Your Terms of Service and Privacy Policy are essential for achieving 10DLC compliance. Here's what you need to know to comply with SMS marketing regulations and safeguard your business.

Understanding SMS 10DLC Compliance

SMS on 10DLC (10-digit long code) refers to sending Application-to-Person (A2P) text messages over a standard 10-digit phone number—similar to the ones businesses and organizations use for local calls in the United States. Although traditional 10-digit numbers were initially designed for Person-to-Person (P2P) messaging, 10DLC is a newer solution specifically approved and managed by U.S. mobile carriers to handle higher-volume, business-oriented SMS.

Any organization intending to use SMS on 10DLC to communicate with customers or employees must register. This requirement applies to organizations that engage in mass texting as well as those that send individual messages, even when they are not for marketing purposes.  

One of the most essential requirements is transparent SMS Terms and Conditions and Privacy Policies. Companies must draft these documents to inform recipients how their consent is acquired and managed. This includes essentials such as how individuals can opt out of receiving messages if they choose to.

This article provides a comprehensive overview of the essential clauses and provisions that should be included in your SMS Terms and Conditions and Privacy Policy, ensuring your business complies fully with 10DLC regulations.  

What does 10DLC Compliance Mean?

10DLC compliance refers to the regulations and guidelines established for organizations using 10-digit phone numbers (10DLC) to send SMS messages to their customers or employees in the United States. This compliance framework ensures that organizations using 10DLC numbers for messaging adhere to carrier and industry standards.

Core Elements of 10DLC Compliance

• Registration and approval: Businesses must register their brand and campaigns with The Campaign Registry (TCR) for approval, offering information on content and purpose.
  
  
• Opt-in/opt-out compliance: Users must explicitly opt in to receive messages, and businesses must provide an easy opt-out mechanism.
  
  
• Content and volume guidelines: Messages must adhere to content guidelines, avoid prohibited topics, and respect throughput and volume limits set by carriers.
  
  
• Data security and transparency: Businesses must protect user data and clearly identify themselves and the message’s purpose to recipients.
  
  
• Carrier compliance and fees: Businesses must adhere to carrier-specific policies, monitor message delivery, and pay associated registration and usage fees.
  
  

These compliance requirements are designed to enhance the reliability and security of messaging services and protect consumers from unwanted messages.

Why Compliance With 10DLC Matters

If TCR flags your business as non-compliant with 10DLC standards, carriers will suspend your text messaging capabilities. This problem typically arises when an SMS campaign is not correctly registered.

As of September 1st, 2023, any SMS traffic originating from unregistered 10DLC numbers in the U.S. will be blocked.

Beyond registration issues, organizations can also violate 10DLC regulations by sending spam or phishing content. Non-compliance carries serious consequences: carriers and regulatory bodies may levy fines ranging from $500 to $10,000 or more, depending on the severity of the offense.

Building trust and transparency through A2P 10DLC compliance is vital to any SMS marketing effort. This starts with well-defined Terms of Service and Privacy Policies.

Understanding the Difference: Terms & Conditions vs Privacy Policy  

Users interacting with a website or app often encounter two crucial legal documents: the Terms and Conditions (T&Cs) and the Privacy Policy. While both are essential for protecting the user and the service provider, they serve different purposes and contain distinct information.  

What are Terms & Conditions?  

The Terms of Service outline users' rules and guidelines for agreeing to use a service. This document might include user responsibilities, acceptable use policies, dispute resolution procedures, and liability disclaimers. By agreeing to the Terms, users acknowledge that they understand and accept these terms before using the service.  

What is a Privacy Policy?  

In contrast, the Privacy Policy explains how a service collects, uses, and protects users' personal information. It typically includes information about data collection practices, user rights regarding their data, how data may be shared, and security measures to protect user information.  

Key Differences  

Purpose: Terms & Conditions govern the terms of use, while the Privacy Policy governs the user’s data and privacy.  3

Content Focus: T&Cs focus on user conduct, legal responsibilities, and liabilities; Privacy Policies focus on data-handling practices.  

