In case you missed it, as of August 31, 2023, business text messages from unregistered 10DLC numbers are being blocked by all mobile carriers.
Businesses are trying to get registered, but their applications are getting rejected because of TCPA compliance reasons—one of which is not having a proper SMS privacy policy.
This article will help you meet the legal requirements on your SMS privacy policy page so your 10DLC application can get accepted and your campaigns can run smoothly.
Legal disclaimer (but of course!)
This information is not legal advice. We have provided this information to use as a starting point—but your country/state, industry, business practices, and more impact what you need to include in your privacy policy. Please clear all legal verbiage with your legal counsel to ensure that you're being compliant with any applicable regulations.
10DLC stands for 10-digit long code number, and businesses use them to text their customers (as opposed to a toll-free, 800, or shortcode number).
Starting in 2022, all major mobile carriers (AT&T, Verizon, T-Mobile) began requiring that all 10DLC numbers be registered with an agreed-upon third party called The Campaign Registry.
With registration, TCR vets and verifies you as a legitimate business and makes sure you meet all texting compliance laws (as stated in TCPA). Toll-free and shortcode numbers already have a registration process in place, so this was pretty inevitable.
Key areas of compliance include:
Legal verbiage is a pain in the rear side of the bod, we know. Not to mention making changes on your website. So this post and the resources in it are aimed at making it as easy as possible for you to come up with a TCPA/10DLC-compliant SMS privacy policy for your business.
An SMS privacy policy clearly outlines how you gather, use, disclose, and manage any personal data or information you collect on people when they opt into and/or participate in your SMS program.
You need to have a clear SMS policy, which means you either need to create a dedicated page for your SMS privacy policy, or add an SMS section to your existing privacy policy page.
Terms and conditions outline the rules of engagement for a particular asset, such as your website, product/service, or in this case, your SMS program. They explain what your business can and cannot do as well as what your visitors can and cannot do, but they are primarily in place to protect your business's rights. Your privacy policy, on the other hand, discloses how you collect, store, and distribute user data and it primarily protects your visitors' rights.
It is not possible to provide a blanket list or template for an SMS privacy policy, since these are highly specific to your business and processes. But we can give you some minimum requirements, courtesy of Twilio and Constant Contact:
Your SMS privacy policy must:
Remember, the full list for your business may include other components, so please consult your legal representative.
Again, only your legal rep can help you generate a fully compliant privacy policy. But for a starting point, we recommend using Constant Contact’s privacy policy template.
Important notes from Constant Contact:
Constant Contact disclaimer: THIS SAMPLE PRIVACY POLICY IS NOT LEGAL ADVICE AND IS FOR INFORMATIONAL PURPOSES ONLY. This sample privacy policy may not meet all the legal requirements applicable to you. For example, if you are subject to privacy legislation such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), or similar privacy legislation, you may be required to provide additional disclosures and rights to your users. Privacy legislation is also continuously evolving and you should review your privacy policy and privacy obligations regularly. Additionally, a privacy policy that does not accurately or adequately disclose your practices can expose you to legal risks. We recommend consulting with your legal counsel before adopting this privacy policy.
This varies depending on your website platform as well as whether you outsourced your website creation. If you rely on a third party to edit your website, you can use this template to reach out to them:
Hi [name],
Due to new text messaging rules and regulations, we need to make changes to our forms, terms and conditions page, and privacy policy page as soon as possible. Could we set up a meeting to discuss the changes needed?
Thank you!
[name]
If your 10DLC registration is rejected for any reason, your CSP will let you know and once the fixes are made, will resubmit your application.
Not only will your 10DLC registration be rejected and not only will you not be able to run text campaigns, but there may also be legal consequences. After all, TCPA is federal law. Here are three key reasons you need to take your SMS privacy policy seriously:
From Hatch
From the FCC (Federal Communications Commission)
From the CTIA (Cellular Telecommunications and Internet Association)
From The Campaign Registry (the third party that registers 10DLC numbers)