I’m not a lawyer. This isn’t legal advice. Seriously. Don’t treat this as a summary of the contracts referenced herein. This article isn’t legal work product.

This is part of a series where I read TOS thoroughly before buying products and then write about it in order to feel like I’m not wasting my time.

Also sorry for the language, things got very real for me around the point where I discovered their whole knowledge base was included by reference in the ‘contract’.

MailChimp (aka The Rocket Science Group LLC d/b/a Mailchimp) has a lot of work product for me to wade through here. An approximate tree:

This all weighs in somewhere north of 50,238 words. That count doesn’t include the 3-level deep stuff because it would be too demoralizing.

Assuming you’re a legal genius and can read contracts at 500 wpm, this is still 100 minutes of work for you. Assuming an 80-year lifespan, that’s 1 / 280k of your waking minutes. Flip that math – if mailchimp has forced 280k people to read this, and / or if people read slower than 500 wpm, mailchimp has (in actuarial terms) murdered a whole person and got away with it.

I’m reading this through a gray overlay (‘veil of ignorance’? I’m going to start calling it that) which is their way of reminding me that I haven’t agreed to their cookie policy yet. Interestingly, their cookie policy is the only page that doesn’t have said veil, so someone thought about the implications here. I’m impressed, but still very annoyed.

General takeaways

On the assumption you won’t read past this intro section, here are the highlights:

  • agreement includes by reference THEIR ENTIRE KNOWLEDGE BASE. This is (sorry for pun) bananas
  • lots of browsewrap / ‘change at any time’ language
  • as far as I saw, no mandatory arbitration clause. good work mailchimp!
  • copyright policy / fair use / hate speech stuff for content is annoying but less painful than substack
  • I may have violated their bandwidth policy by downloading their TOS
  • chimp in logo is called freddie, don’t put your logo on freddie
  • ‘zombie apocalypse’ joke in force majeure clause, we are not amused
  • ‘at any time and from time to time’ will be the name of my TOS-themed album

Main TOS

Section 1.6. To use the service, you must not be ‘listed on any US gov’t list of restricted persons’. First you don’t need to say ‘list’ twice. Second, ‘restricted’ has a lot of meanings. Certain federal employees are restricted from various activities, for example. At various times most Americans have been restricted from traveling to certain companies, Cuba, for example. Hmm. So far I’ve learned nobody can use this shit. Maybe I’m reading this too broadly but ‘any’ is a pretty broad word.

Section 1. ‘By using the Service, you represent and warrant (some stuff). By representing and warranting, you are making a legally enforceable promise’. Sorry fuckers, that’s not how contracts work. Offer acceptance capacity consideration & intent. Clickwrap yes, browsewrap no.

Section 3. ‘If your account is inactive … we may terminate … and you won’t be entitled to a refund for a prepaid month or reimbursement for unused Pay as You Go Credits.’ Might be illegal in new york state under rules about prepaid gift cards.

(See also section 9, ‘Pay as You Go Credits … expire 12 months after purchase.’)

Section 4. ‘We may change any of the Terms by posting revised Terms on our Mailchimp Site. Unless you terminate your account, the new Terms will be effective immediately upon posting and apply to any continued or new use of the Service.’ DOUBT IT. This is how Zappo’s accidentally defanged their mandatory arbitration.

Section 6. ‘We don’t know the inner workings of your organization or the nature of your personal relationships.’ Kay.

Section 7a. Complicated prorating system for exceeding projected usage. Not sure what they’re talking about here but sounds like if I exceed usage and don’t take action, I’ll get billed more than I would have with an upgraded plan.

Section 9. ‘Pay as You Go Credits have no cash value’. Okay, I believe you.

Section 13. ‘We may change our fees … at any time’. Lucky number 13.

Section 14. ‘you either own or have permission to use all of the material, content, data, and information … you submit to Mailchimp’. Uhh and / or fair use, right? Or like I don’t own the URL to nytimes.com but I’m pretty sure I can email it to my mailing list.