Consent: Users usually agree to the ToS upon signing up, while the Privacy Policy informs users of their rights and protections regarding data.  

Below is a comparative table outlining key differences between Terms & Conditions and a Privacy Policy in the context of SMS or other digital services:

The SMS Terms and Conditions primarily serve as a contract that outlines the usage rules and defines the relationship between an organization and its SMS campaign users.

The SMS Privacy Policy is a legal disclosure that focuses on how an organization handles user data and the reasons behind it, often governed by privacy laws and regulations.

Essential Elements of 10DLC Compliant SMS Terms and Conditions

Incorporating specific key clauses into your Terms of Service is essential to ensure compliance with A2P 10DLC. Below, you'll find important information along with helpful examples.

Scope of Service

Clarify the purpose of your text alerts, such as emergency notifications, program updates, and appointment reminders.
What to include:

• A clear statement on what your SMS service covers (e.g., emergency notifications, appointment reminders, program updates).
• Any relevant limitations (e.g., only available in certain regions, subject to network availability).

Why it matters:

• Sets user expectations up front.
• Helps avoid confusion about the types of messages subscribers will receive.

Scope of Services Template:
“[Organization] provides text message notifications for [emergency alerts, program updates, or relevant services]. These messages may include important reminders, announcements, and other information about our services. By subscribing to our SMS service, you acknowledge and agree that message content is for informational purposes only.”

Opt-In Requirements

Describe how users can join your SMS list (e.g., web form, keyword-based enrollment, paper form, verbal consent).
What to include:

• How users join the SMS list (web form, keyword, etc.).
• Statement of consent to Terms & Conditions and Privacy Policy.

Why it matters:

• Demonstrates compliance with TCPA and carrier requirements for explicit consent.
• Prevents potential spam or unauthorized usage claims.

Opt-In Requirements Template:
“By using [Organization]’s services, including signing up for text message communications, you expressly consent to collecting and using your personal information as described in our Privacy Policy. You acknowledge that you have read, understood, and agree to our Terms of Service and Privacy Policy.

You further consent to receive transactional and promotional messages from [Organization]. You may opt out of promotional messages at any time by following the opt-out instructions in the message. Continuing to use our services confirms your ongoing consent to these terms.”

Message Frequency

Indicate the frequency with which constituents can expect to receive messages. This may vary based on events or subscription preferences.
What to include:

• Approximate number of messages per week or month.
• Note that frequency may vary based on events or subscription preferences.

Why it matters:

• Sets realistic expectations to reduce opt-outs or complaints.
• Meets carrier best-practice guidelines for transparency.

Message Frequency Template:
“[Organization] will send an estimated [1-4] messages per month. Frequency may vary depending on program updates or special events. By opting in, you acknowledge and accept that the number of messages may increase temporarily for time-sensitive alerts.”

Costs & Charges

State that standard message and data rates may apply, depending on the user’s mobile plan.
What to include:

• Standard “Message & Data Rates May Apply” disclaimer.
• Mention potential carrier fees, if any.

Why it matters:

• Meets carrier and regulatory disclosure requirements.
• Protects against billing disputes or misunderstandings.

Costs & Charges Template:
“Message and data rates may apply according to your wireless plan. [Organization] is not responsible for any fees your mobile carrier charges. Please consult your mobile service provider for more information about standard SMS charges.”

Opt-Out Methods

Emphasize that replying “STOP” immediately unsubscribes the user. Consider offering an alternative contact method (email or phone) to remove them from the list.
What to include:

• Clear instructions to stop receiving messages (text “STOP”).
• Alternative opt-out or contact method (e.g., email, phone).
• Processing timelines for opt-out requests

Why it matters:

• Ensures adherence to regulations requiring easy opt-out options
• Reduces user frustration and spam complaints.
• Prevents complaints and minimizes the risk of being flagged as spam

Opt-Out Methods Template:
“You may opt out anytime by texting ‘STOP’ to [short code/long code]. This will immediately unsubscribe you from further promotional messages. For additional assistance or to opt out by email, contact us at [email address].”

