Skip to main content
All CollectionsPhone Numbers & RegistrationShort Code
Short code requirements for gathering opt-in consent
Short code requirements for gathering opt-in consent
Updated over a month ago

When registering your short code campaign, it is essential to provide proof of how your organization will gather opt-in consent from your customers. This ensures that you’ll get permission from your contacts or SMS subscribers before sending them any messages through your short code number. Providing details of your method for gathering opt-in consent, also known as a “call-to-action”, is critical for getting your short code registration approved.

Opt-in consent methods

Some common examples of opt-in consent methods, or CTAs, include:

  • Web forms opt-ins: Businesses can add a checkbox and additional information on their website's contact or subscription form to obtain SMS opt-in consent from customers.

  • Mobile opt-ins: Customers can text a keyword to a specific number to subscribe to SMS and provide their consent.

  • Point-of-sale opt-ins: Customers can sign up and opt-in to receive texts at a point of sale (POS) or another on-site location of the message sender.

  • Paper form opt-ins: Customers can provide opt-in consent to receive SMS by completing a paper form.

  • Phone call opt-ins: Customers can opt-in over the phone using interactive voice response (IVR) technology.

Opt-in requirements

Regardless of what opt-in method you choose, your opt-in must meet all of the following requirements:

  1. Program name and description of the messages that will be sent (e.g. “Sign up to receive product updates from TextUs!”).

  2. Fee disclosure (e.g. "Message and data rates may apply").

  3. Service delivery frequency or recurring messages disclosure (e.g. "Message frequency varies" or “You will receive up to 6 SMS or MMS messages per month”).

  4. Opt out instructions (e.g. "Text STOP to cancel").

  5. Customer care contact information (e.g. “Text HELP for support”).

  6. Link to a Privacy Policy on your website that describes how opt-in information will be used (see Privacy Policy Requirements section below).

  7. Link to the Terms of Service on your website describing your terms of service (see Terms of Service requirements section below).

Tip: Disclosures, links to privacy policies and terms of service, and opt-out information should be listed clearly within your chosen opt-in method, and should not be hidden or obscured in any way.

Mock-up of opt-in method

As part of your short code campaign registration, you are required to submit a mock-up or screenshot of your chosen opt-in method. The goal is to show carriers exactly what your opt-in process will look like and demonstrate that it complies with all requirements.

The format of this mock-up depends on what opt-in method you have selected. In most cases, your mock-up will be an image of what your customers will see during the opt-in process. For verbal opt-ins, you will instead need to upload the script that will be used during your opt-in process. All mockups must be uploaded in either .jpg, .png, or .pdf format.

Below are several examples of what your mockups can look like. The first example is for a web form opt-in, while the second is for a mobile opt-in. Notice that regardless of opt-in method, these mockups clearly show that all the requirements outlined in the section above are met.

Privacy policy requirements

Important Note: If there is no privacy policy present, or if the privacy policy is non-compliant at the time of your short code registration submission, it could result in significant delays to your approval process.

Per CTIA guidelines (section 5.2.1), all message senders are to maintain a privacy policy that is clearly displayed and easily accessible by the consumer. If your opt-in consent method is a web form, you will also need to ensure your privacy policy is clearly linked on your web form as listed in the ‘Web Form Opt-ins’ section above.

Privacy policies should state that consumer information is not being sold to or shared with third-parties without consent, except when legally required to do so. If a privacy policy is non-compliant, it is generally due to the sharing of consumer information with third-parties for marketing purposes. See below for an example of how to include this key statement in your privacy policy:

"Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."

For specific guidance on your company’s privacy policy, we recommend consulting with your legal team. If your company needs assistance creating a privacy policy, we recommend using an online privacy policy generator such as the ones below to get you started.

Terms of Service requirements

Brands using short codes must also have a publicly accessible mobile terms of service page for each short code program they offer. Your mobile terms of service must include the following information specific to your short code program:

  • Program name and description of the type of messages that will be sent.

  • Customer care contact information.

  • Detailed opt-out instructions, displayed in bold.

  • Product description.

  • Carrier liability disclaimer (e.g. “Carriers are not liable for delayed or undelivered messages”).

  • Service delivery frequency or recurring messages disclosure

  • Link to privacy policy.

  • Message and data rate disclaimer (e.g., “Data rates may apply).

Below is an example mobile terms of service template. Please note that this template covers the minimum carrier requirements, but other requirements may be needed depending on your particular program. We recommend that you consult with your legal team to confirm that your terms of service are compliant with all applicable laws and regulations before submitting your short code application.

[Program Name]

1. [A general description of messages users will receive when they opt-in].

2. You can opt-out of the SMS service at any time by texting "STOP" to [short code number, e.g. 55555]. After you send the SMS message "STOP", you will receive an SMS message confirming that you have been unsubscribed. After opting out, you will not receive any SMS messages from us. If you want to resubscribe and receive messages again, you can text “START” or “UNSTOP” to [short code number] at any time and you will be re-enrolled in the SMS service.

3. If you are experiencing any issues with the SMS service, you can text “HELP” to [short code number] for more assistance or get in touch with our support team at [contain information for customer support, e.g. [email protected]]. For any questions regarding privacy, please see our privacy policy: [link to privacy policy].

4. Carriers are not liable for undelivered or delayed messages. Message and data rates may apply for all messages you send and receive. You will receive [message frequency]. For questions regarding your text plan or data plan, please contact your wireless provider.

Conclusion

Regardless of which method you choose to obtain opt-in consent, there are certain guidelines that must be followed in order to remain compliant with the CTIA regulations. Here are some key points to keep in mind when gathering opt-in consent:

  • Maintain a Privacy Policy and Terms of Service that is clearly and easily accessible by consumers

  • Clearly state the purpose of collecting mobile numbers and obtaining opt-in consent

  • Ensure that opt-in consent is voluntary and conspicuous

Your opt-in mockup is a key part of your registration in order to clearly demonstrate that your use of short code meets all requirements and complies with all carrier regulations. Remember, transparency is key when it comes to gathering opt-in consent. Make sure to clearly communicate with your customers about what they are consenting to, how you’ll use their personal information, and how they can opt out of receiving texts from your business.

Did this answer your question?