Section 14. ‘If you provide us with any Feedback, then you grant us a royalty-free, non-exclusive, worldwide, sublicensable, and transferable license to use, reproduce, publicly display, distribute, modify, and publicly perform the Feedback as we see fit.’ WTF. This means that there’s no privacy policy for me sending them a support ticket. If said support ticket includes a list of several high-value email addresses that aren’t receiving mail, they now have the right to sell those.

Section 15. (on the heels of section 14 above with the transferable license to publicly perform). ‘Your privacy is important to us’. Haha.

Section 16. ‘We may view, copy, and internally distribute Content from your Campaigns and account to create algorithms and programs (“Tools”) that help us spot problem accounts and improve the Service. We use these Tools to find Members who violate these Terms or laws and to study data internally to make the Service smarter and create better experiences for Members and their contacts.’ Standard fare but deeply offensive to me. How about ‘we don’t open your shit until someone complains and we only look at your shit in the context of an investigation’. Not sure how this paragraph plays against ‘You retain ownership of the Content that you upload to the Service’ in section 14 above.

Section 17. They’ll ban you for ‘a threat of physical harm’ (I’m probably okay with that, although given that a credible threat is against the law, I’m not sure why MC needs to police it also). And for ‘hateful content’ which ‘could be perceived to harm, threaten, promote the harassment of, promote the intimidation of, promote the abuse of, or promote discrimination against others based solely on’ (bunch of protected classes and threatened groups). I’m relatively fine with this, esp compared to substack who has a less tolerable version of this policy.

Section 17. ‘We also may suspend or terminate … if we determine … that you are … a person that has … publicly made known a position, including by membership in an organization as discussed above, that could be reasonably perceived as … A Threat of Physical Harm’. Given that every nation has made a threat of physical harm, and everyone with a credit card is a member of a nation, it’s hard to imagine who isn’t caught in this policy.

I wonder if this blog post counts as hate speech.

Section 18. ‘If you think anyone is violating any of these Terms, please notify us immediately.’ I do think someone somewhere must be violating these terms. Also this sentence isn’t specific to people who have signed the terms. I’m not sure why I need to tell MC. Yes I’m nitpicking, but this is further evidence that the author of this network of verbose nonsense is not dwelling in reality. ‘If you think anyone has posted material that violates any protected marks or copyrights, then you can notify us’. WHY??!?!?!?

Section 19. ‘You may only use our bandwidth for your Content and Campaigns.’ A term which I’m violating by downloading this heap of wishes and puppydog kisses masquerading as browsewrap.

Section 21. You won’t ‘directly or indirectly through a third party, allow … your Campaigns to be accessed or generated from within, or distributed or sent to, any prohibited or embargoed country as mentioned in any Export Control Laws.’ So much wrong here. First, ‘Campaigns’ is defined broadly in the intro paragraph (‘including, without limitation, … among other things’) so in theory this applies to the content of my emails as well as my actual emails. Secondly, ‘generated from within’, WTF. I subscribe to the CNS morning brief from fordham which is distributed via mcsv.net and surely includes some content from embargoed countries from time to time. Who cares? Also, if I’m sending out my blog posts via mailchimp, is my blog then part of my ‘Campaigns’? Seems like yes. Do I now need to control who can access my blog? Also although earlier sentences talk about US Export Control Laws, this one says ‘any Export Control Laws’. It doesn’t even restrict it to laws currently in effect. It’s likely that the United States is included in export control laws from somwhere / somewhen.

Section 23. ‘except as expressly stated in these Terms, we don’t provide warranties, conditions, or undertakings of any kind in relation to the Service, either express or implied.’ Translation: fuck contractual consideration.

Section 25. ‘Your violation of these Terms may cause irreparable harm to us and our Team’.

Section 26. ‘If we have to provide information in response to a subpoena, court order, or other legal, governmental, or regulatory inquiry related to your account, then we may charge you for our costs’. I’m not sure why this one riles me but it does.