Data Collection & Usage

Provide a high-level statement about collecting phone numbers or limited personal data. (Your SMS Privacy Policy will contain more details.)

What to include:

• High-level overview of collected data (e.g., phone number, name).
• Reference to your detailed Privacy Policy.
  
  

Why it matters:

• Demonstrates transparency in data handling.
• Complies with privacy laws and TCR requirements.
  
  

Data Collection & Usage Template:

“[Organization] collects only the information necessary to deliver our SMS updates, including your phone number and any additional data you voluntarily provide. This information is used solely for communicating relevant messages and is managed by our Privacy Policy, available at [Link].

[Organization] is committed to protecting the security of your personal information. We implement industry-standard security measures to safeguard your data against unauthorized access, use, or disclosure. However, it is also your responsibility to protect the confidentiality of your account information and any passwords associated with your use of our services.

You agree to notify [Organization] immediately of any unauthorized use of your account or any other security breach. [Organization] will not be liable for any loss or damage arising from your failure to protect your account or personal information adequately. By using our services, you acknowledge and accept that no data transmission over the Internet or mobile networks can be guaranteed 100% secure. Therefore, you use our services at your own risk.”

Service Availability

Note that message delivery can be affected by cellular network outages or technical issues outside your control.

What to include:

• Disclaimer that external factors (network outages, carrier limitations) may affect delivery.
• Optional: Time frames when service may be limited (e.g., planned maintenance).
  
  

Why it matters:

• Manages user expectations for potential delays or non-delivery.
• Reduces liability for issues beyond your control.
  
  

Service Availability Template:
“Delivery of text messages is subject to the availability of wireless and network services. [Organization] is not responsible for any delays or failures caused by service interruptions or transmission issues outside our control.”

Contact & Support

Include a “HELP” command or provide an email/phone number for users with questions or who need assistance.

What to include:

• “HELP” keyword response.
• Email or phone number for user questions or problems.
  
  

Why it matters:

• Improves user experience by offering immediate support.
• Many carriers/TCR require or strongly recommend a “HELP” command.
  
  

Contact & Support Template:

“For assistance, text ‘HELP’ and we will respond with, 'Help for [Organization/Program]: We send [type/frequency] alerts. Msg & Data rates may apply. Reply STOP to unsubscribe. Visit [shortlink] or call [phone number] for more help.’

You may also call us at [phone number] or email at [email address]. We strive to respond to all inquiries within [business timeframe].”

Liability and Disclaimer

Protect your organization with a statement clarifying your liability limits if messages are delayed or misdelivered.

What to include:

• Disclaimers regarding delivery failures
• Any disclaimers specific to your services or regulatory environment?
• Limitations on liability regarding message content
• User responsibilities for service usage
  
  

Why it matters:

• Protects you from specific legal claims if messages are delayed or misdelivered
• Establishes user acknowledgment of potential risks.
  
  

Disclaimer of Liability Template:

“[Organization] is not responsible for any losses or damages arising from delayed or undelivered messages, or the content of messages sent to users. Delivery of text messages is subject to effective transmission by your mobile carrier and is not guaranteed by [Organization].

By subscribing to our SMS services, you acknowledge and agree that [Organization] is not liable for any damages, losses, or injuries arising from or related to the use of, or failure to receive, any text messages. This includes, but is not limited to, delays, non-delivery, or technical issues. Your use of our SMS services is at your own risk, and we provide our services on an ‘as-is’ basis without any warranties, express or implied.”

Modifications

You reserve the right to update your Terms & Conditions. You can notify subscribers via SMS or a website announcement when changes are significant.

What to include:

• You have the right to update or change the T&Cs at any time.
• A notification method (e.g., SMS or website post) when changes are significant.
  
  

Why it matters:

• Ensures you can adapt to new regulations or business needs.
• Maintains transparency by informing users of significant updates.
  
  

Template Modifications:

“[Organization] reserves the right to update or modify these Terms & Conditions at any time. We will notify subscribers via a prominent notice on our website or SMS if significant changes are made. Following such updates, continued use of our SMS service indicates acceptance of the revised terms.”

