chosen subset), configures the operator-counsel-and-marketing-team-approved segment taxonomy + HEC-category guardrails + Colorado AI Act consequential-decision review flow + Fair Housing/Lending + EEOC AI flow + per-channel consent class enforcement + CCPA cross-context propagation across destinations + per-vertical suppression + COPPA/AADC/DSA minor exclusions + FTC ROSCA/Click-to-Cancel/state automatic renewal flow, runs 30-day shadow + canary period before flipping to enforce-mode. Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/wk embedded): continues operating with daily Snapshot + Segment + Sync + Suppress + weekly per-channel consent audit + monthly per-jurisdiction privacy patchwork update review against state amendments + quarterly Colorado AI Act + NYC LL144 + Illinois AIVIA + Maryland HB 1202 + California ADMT review + quarterly compliance evidence packages. Tier 3 reporting is a 6-workstream pre-engagement-baseline reporting cycle (per-location segment coverage trend + per-channel consent class compliance + CCPA cross-context propagation coverage + Fair Housing/ECOA/Meta SCA/Google HEC enforcement + Colorado AI Act + NYC LL144 + Illinois AIVIA consequential-decision review + WORM audit-trail completeness) measured against the operator’s pre-engagement baseline. Each workstream surfaces trend direction and the gap to operator-defined targets. Reporting carries explicit caveats: CDP + lifecycle/CRM + identity + consent + reverse-ETL + ESP/SMS/push vendor SLA + state-comprehensive-privacy statute amendments + CPPA ADMT rulemaking + GDPR + ePrivacy implementing guidance + Fair Housing + HUD AI guidance + ECOA + CFPB + EEOC AI guidance + Colorado AI Act implementing rules + NYC LL144 amendments + Illinois AIVIA + Maryland HB 1202 + FTC Endorsement Guides + Fake Review Rule + ROSCA + Click-to-Cancel + state automatic renewal amendments + TCPA + state mini-TCPA case law + CAN-SPAM + CASL + UK PECR + EU ePrivacy implementing guidance + per-vertical regulator amendments + COPPA + AADC + DSA implementing guidance sit outside Completions control. Attorney-client privilege preservation across operator-counsel-approved segment taxonomy + HEC-category register + Colorado AI Act consequential-decision review records + Fair Housing/Lending evaluation records + consent class matrix + CCPA cross-context propagation records + per-vertical suppression records is maintained per operator counsel policy.
Who owns the CDP, the segment taxonomy, the consent management, the suppression registers, and the audit trail?
Operator owns every artifact. The CDP subscription (Segment, mParticle, Rudderstack, Tealium, Hightouch, Census, ActionIQ, BlueConic, Treasure Data, Twilio Segment — operator chooses) runs under operator billing on operator-controlled accounts. The lifecycle/CRM subscription (Klaviyo, Iterable, Braze, Customer.io, Salesforce Marketing Cloud, Mailchimp, Attentive, Postscript, Listrak, Cordial, Bloomreach, Ortto, Drip, HubSpot — operator chooses) runs under operator billing. The identity resolution subscription (LiveRamp, ID5, Acxiom, Throtle, InfoSum — operator chooses) runs under operator billing. The consent management vendor (OneTrust, TrustArc, Ketch, Securiti, BigID — operator chooses) runs under operator account. The reverse-ETL vendor (Hightouch, Census, Rudderstack, Polytomic, Workato — operator chooses) runs under operator billing. The ESP/SMS/push subscriptions (Twilio, Bandwidth, Plivo, SendGrid, Mailgun, Postmark, Amazon SES — operator chooses) run under operator billing. The analytics subscriptions (Google Analytics 4, Adobe Analytics, Amplitude, Mixpanel, Heap — operator chooses) run under operator billing. The operator-counsel-and-marketing-team-approved segment taxonomy + HEC-category guardrails register + Colorado AI Act consequential-decision review workflow + Fair Housing/Lending evaluation records + EEOC AI hiring guidance flow + per-channel consent class matrix + CCPA cross-context-behavioral-advertising opt-out propagation records + state-comprehensive-privacy patchwork compliance records + per-vertical suppression register + COPPA + AADC + DSA child-audience exclusion records + FTC ROSCA + Click-to-Cancel + state automatic renewal records all live in operator counsel + marketing-team repo. The Snapshot + Segment + Sync + Suppress skill code lives in operator code repo. The WORM audit trail lives on operator-controlled cloud storage (AWS S3 Object Lock + GCS retention + Azure Blob immutable + Snowflake Time Travel) with per-statute retention enforcement. The policy-as-code policies (OPA Rego + AWS Cedar + Casbin + Cerbos + Oso) live in operator code repo, counsel-aligned. The privacy + Fair Housing + ECOA + FTC + multichannel + per-vertical compliance evidence records are operator-counsel-maintained. Completions owns the orchestration knowledge — how to design the per-location segment taxonomy against the operator’s actual subscriber mix, how to wire HEC-category guardrails against the operator’s ad-platform mix, how to wire Colorado AI Act consequential-decision review for the operator’s decision-affecting segments, how to wire Fair Housing/Lending evaluation, how to wire per-channel consent class enforcement across the operator’s communication channels, how to propagate CCPA cross-context opt-out through reverse-ETL to each destination, how to wire per-vertical suppression for the operator’s vertical mix — and that knowledge transfers under the Tier 3 transition path (30-60 days at engagement end with full hand-off of the segment taxonomy maintenance playbook, the HEC-category guardrails maintenance runbook, the Colorado AI Act consequential-decision review playbook, the Fair Housing/Lending evaluation playbook, the per-channel consent class enforcement playbook, the CCPA cross-context propagation playbook, the per-vertical suppression playbook, and the compliance evidence-package generation playbook). Completions credentials revoke on engagement-end.
Engage Completions
Start with the AI Readiness Assessment (Tier 1, 2-3 weeks): audit of operator current per-location list segmentation posture against the 4-skill bundle + 5-anchor compliance overlay + per-vendor CDP + lifecycle/CRM + identity + consent + reverse-ETL + ESP/SMS/push + analytics state. Hand off to Tier 2 AI Swarm Setup Sprint (4-8 weeks): build the 4-skill bundle on the communication- broadcast agent, wire CDP + lifecycle/CRM + identity + consent + reverse-ETL + ESP/SMS/push + analytics + policy- as-code + WORM-storage, configure segment taxonomy + HEC- category guardrails + Colorado AI Act consequential- decision review + Fair Housing/Lending + EEOC AI flow + per-channel consent class enforcement + CCPA cross-context propagation + per-vertical suppression + COPPA/AADC/DSA minor exclusions + FTC ROSCA/Click-to-Cancel/state automatic renewal flow, run 30-day shadow + canary before flipping to enforce-mode. Continue under Tier 3 Fractional CMO with AI Swarm (6-month minimum, 1-2 days/ wk embedded).