This article will help you meet the legal requirements on your SMS privacy policy page so your 10DLC application can get accepted.
Summary
As of July 6, 2023, texts from unregistered 10DLC numbers are being restricted by mobile carriers and starting August 31, 2023 they will be blocked altogether. So it’s important to get your 10DLC registration approved as soon as possible.
In order to get registered, you must comply with legal requirements, one of which being that you are required to get consent before texting any of your contacts. This requires clear opt-in language in three places on your website:
- Your website forms
- Your terms and conditions
- Your privacy policy (what this article covers)
We know that legal verbiage is daunting, not to mention making changes on your website. We also know that these are significant changes that may bring up questions and concerns. This article will address and walk you through all of it, and also provides templates so this can be as pain-free as possible. If you still have questions at the end, reach out to your account rep and we will be happy to help.
Table of contents
- What is an SMS privacy policy?
- What's the difference between a privacy policy and terms and conditions?
- SMS privacy policy requirements
- SMS privacy policy template
- Additional FAQs
- Additional resources
DISCLAIMER: This information is not legal advice. We have provided this information to use as a starting point—but your state, industry, business practices, and more impact what you need to include in your privacy policy. Please clear all legal verbiage with your legal counsel to ensure that you're being compliant with any applicable regulations.
What is an SMS privacy policy?
A privacy policy, in general, discloses how you gather, use, disclose, and manage any personal data or information you collect on your website. That said, your SMS privacy policy refers to the above with regard to the phone number and other personal information your visitors share when they opt into your program.
Just as with your terms and conditions page, you either need to:
- Create a separate page for your SMS privacy policy, or
- Add an SMS section to your existing privacy policy page.
What’s the difference between terms and conditions and a privacy policy?
Your terms and conditions outline the rules for using your website, while your privacy policy discloses how you collect, store, and distribute user data. In short, terms and conditions protect your rights while privacy policy protects user rights.
SMS privacy policy requirements
It is not possible to provide a blanket list or template for privacy policies, as these are highly specific to your business. According to Twilio and Constant Contact, your SMS privacy policy must:
- Provide an accurate description of the SMS service, including when and what type of messages users will receive.
- List the kind of personal information you're collecting (name, email address, phone numbers etc).
- List the methods you use to collect personal data (a form, cookies, etc).
- Explain how you're using the personal data you collect (sending emails or text messaging, etc).
- Explain how you store, maintain, and safeguard the personal information you're collecting.
- Explain if, how and why you share personal data with third parties.
- Provide a method for correcting, verifying, changing, or removing personal information.
But again, the full list may include other components for your specific business, so please consult your legal representative.
SMS privacy policy template
Again, only your legal counsel can lay out for you a fully compliant privacy policy. For a starting point, we recommend using Constant Contact’s privacy policy template.
Important notes from Constant Contact:
- You must customize this template according to your actual data collection, usage, and disclosure practices. Review each section carefully and add/remove information as necessary.
- Be sure to fill in the yellow/highlighted sections with your own information, and remove all brackets and drafting notes before publishing.
Constant Contact disclaimer: THIS SAMPLE PRIVACY POLICY IS NOT LEGAL ADVICE AND IS FOR INFORMATIONAL PURPOSES ONLY. This sample privacy policy may not meet all the legal requirements applicable to you. For example, if you are subject to privacy legislation such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), or similar privacy legislation, you may be required to provide additional disclosures and rights to your users. Privacy legislation is also continuously evolving and you should review your privacy policy and privacy obligations regularly. Additionally, a privacy policy that does not accurately or adequately disclose your practices can expose you to legal risks. We recommend consulting with your legal counsel before adopting this privacy policy.
Additional FAQs
How do I edit my website?
This varies depending on your website platform as well as whether you outsourced your website creation. If you rely on a third party to edit your website, you can use this template to reach out to them:
Hi [name],
Due to new text messaging rules and regulations, we need to make changes to our forms, terms and conditions page, and privacy policy page as soon as possible. Could we set up a meeting to discuss the changes needed?
Thank you!
[name]
What happens if my campaign is rejected?
If your 10DLC registration is rejected due to missing opt-in requirements, we’ll notify you. Once the fixes are made, we will resubmit your application for 10DLC registration. Registrations are currently taking about eight days to complete.
Please note that as of July 6, 2023, texts from unregistered 10DLC numbers are being restricted and/or blocked by mobile carriers. Starting August 31, 2023 they will be blocked altogether. So it’s important to get your registration approved as soon as possible.
What happens if I don’t comply?
In addition to having your 10DLC registration rejected and not being able to run text campaigns, there may be legal repercussions as the TCPA is federal law. Here are three key reasons you need to take express written consent seriously:
- Financial losses: If you violate the TCPA, you could face fines for each violating text. In addition, blocked or restricted campaigns can result in missed opportunities and/or poor experiences with customers, which impact your retention and revenue.
- Customer loss: Violating the TCPA can also result in losing access to mobile networks and therefore the customers that use them.
- Reputation risks: Not following these rules can upset customers which can result in negative press, especially through review sites.
We know that this is a lot of change at once, and that it’s nothing short of a hassle. But at the end of the day, these rules and guidelines are in place to keep texting a win-win for both consumers and businesses. It's also our responsibility as your Campaign Service Provider to make sure your campaigns run as smoothly as possible—and that requires compliance!
Hopefully, this article has provided you with everything you need to make the necessary changes. If you have any other questions, do not hesitate to reach out to your account rep and we’ll be happy to help you.
Additional resources
- From the FCC (Federal Communications Commission)
-
- The TCPA privacy section that documents the company identifier requirement (which can be found via the FDIC's Consumer Compliance Examination Manual).
- 2015 Omnibus Declaratory Ruling and Order that text messages are subject to the same TCPA restrictions as phone calls.
- FCC Fact Sheet
- FCC TCPA Summary
-
- From the CTIA (Cellular Telecommunications and Internet Association)
- From Hatch
- From The Campaign Registry (the third party that registers 10DLC numbers)