Compliance built in, not bolted on.

Exposure: $500–$1,500 per violating SMS or call, with no statutory cap. A single un-consented blast to 200 tenants is a $300,000 problem.

What UnitFull does: Explicit written consent is captured at lease signing and stored with the timestamp, IP address, and exact consent language shown to the tenant. Every automated SMS consults the consent record before sending. Opt-outs are honored immediately — within seconds, not business days. A dedicated phone number is provisioned per facility; no shared sender codes.

Rule: Active-duty and reserve-activated servicemembers cannot be subjected to lien sales, overlocks, late fees above the SCRA cap, or interest above 6% on pre-service debt.

What UnitFull does: A military-status flag on every tenant record short-circuits the delinquency state machine for protected tenants — no automatic overlock, no lien notice generation, no late fee application above the legal cap. The status change is logged to the audit trail. DMDC verification API integration is on the roadmap for v2.

The problem: Notice periods range from 5 to 60 days depending on the state. Late-fee caps differ. Required notice language differs. Getting this wrong can void a lien sale and expose you to the tenant's legal fees.

What UnitFull does: State-specific lien rules are configured in the platform. Lien notices are auto-generated with the controlling statute cited, using state-required notice periods and language. Every notice is archived as an immutable PDF in case of legal challenge. States with recent statutory changes (TX, NJ, LA in the last 24 months) are reviewed quarterly.

Rule: ACH debits require explicit written or electronic authorization. Re-presentation after a return code is limited (twice maximum; never on R07/R10/R11 unauthorized returns).

What UnitFull does: Authorization text, timestamp, IP address, and user-agent are stored at enrollment. Each R-code return is mapped to the correct action — retry, mark account invalid, or escalate for manual review. Re-presentation rules are enforced in code, not by operator judgment.

All marketing emails include a one-click unsubscribe link and a physical mailing address in the footer. Unsubscribes are honored within seconds via the same consent model used for TCPA opt-outs. Transactional emails (lease confirmations, payment receipts, gate-code delivery) are exempt from unsubscribe requirements but still carry facility contact information.

ADA accessibility lawsuits against storage facilities have been increasing. Tenant-facing surfaces — the public rental site and tenant portal — are required to meet WCAG 2.1 AA before public launch. This is enforced via automated Lighthouse CI gates on every deployment (threshold: Accessibility score ≥ 95).

Operator console accessibility is held to the same standard. All interactive components carry correct ARIA labels, keyboard navigation is fully supported, and color contrast ratios exceed the 4.5:1 minimum for normal text.

Every consent grant, consent revocation, lien notice generation, overlock action, SCRA status change, and payment dispute is written to an immutable audit log with full before/after diff. This is your legal-defense surface — it's not buried in a settings page, it's a first-class module in the operator console.