Issues

## Problem We plan to email up to 39K legacy users who signed up 8–14 years ago on salon.io. Under GDPR (EU users are the majority), we need a compliant basis for contacting them. ## Requirements ### Legal Basis - **Legitimate interest** (Art. 6(1)(f) GDPR) is the most viable basis — we have an existing customer relationship and are informing them about a successor service for their data/content. - Document the legitimate interest assessment (LIA) before sending. ### Email Content Requirements - Every email must include a working **unsubscribe link** (one-click, per CAN-SPAM and GDPR) - Every email must link to the **privacy policy**: https://docs.salon.io/docs/en/legal/privacy - Every email must link to the **terms of service**: https://docs.salon.io/docs/en/legal/terms - Emails must clearly identify the sender (salon.io / New Salon, Stefan) - Physical address in footer (required by CAN-SPAM, good practice for GDPR) ### Technical Requirements - Resend supports one-click unsubscribe headers (List-Unsubscribe) - CRM must track unsubscribe status — never re-email someone who unsubscribed - SPF/DKIM/DMARC must be configured on sending domain before any volume send - Bounce handling: remove hard bounces from future sends ### Tiered Send Strategy (Risk Mitigation) - **Test batch**: 10 emails to known addresses — verify deliverability - **Tier 1**: 210 VIP users — warm, engaged, low risk - **Tier 2–6**: Graduated sends per [Kickfund PRD](https://docs.salon.io/docs/en/legal/terms) - **Tier 8**: 32K bulk send — only after earlier tiers prove deliverability and low complaint rates - Monitor spam complaint rate: stay under 0.1% (Google/Yahoo requirement) ### Data Handling - Legacy user emails stored in MongoDB (CRM). Do not export to third-party tools without DPA. - Users who migrate to New Salon consent to new [Terms](https://docs.salon.io/docs/en/legal/terms) and [Privacy Policy](https://docs.salon.io/docs/en/legal/privacy) during signup/account linking. - Provide data export/deletion path for legacy users who request it (GDPR Art. 15/17) ## Acceptance Criteria - [ ] Legitimate Interest Assessment documented - [ ] Unsubscribe mechanism working in Resend - [ ] CRM tracks unsubscribe status per user - [ ] SPF/DKIM/DMARC verified on sending domain - [ ] Email templates include: unsubscribe link, privacy policy link, terms link, physical address - [ ] Bounce handling configured - [ ] Test batch sent and verified before Tier 1

- Account for legacy `margin-right`, `padding` values when calculating column config - Map legacy `fixedwidthconfig` gap/margin to new column layout gutter setting - Preserve visual density (e.g. 3 items at 300px with 10px gap on 960px container = 3 columns with 10px gutter) - Import ALL i18n language variants (currently only imports German preferentially) - Set `default_language` from legacy user language field, `languages` array from found content **Files:** `app/api/migration/import-stream/route.ts`, `src/lib/legacy-layout-mapper.ts`