Essential Elements of a 10DLC Compliant SMS Privacy Policy

Incorporating specific key clauses into your SMS Privacy Policy is essential to ensuring compliance with A2P 10DLC. Below, you'll find important information along with helpful examples.

Data Collection Details

Specify the data points you collect (e.g., phone numbers, names) and your collection methods (e.g., web forms, keyword-based opt-ins, phone calls).

What to include:

• A clear list of data points you collect (e.g., phone numbers, names).
• The specific methods of collection (keyword opt-ins, web forms, etc.).
  
  

Why it matters:

• Transparency: Subscribers want to know exactly what you’re collecting.
• Compliance: Helps meet regulatory requirements (TCPA, GDPR, etc.).
  
  

Example:
“We collect personal information from you when you interact with our services, including when you sign up or communicate with us through text messages. The types of information we collect may include your name, contact details, payment information, and any additional information you provide voluntarily.

We utilize this information to deliver, maintain, and improve our services, facilitate transactions, communicate with you, and meet regulatory requirements. Your data may be shared with reliable third-party service providers exclusively to conduct our business and uphold our commitments to you. We do not sell, rent, or share your personal information with third parties for marketing purposes without your explicit consent.

You can access, correct, or delete your personal information anytime. We are committed to handling your data securely and transparently.”

Consent and Opt-In Requirements

Explain how individuals consent to receive your SMS messages. This may include keyword-based enrollment (e.g., texting “JOIN”), web form submissions, or other explicit methods.

What to include:

• How users give explicit consent (keyword enrollment, web submission).
• Mention that by opting in, they agree to the policy terms.
  
  

Why it matters:

• Legal Protection: Explicit consent is crucial under TCPA and carrier rules.
• User Trust: Eliminates any confusion about how they subscribed.
  
  

Below are example snippets illustrating different opt-in methods under Section 2 (Consent and Opt-In Requirements). You can adapt these for your Privacy Policy to describe how subscribers can join your SMS program.

Single Opt-In
“By providing your phone number once (e.g., on an online form or by texting a keyword), you consent to receive SMS updates from [Organization]. No additional confirmation is required.”

Double Opt-In
“After signing up, we’ll send a confirmation text. Reply ‘YES’ to complete your subscription and start receiving messages.”

Website Form Opt-In
“You may enter your phone number on our online form and check a box indicating that you wish to receive text messages from [Organization]. Submitting the form confirms your consent.”

Paper Form Opt-In
“In an in-person setting, you can provide your phone number and signature on a physical form. This signed consent authorizes us to send SMS notifications to you.”

Verbal Opt-In
“If you consent verbally (e.g., during a phone call or in person), we record the date, time, and purpose of your consent for our records. Your consent indicates agreement to our SMS Terms & Conditions.”

Text-to-Join Opt-In
“Text ‘JOIN’ to [Short Code/Long Code] to subscribe to our SMS updates. By sending this keyword, you agree to receive text messages from [Organization].”

QR Code Opt-In
“Scanning our QR code takes you to a registration page where you can enter your phone number to subscribe. By submitting your number, you agree to receive SMS from [Organization].”

Check-Out Opt-In
“While completing your purchase, you may provide your mobile number and select a checkbox to receive SMS updates. By checking this box, you consent to future text messages from [Organization].”

Catch-All Opt-in Clause
You can adapt the catch-all example to your privacy policy to cover all opt-in methods.

 “We collect phone numbers and obtain consent through multiple methods, including (but not limited to) single opt-in, double opt-in, website form submissions, paper sign-up forms, verbal consent, texting a keyword to join, scanning a QR code that leads to a sign-up prompt, and providing a phone number during the check-out process. By opting in through any of these channels, you confirm that you have read, understood, and agreed to our Privacy Policy and Terms & Conditions, and expressly consent to receiving SMS messages from [Organization].”

Data Usage Statement

Clarify your intended use of the data, such as sending appointment reminders, alerts, promotional offers, or other notifications.

What to include:

• Outline why you use the collected data (reminders, alerts, promotions).
• Clarify any additional purposes (analytics, compliance, etc.).
  
