Use Cases/Marketing Agents

Runtime authorization for marketing AI agents.

A marketing agent with HubSpot, Marketo, Google Ads, and Meta Ads keys can change budgets, email suppressed contacts, or publish campaign copy before the loop iteration finishes. Authentication tokens show the agent can reach the API. Veto decides whether this specific send, budget change, or campaign launch should execute now against your suppression list, opt-out registry, brand-voice rules, and approval matrix.

GDPR Article 6 & 7CAN-SPAMCCPA and CPRACASL
Sign upRead docs

What can go wrong

Marketing automation moves at outbound speed: an agent can hit thousands of contacts and dozens of ad accounts in a single tool loop. The damage is fast, public, and quantified in regulator fines and CRM churn.

Sends to unsubscribed users

A re-engagement agent reasons that "people who unsubscribed years ago might re-opt-in" and pulls a deleted segment back into a send. CAN-SPAM penalties run up to $53,088 per email. One mailing can erase the budget.

Runaway paid budgets

A "scale winners" agent edits a Google Ads daily budget from $200 to $20,000 because conversion volume looked good on a Sunday. The change takes effect for 23 hours before anyone sees Monday's report.

Brand-voice incidents

A social agent posts an off-brand or geopolitically tone-deaf response on X or LinkedIn during a holiday weekend. The post is up for hours before a human notices. Screenshots circulate before the team can retract it.

GDPR consent drift

An enrichment agent re-purposes a list collected for one consent purpose (newsletter) for another (sales outreach). GDPR Article 6 requires a fresh lawful basis per purpose. Repurposing consent is the kind of mistake reviewers ask teams to explain later.

What Veto enforces

Policies wrap the ESP, ad platform, and social tools your agent calls. Evaluation runs in-process before the network request leaves your application.

veto/policies/marketing-agents.yaml
policies:
  - name: "Suppression and consent enforcement"
    match:
      tool: ["sendgrid.send","mailchimp.send","marketo.send_campaign"]
    rules:
      - condition: "any(recipients, r => r.suppressed == true)"
        action: deny
        reason: "Recipient on suppression list; CAN-SPAM/CASL violation"
      - condition: "any(recipients, r => r.jurisdiction == 'EU' && r.consent.lawful_basis == null)"
        action: deny
        reason: "GDPR Article 6 lawful basis missing"
      - condition: "any(recipients, r => r.gpc_signal == true)"
        action: deny
        reason: "Global Privacy Control opt-out present"

  - name: "Mass-send approval gate"
    match:
      tool: ["sendgrid.send","mailchimp.send"]
    rules:
      - condition: "recipients.length > 25000"
        action: require_approval
        approvers: ["marketing-ops@approved.example","legal@approved.example"]
      - condition: "recipients.length > 5000 && schedule.outside_business_hours == true"
        action: require_approval

  - name: "Paid-budget ceilings"
    match:
      tool: ["google_ads.update_budget","meta_ads.update_budget","linkedin_ads.update_budget"]
    rules:
      - condition: "args.daily_budget > campaign.policy.daily_cap"
        action: deny
        reason: "Above team daily cap"
      - condition: "abs(args.delta_pct) > 20"
        action: require_approval
        approvers: ["growth-lead@approved.example"]
      - condition: "args.daily_budget > 10000"
        action: require_approval
        approvers: ["cmo@approved.example"]

  - name: "Brand-governed social posting"
    match:
      tool: ["x.post","linkedin.post","instagram.publish"]
    rules:
      - condition: "content matches_any blocklist.geopolitical || content matches_any blocklist.competitor_disparagement"
        action: deny
      - condition: "schedule.timestamp.is_weekend && content.tone_score < 0.7"
        action: require_approval
        approvers: ["brand@approved.example"]

Evidence hooks

GDPR Articles 6, 7, 21

Lawful basis, consent record, and the right to object. Veto policy reads the consent ledger and denies the send if any recipient fails the check.

CAN-SPAM (US)

Honoring opt-outs within 10 business days, accurate header info, sender identification. Veto blocks a re-engagement loop before it breaches the 10-day window.

CCPA and CPRA

Global Privacy Control must be honored as a valid opt-out signal in California. Veto reads the GPC flag per contact.

CASL (Canada)

Express consent is required for commercial electronic messages. Veto checks consent type per recipient before the agent sends.

Where policy pays

Marketing automation touches consent, identity data, budget, and public brand voice. When an agent ignores suppression, geography, or spend limits, the mistake scales at campaign speed.

A deny-on-suppression policy is short, reviewable, and enforced before the send tool runs. The model can draft the campaign; it does not get to override consent state.

Frequently asked questions

How does Veto stop a marketing agent from emailing unsubscribed users?
Wrapped send tool calls are intercepted before SendGrid, Mailchimp, Marketo, or HubSpot delivers. The policy checks each recipient against the suppression list and the contact's opt-out timestamp, and denies the send if any recipient is suppressed or if the lawful basis is unset. If outbound provider access is also policy-gated, the agent cannot fall back to a direct provider API.
Can Veto cap ad-spend on Google, Meta, or LinkedIn?
Yes. Wrap the campaigns.create and campaigns.update_budget tools your agent calls. Policy rules compare the daily budget, lifetime budget, and bid against per-campaign and per-team ceilings, and require approval for material changes or anything above the channel cap. Logs include the agent identity and approval history for SOX advertising-spend review.
What about GDPR and CCPA opt-out signals like GPC and Do-Not-Track?
Policies read the consent flag for each contact (consented, withdrawn, expired) and the jurisdiction. You can default EU contacts to deny without explicit Article 6 lawful basis, honor California Global Privacy Control signals, and block sends when the consent record is older than the retention window you configure.
Does the decision record support CAN-SPAM record-keeping?
CAN-SPAM requires records of consent and the ability to honor unsubscribe within 10 business days. Veto records governed send attempts with recipient, content hash, agent ID, policy version, and decision. Combined with your ESP's bounce and unsubscribe webhooks, this is the evidence record the FTC asks for after a complaint.

Related use cases

Sales Agents

CRM write limits, discount ceilings, and PII guardrails for outbound SDRs.

Customer Support

Refund, credit, and ticket-action gates for support automations.

GDPR

Article 6 lawful basis, Article 7 consent, Article 30 records of processing.

One blocked unsubscribed send. One year of budget protected.

Pick one ESP, ad, or social tool boundary.

Sign upBook a call