The Complete TCPA Checklist for Business Texting in 2025

Here is a step-by step guide, with templates, for sending TCPA-compliant texts and getting your 10DLC registration approved.

Note that this is not legal advice. Please consult legal counsel to ensure you have met all of your compliance requirements.

Table of contents

1. Create your SMS terms and conditions
2. Create your SMS privacy policy
3. Add consent to your website forms
4. Make sure your lead aggregators are compliant
5. Make sure your messages are compliant
6. Submit your 10DLC registration application

Additional resources

TCPA checklist for business texting

Here is what you need to have in place in order to be compliant with the TCPA and get your 10DLC registration approved.

1. Create your SMS terms and conditions

You must first either a) create an SMS terms and conditions page or b) add an SMS section to your current terms and conditions page. It must include:

• Program name
• Program description (types of texts, frequency)
• How to opt out
• How to get support
• Carriers not liable statement
• Message/data rates apply.
• Link to privacy policy

SMS Terms and Conditions example:

(Note that this is a general minimum requirement list, and not legal advice. Your legal rep will need to provide the full requirements for your terms and conditions.)

Resource: Guide to Creating SMS Terms and Conditions (with Examples and Templates)

2. Create your SMS privacy policy

Next, you must either a) create an SMS privacy policy page or b) add an SMS section to your current privacy policy page. It must include:

• Accurate description of the SMS service, including when and what type of messages users will receive. 
• List the kind of personal information you're collecting (name, email address, phone numbers etc).
• List the methods you use to collect personal data (a form, cookies, etc). 
• Explain how you're using the personal data you collect (sending emails or text messaging, etc).
• Explain how you store, maintain, and safeguard the personal information you're collecting.
• Explain if, how and why you share personal data with third parties.
• Provide a method for correcting, verifying, changing, or removing personal information.

(Note that this is a general minimum requirement list, and not legal advice. Your legal rep will need to provide the full requirements for your privacy policy.)

Resource: Guide to Creating an SMS Privacy Policy (with Template)

3. Add consent to your website forms 

All of your lead capture forms on your website must include clear consent verbiage. This includes:

• The following disclosures:
  • By clicking submit, I am opting in to receive text messages from [company name] for [purpose, briefly]. 
  • Frequency varies (Or if you know the frequency, state it.)
  • You can opt out at any time.
  • Message and data rates apply. 
  • Consent is not a condition of purchase. (Translation: Giving consent to text does not mean the consumer then has to make a purchase.)
  • We will never share your personal information with third parties for marketing purposes. (optional)
• Link to your SMS terms and conditions (see step #1). 
• Link to privacy policy (see step #2).

Example of consent verbiage on a form:

By clicking submit, you authorize [company name] to reach out to you about your project needs via phone, email, or text. These communications may be sent using automation or generative AI. Frequency varies. Message/data rates apply. Consent is not a condition of purchase. You can opt out at any time. Terms and Conditions  |  Privacy Policy.

Resource: Opt-In Messaging FAQs, Examples, and Templates

4. Make sure your lead sources are compliant.

With the January 27 FCC One-to-One Consent regulation, lead aggregators can no longer use one checkbox or one form to get consent from a homeowner for multiple vendors to reach out to them. They must obtain individual consent per vendor. This means it's important to check with your lead aggregator to make sure they are being compliant. Here are some questions you can ask them:

1. Explicit consent:
   1. How do you capture consent from leads? Is it explicit and not implied?
   2. Are leads required to take a clear affirmative action (e.g., checking a box, clicking a button) to give consent?
   3. Do you use pre-checked boxes or implied consent methods? (This should be avoided.)
      
      
2.  Language of consent:
   1. Does the consent agreement clearly state that the individual is consenting to receive communications?
   2. Does the disclaimer specify that the consent applies to automated technology, including auto-dialers and pre-recorded messages?
      
      
3.  Consent to specific parties:
   1. Does the consent explicitly list or reference your business as an entity that will contact the lead?
   2. Are there any other parties included in the consent? (This should be avoided.)
      
      
4.  Terms of consent:
   1. Is it made clear that consent is not a condition of purchase?
   2. Is information about message and data rates included in the consent language?

5. Make sure your SMS campaigns are compliant

The first text of every SMS campaign must:

• • Hi Tom, this is Jen from Window Planet.
  • Hi Tom, Window Planet here.
  • Hi Tom, this is the Window Planet team.

Hatch users, this is built-in to our platform, so you won't be able to launch a campaign without it.

The requirement is that the first text of any campaign must include a clear instruction on what word the customer can text back to opt out. 

For example:

• Reply STOP to unsubscribe.
• Reply STOP to end messages.
• Opt out any time by replying END. 
• Reply UNSUBSCRIBE to stop messages.

This word MUST be in all caps in your text. And it must be one of the following words:

• STOP, UNSUBSCRIBE, END, CANCEL, QUIT, STOPALL, ARRETT, ARRET, ARRETE**
  
  **This IS an exhaustive list of official terms, you cannot use synonyms.

This is also built into the Hatch platform.

For more help with sending effective, compliant messages, see our SMS Messaging Best Practices Guide.

6. Get 10DLC registered

Once you have all of the above in place, you will then be able to submit your 10DLC application. 10DLC stands for 10-digit long code, and getting registered essentially means that The Campaign Registry will vet you to make sure you are TCPA compliant. If you don't follow the above steps, you won't get approved.

Your text provider has to submit your 10DLC application on your behalf. Here is a list of the information your business text provider needs from you in order to do so:

• Tax details:
  • DBA/brand name
  • IRS-issued EIN or TID
• Organization details:
  • Business type (LLC, sole proprietor, or corporation)
  • Industry and business type (non-profit, public, private, government)
• Contact details:
  • Organization address
  • Primary contact
• Campaign details (your texting provider will likely provide this information on your behalf)
  • Types of messages you'll be sending
  • Sample messages
  • Proof of how people give consent to receive messages from your business
  
  

Resource: 10DLC Explained

Additional resources

• The FCC's TCPA privacy section that documents the company identifier requirement (which can be found via the  FDIC's Consumer Compliance Examination Manual).
• The FCC's 2015 Omnibus Declaratory Ruling and Order that text messages are subject to the same TCPA restrictions as phone calls.
• FCC Fact Sheet
• FCC TCPA Summary
• CTIA Messaging Principles and Best Practices
• The Campaign Registry Website
• Twilio’s 10DLC Campaign Approval Best Practice.