  

Why it matters:

• User Expectations: Tells subscribers how you’ll use their info.
• Scope Control: Prevents misuse or assumption of other data uses.
  
  

Example:
“We use your phone number strictly to send service updates, appointment reminders, and occasional promotional offers tailored to your interests.”

Data Protection

Describe how you protect collected data, including encryption protocols, secure storage, and access controls. Ensure contacts that their information is safe from unauthorized access.

What to include:

• Note any encryption, secure servers, or restricted access protocols.
• Acknowledge that no system is 100% secure, but outline your safeguards.
  
  

Why it matters:

• Reassurance: Builds user confidence in your data handling
• Compliance: Laws like GDPR or HIPAA may require compliance, depending on your sector.
  
  

Example:
“[Organization] takes the security of your personal information very seriously. We utilize industry-standard security measures, including encryption and secure servers, to protect your data from unauthorized access, alteration, disclosure, or destruction. We consistently monitor our systems to ensure your information remains safe and secure, and we are dedicated to maintaining the highest levels of data protection to safeguard your privacy.”

Data Retention and Deletion

Specify the duration for retaining personal information and describe your method for securely deleting or anonymizing data when it is no longer necessary.

What to include:

• How long you store personal info.
• Methods for secure deletion or anonymization.
  
  

Why it matters:

• Legal Requirements: Certain regions mandate a maximum retention period.
• Privacy Respect: Shows that you don’t keep data longer than necessary.
  
  

Example:
“We retain your information as long as you remain subscribed to our SMS service. You may request the deletion of your data at any time by contacting us at [email/phone]. We will securely delete or anonymize your data within 30 days unless the law requires you to retain it.”

Opt-Out Options

Clearly describe the procedure for unsubscribing, usually by responding “STOP” (or other recognized keywords), and confirm that opting out will stop all future text messages unless the user re-subscribes.

What to include:

• Steps for opting out of data collection or messages
• Confirmation that opting out ends all SMS communication unless users re-subscribe.
• Contact information for opt-out assistance
  
  

Why it matters:

• User Control: Mandatory for compliance and good user experience.
• Reduced Complaints: Clear instructions minimize frustration.
  
  

Example:
“If you no longer wish to receive messages from us, you can opt-out of marketing messages from us at any time by replying with the word ‘STOP’ or ‘UNSUBSCRIBE’ to a message we send you,  Once we receive your request, we will promptly remove you from our messaging list, and you will no longer receive further text communications. ”

Non-Sharing Clause

The privacy policy of 10DLC explicitly states that user information will not be shared with third parties without consent, except for certain disclosed circumstances.

What to include:

• Statement of non-sharing without consent
• Exceptions for legal obligations or service providers
• Assurance against unauthorized data selling or sharing
  
  

Why it matters:

• User Control: Mandatory for compliance and good user experience.
• Reduced Complaints: Clear instructions minimize frustration.
  
  

Example:
“[Organization] is dedicated to upholding the highest privacy standards for all personal information collected through our text messaging services. We do not sell, rent, distribute, or trade your personal data to third parties without your explicit consent, except as legally required. Any information shared with third parties is solely to provide our services to you. We assure you that your data will never be shared with third parties for marketing purposes.”

By addressing these points, your SMS Privacy Policy remains distinct from a broader, general privacy policy. It clarifies how you handle data and consent exclusively for text messaging, meeting both carrier requirements and consumer expectations.

Make Compliance a Competitive Advantage with Platform28

Navigating the evolving landscape of SMS compliance doesn’t have to be overwhelming. With the right strategy and partner, you can stay ahead of regulatory adherence while delivering a better customer experience. Platform28 helps government agencies and enterprises implement AI-powered, secure, and compliant communication solutions that scale with demand. 

Contact us today to see how Platform28 can support your compliance goals and elevate your CX strategy.

Disclaimer: This document is meant for illustrative purposes only. Organizations should seek legal counsel to ensure compliance with relevant local, state, and federal laws and applicable records retention and privacy regulations.