Section 30. ‘any dispute related to the Agreement or the Service itself will be decided by the state or federal courts in Fulton County, Georgia’. Have never seen this before. Is that a hanging judge?

Section 31. (Force majeure). ‘This includes, but is not limited to, acts of god, changes to law or regulations, embargoes, war, terrorist acts, riots, fires, earthquakes, nuclear accidents, zombie apocalypse, floods, strikes, power blackouts, volcanic action, unusually severe weather conditions, and acts of hackers, or third-party internet service providers.’ Note the ‘zombie apocalypse’ line in there. Am more and more interested in finding out where their attorney went to school and using this as leverage to remove their accreditation. The only thing I welcome less than humor from a lawyer when I’m 1/10 through 50k words is humor from my dentist that requires me to respond while his fist is in my mouth.

Section 33. Severability. ‘then that section will be removed or edited as little as required’. Have never seen this! ‘edited’. WTAF. Who gets to edit? Can I edit it to say that they owe me legal fees for writing this blog post? Who comes up with this?

Section 36. ‘Because we have so many Members, we can’t change these Terms for any one Member or group.’ (1) I don’t know why this is necessary – who gets to section 36 and is like ‘fuck, you know what I want to do? Go call mailchimp and get them to amend their dishrag TOS’. (2) I think this may bind mailchimp; it’s possible violating this promise is material breach.

Section 40. ‘Congratulations! You’ve reached the end. Thanks for taking the time to learn about Mailchimp’s policies.’ I’m not even close to the end, you complete weenus.

Acceptable use policy

‘We may also suspend or terminate accounts according to our Standard Terms of Use where we see behavior, content, or other factors that pose a threat to our platform.’ Hmm – I just read the standard TOS and I didn’t see that in there.

Oh boy, here we go.

‘Please don’t use Mailchimp to distribute anything offensive, to promote anything illegal, or to harass anyone.’ This is them saying ‘please’, it’s not contractual language, so I’m not sure what to make of it, but ‘offensive’ is broad and undefinable, and lots of things are ‘illegal’ somewhere. This doesn’t specify a jurisdiction.

‘sexually explicit content’ is banned, which presumably includes sex ed material.

They don’t ban but do ‘scrutinize’ services for ‘programmatically sending mail on behalf of third parties’, hmm, I wonder why.

‘You may not … Import or incorporate … or otherwise upload to our servers … Social Security numbers, passwords, security credentials, or sensitive personal information.’ How the heck am I supposed to log in without uploading security credentials?

Jesus god in heaven, this doc incorporates by reference their entire knowledge base. Hooooooly shit. ‘For that reason, we provide, and may update from time to time, articles outlining best practices in our knowledge base. For example, we offer guidelines about audience permission and best practices. You may only use Mailchimp in accordance with these best practices, and we may suspend or terminate your account if you violate them.’

I clicked through to some of this, specifically to the ‘permission page’. Get a load of this: ‘Although people talk about permission in a variety of ways, it’s something very specific when it comes to email marketing. Permission is express, verifiable consent to receive marketing communication.’ This really gets my goat because the TOS doesn’t subscribe to any ‘express or verifiable’ offer & acceptance despite ALL OF CONTRACT LAW requiring it.

Let me remind you still that I’m reading this through a gray cookie permission overlay.

API policy

I found out the name of the creature in the logo: ‘You won’t use our name or marks in your Integration name or logo, or in any way that implies an endorsement by us (that includes putting your logo on Freddie)’. This will be on the test.

‘Continued use of the APIs means you accept the change.’ Haha nope, sorry fools.

‘Thanks for taking the time to read our API Use Policy. People like you are why we have an API in the first place.’ This cheerful tone is really getting to me.

Finally, high contrast text! My poor eyes.

‘third parties serve cookies through our Mailchimp Sites and Service for advertising, analytics, and other purposes.’ I like the religious imagery here. Serve cookies through us. We are just a vessel for their will. We’re not intentionally hosting any JS that sets them, no, not us.

