Skip to main content

SMS Privacy Policy Requirements

To get approved for A2P 10DLC (local) and to pass toll-free verification, carriers require a public, compliant SMS privacy policy. Use this guide (plus our downloadable template) to publish yours and keep your messages deliverable.

Privacy Policy Resources (Getting Started)

Download: MessageDesk SMS Privacy Policy Template (PDF) **Free Tool: **AI-Powered Privacy Policy Checker

What Your SMS Privacy Policy Must Include

  • Data collected: What you collect (e.g., name, mobile number) and how (web forms, keywords, in-store signups).
  • Data usage: Why you send texts (reminders, order updates, service notices, promotions).
  • Consent & opt-in: The explicit opt-in method (checkbox text, keyword, form language, written/verbal consent).
  • Opt-out mechanism: Clear instructions like “Reply STOP to opt out.” Include this in your policy and sample messages.
  • Third-party sharing: State you don’t sell or share SMS data with third parties for marketing. If you use an SMS provider, say it’s only to deliver messages.
  • Security: High-level measures (encryption, access controls).
  • Retention & deletion: How long you retain data and how users can request deletion.
  • Support contact: Email and/or phone for privacy inquiries.
Tip: For promotional messaging, get express written consent. A double opt-in (user enters number → confirm SMS → user replies YES) is strongly recommended.
  • Add the policy to your website and link it in the global footer.
  • Link it anywhere you collect phone numbers:
    • Opt-in forms and checkouts
    • Chatbot flows
    • Landing pages and popups
    • Paper or in-store signups (QR/link)
Tip: Already have a general privacy policy? Add a dedicated SMS section covering all points above.

Copy-and-Adapt Privacy Policy Template (Starter Language)

Privacy Policy
Last updated: [Month Day, Year] This Privacy Policy describes how [Your Business/Organization] collects, uses, and discloses information when you subscribe to our SMS messages. Data Collection. We collect your name and mobile number when you sign up (e.g., via our website form, in-store signup, or by texting a keyword). Use of Data. We use this information to send service updates (e.g., appointment reminders, order notices) and occasional promotions related to our services. Security. We use encryption and access controls to protect your information. No method of transmission or storage is 100% secure, but we use commercially acceptable means to safeguard your data. Retention. We retain your information while you remain subscribed and as required by law. You may request deletion at any time. Opt-Out. Reply STOP to unsubscribe. We process opt-out requests promptly. No Selling/Sharing. We do not sell or share your SMS data with third parties for marketing. We may share data with our SMS provider solely to deliver messages. Contact. For privacy questions or data requests, contact us at [email] or [phone].
SMS Terms & Conditions (add to the same page or link to a separate T&Cs page)
  1. [Your Business/Organization]
  2. Message types you send (e.g., appointment reminders, customer service, special promotions)
  3. To cancel, reply STOP. We’ll confirm your unsubscribe via SMS.
  4. For help, reply HELP or contact [support email or toll-free number].
  5. Carriers aren’t liable for delayed or undelivered messages.
  6. Message and data rates may apply; message frequency varies.
  7. For privacy inquiries, see our privacy policy at [policy URL].
Important: Replace all placeholders (business name, contact info, message types, URL, dates). Template language is a starting point—you must tailor it to your business and actual use case.

Carrier Registration Checklist (Pre-Submission)

  • ✅ Business details match registration (legal name, EIN, address).
  • ✅ Website is live and matches your brand/legal name.
  • Opt-out (“Reply STOP…”) appears in your policy and all sample messages.
  • ✅ Message examples reflect your real messaging use case.
  • ✅ Opt-in method is documented and visible where numbers are collected.
  • ✅ Clear no-sharing clause for third-party marketing.

Common Causes of Rejection (+ Fixes)

  • ❌ Missing opt-out → Add “Reply STOP to opt out” to policy and samples.
  • ❌ No visible policy → Publish and link from footer + all opt-in points.
  • ❌ Vague purpose → Specify use cases (reminders, order updates, etc.).
  • ❌ Website mismatch → Ensure site shows the same legal name and address.
  • ❌ New EIN (less than 30 days) → Wait until records propagate, then resubmit.

Frequently Asked Privacy Policy Questions

Do I need a separate policy just for SMS?
Not required. You can add an SMS section to your existing privacy policy that covers opt-in, opt-out, usage, sharing, retention, and contact. Is double opt-in mandatory?
No, but it’s recommended for promotional messaging and improves compliance evidence. Does this apply to toll-free numbers?
Yes. Toll-free verification is separate, but the same privacy expectations apply.

Final Compliance Checklist (Before You Submit)

  • ✅ Publish/update your SMS privacy policy (with SMS Terms & Conditions).
  • ✅ Link it in your footer and on all opt-in forms.
  • ✅ Include consent flow and STOP keywords in sample messages.
  • ✅ Submit with accurate business info that matches public records.