Skip to main content
All Collections10DLC
10DLC requirements for gathering opt-in consent
10DLC requirements for gathering opt-in consent
Updated over a week ago

When registering your brand for a 10DLC (10-digit long code) campaign, it is essential to provide proof of how you’ll gather opt-in consent from your customers. This ensures that you’ll get permission from your contacts or SMS subscribers before sending them any messages through your 10DLC number. Providing details of your method for gathering opt-in consent, also known as a “call-to-action”, is critical for getting your 10DLC registration approved by The Campaign Registry and SMS Providers.

Opt-in consent methods

Some common examples of opt-in consent methods, or CTAs, include:

  • Web forms opt-ins: Businesses can add a checkbox and additional information on their website's contact or subscription form to obtain SMS opt-in consent from customers.

  • Mobile opt-ins: Customers can text a keyword to a specific number to subscribe to SMS and provide their consent.

  • Point-of-sale opt-ins: Customers can sign up and opt-in to receive texts at a point of sale (POS) or another on-site location of the message sender.

  • Paper form opt-ins: Customers can provide opt-in consent to receive SMS by completing a paper form.

  • Phone call opt-ins: Customers can opt-in over the phone using interactive voice response (IVR) technology.

Web form opt-ins

If you’re gathering opt-in consent using an online form, your web form must meet all of the following requirements:

  1. Program name and/or description of the messages that will be sent.

  2. Fee disclosure (e.g. "Message and data rates may apply").

  3. Service delivery frequency or recurring messages disclosure (e.g. "Message frequency varies" or “You will receive up to 6 SMS or MMS messages per month”).

  4. Opt out instructions (e.g. "Text STOP to cancel").

  5. Customer care contact information.

  6. Link to a Privacy Policy on your website that describes how opt-in information will be used (see Privacy Policy Requirements section below).

  7. Link to the Terms of Service on your website describing your terms of service.

  8. A checkbox option that customers must select to opt-in to SMS messaging. The checkbox cannot be pre-selected.

Tip: Disclosures, links to privacy policies and terms of service, and opt-out information should be listed clearly within your web form, and should not be hidden or obscured in any way.

Example of a web opt-in form:

Within your 10DLC registration, you’ll need to provide a description of your web form opt-in method that contains the link to the web form. Here’s an example description of a web form opt-in method:

  • Example Corporation: Customers opt-in by visiting www.examplecorp.com/contactus and adding their phone number in to our web form. They then check a box agreeing to receive text messages from the example brand. Message frequency, opt out instructions, terms of service, and privacy policy are visible and linked in the web form. Instructions about how to opt out are sent in the first text message and on a rolling basis.

Mobile opt-ins

Mobile opt-ins involve having users text a keyword to a 10DLC number to opt-in to receive messages from your business. For example, a business may ask customers to text “JOIN” to their number in order to opt-in for future promotions.

Within your 10DLC registration, you’ll need to provide a description of your web form opt-in method that contains the link to the web form. Here’s an example description of a text-to-join opt-in method:

  • On arriving at Example Corporation locations, customers can find printed signage that asks them to text “START” to our phone number: (720) 894-0676. Message frequency and opt-out instructions are visible on the signage: <link to image>. Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe and HELP for assistance.

Tip: Providing links to your Privacy Policy and Terms of Service can help reviewers verify that those are included on your website and are compliant with CTIA guidelines.

Privacy policy requirements

Important Note: If there is no privacy policy present, or if the privacy policy is non-compliant at the time of your 10DLC registration submission, it could result in significant delays to your approval process.

Per CTIA guidelines (section 5.2.1), all message senders are to maintain a privacy policy that is clearly displayed and easily accessible by the consumer. If your opt-in consent method is a web form, you will also need to ensure your privacy policy is clearly linked on your web form as listed in the ‘Web Form Opt-ins’ section above.

Privacy policies should state that consumer information is not being sold to or shared with third-parties without consent, except when legally required to do so. If a privacy policy is non-compliant, it is generally due to the sharing of consumer information with third-parties for marketing purposes. As an example, here is how Bandwidth states this key point within their privacy policy:

"Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."

For specific guidance on your company’s privacy policy, we recommend consulting with your legal team. If your company needs assistance creating a privacy policy, we recommend using an online privacy policy generator such as the ones below to get you started.

Conclusion

Regardless of which method you choose to obtain opt-in consent, there are certain guidelines that must be followed in order to remain compliant with the CTIA regulations. Here are some key points to keep in mind when gathering opt-in consent:

  • Maintain a privacy policy that is clearly and easily accessible by consumers

  • Clearly state the purpose of collecting mobile numbers and obtaining opt-in consent

  • Ensure that opt-in consent is voluntary and conspicuous

Remember, transparency is key when it comes to gathering opt-in consent. Make sure to clearly communicate with your customers about what they are consenting to, how you’ll use their personal information, and how they can opt out of receiving texts from your business.

Can't find the answer you're looking for? Submit feedback and let us know!

Did this answer your question?