The information in this article does not constitute legal advice. Every company has different policies, business needs, and compliance risks. We recommend seeking specific legal advice before adopting any of the compliance practices listed below.

Requirements

For 10DLC approval, all businesses are required to have a easily accessible, compliant privacy policy.

• Privacy Policy must exist and be publicly available in a conspicuous way
• The policy must include a clause indicating that consent will not be shared
• The policy must include information on how to opt-out of messaging

Example of Compliant Clause

Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. Any other mentions in this policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. If you wish to be removed from receiving future communications, you can opt out by texting STOP.

What is a Privacy Policy?

A privacy policy is a document that explains how an organization collects, uses, discloses, and manages customer or client data. 

According to the CTIA Guidelines, message senders must have an easily accessible privacy policy.

• Your privacy policy should be mentioned in the call-to-action when submitting a campaign for vetting.
• If you lack a privacy policy or if your privacy policy is not compliant, your campaign will be rejected.

Requirements

It is not feasible to offer a one-size-fits-all list or template for an privacy policy, as these need to be tailored to your specific business and processes. However, here are some guidelines:

Every privacy policy should include specific clauses that explain:

• The types of data you collect
• How you collect the data
• How you use the data
• How you store the data
• The rights and choices consumers have
• Whether you share or sell data to third parties

Keep in mind, the complete list for your business might include additional components, so please consult your legal representative.