Serious Trust and Branding Issue in Password Reset Emails

Embedding Base44’s social media links in password reset emails sent on behalf of my application is a serious misuse of platform control. Transactional emails are a critical part of an app’s trust boundary, and using them to promote Base44 branding—without explicit consent or any opt-out—is fundamentally wrong.

This approach forces developers to redirect their own end users to Base44, creating confusion and reputational risk. My users did not sign up to interact with Base44’s social channels. Redirecting them there during a security-critical flow like password reset is misleading, inappropriate, and harmful to user trust.

From a SaaS ethics and industry-standards perspective, this behavior is exploitative. It leverages Base44’s control over essential infrastructure to assert brand dominance over customer products. This is not a partnership model—it is coercive design that limits customer autonomy and ownership of user relationships.

It is especially concerning that Base44, which itself relies on third-party AI infrastructure, restricts its customers from even basic control over their own branding. Denying the ability to disable social links in transactional emails signals an intentional attempt to retain visibility over downstream users rather than enable customer growth.

At a minimum, social media links must be removable from transactional emails. Platform branding must not override app ownership or user relationships. Security-related emails must remain neutral, transparent, and strictly app-scoped.

Redirecting this concern to a “feature request” is not an adequate response. This is a product governance and trust issue that requires internal review at a leadership level, not dismissal as a missing customisation.