Speaking of religious imagery, one of the cookies is called _AVESTA_ENVIRONMENT, cool. Zoroastrians occupy a neat place in history.

Their list of ad targeting cookies makes me so happy that I have 3rd party cookies turned off, and so upset about sites that don’t work without 3rd party cookies, and relatively happy that chrome is disabling 3rd party cookies forever. Except now they’re not because covid.

‘We have engaged one or more third-party service providers to track and analyze both individualized usage and volume statistical information’. Hint: it’s ‘or more’.

‘We automatically place single pixel gifs, also known as web beacons, in every email sent by our Members’. Yuck, I hope this can be turned off.

‘Facebook does not provide an opt-out link for its cookies’.

Back to gray overlay.

Uhhh, since when do emails have URLs? ‘When reporting a claim of copyright infringement, please ensure your notice includes the following … An identification of where the allegedly infringing content is located on our Websites or was sent through our Service (a URL works best)’.

Brand assets

‘Mailchimp is one word, spelled with a big M and a little c. It used to have a big M and a big C, but the times have changed.’ There’s a ‘big M little C’ joke here that I’ll stay away from.

I shit you not, this is followed by a page of pictures of the word ‘mailchimp’ with a lowercase M. I altered this one but you get the point:

freddie fire eyes

‘We always pair our company name with the Freddie icon. And Freddie’s always winking because he has a great attitude.’ (1) the tone continues to grate. (2) I’ve read the word mailchimp like a hundred times tonight and it is not always paired with the Freddie icon. This statement is false. Under section 33 severability, it may be removed or edited.

‘Cavendish Yellow is Mailchimp’s hero color. We use Peppercorn for accents.’ Ugh.

‘Provide plenty of space around the Mailchimp logo and Freddie. Make them big, make them small, just give them the chance to breathe and not feel cluttered.’

‘Please don’t … Alter these files in any way.’ Too late fools.

Privacy policy

(Ironically, this page gave itself a google analytics query param: https://mailchimp.com/legal/privacy/?_ga=2.3305776.1013119402.1586051456-1913224535.1586051456).

‘From time to time, we may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners.’ I’ll bet you do.

‘For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members.’ This sounds like cross-account data mining and is IMO a no-no for multitenant products.

Ah, but can apparently be turned off:

‘If you or your Contact prefers not to have their data used for this purpose, you can alter the settings on your account (as described here) to opt out of data analytics projects, or your Contact can opt out of data analytics projects at any time by emailing us at personaldatarequests@mailchimp.com.’

‘We use YouTube’s API services in connection with our Service to provide certain features. As such, you acknowledge and agree that by signing up for an account and using the Service, you are also bound by Google’s Privacy Policy’. Which features? We need to legislate to constrain how vague companies can be here. Exactly what do you send them, exactly when.

‘We may partner with third-party advertising networks, exchanges, and social media platforms (like Facebook) to display advertising on the Mailchimp Sites or to manage and serve our advertising on other sites, and we may share Personal Information of Members and Visitors with them for this purpose.’ Yuck, but probably doesn’t implicate my subscribers.

‘Because the information in a Member’s Mailchimp account is private, account passwords are hashed, which means we cannot see a Member’s password.’ That’s an odd sentence that is also like doubly wrong. In order to store the password in a hashed format it has to be in plaintext inside their system, unless they’re using some fancy client-side hashing which, from briefly perusing their sign-up page, I doubt. ‘we cannot see a member’s password’ is a false statement.

‘We may change this privacy policy at any time and from time to time.’ (1) ugh, enough with the ‘this is a contract but it’s also quicksand’, (2) why say both? Is someone writing a love song in their spare time? Devil can’t write no love song.

That’s it

That only took 2.5 hours of my life, not including the linked google stuff (which is full of links). I found one typo and duly notified them.

If you hate long contracts, tell your member of congress to support legislation banning consumer contracts over 1000 words.