Privacy Policy (SMS)

The information in this article does not constitute legal advice. Every company has different policies, business needs, and compliance risks. We recommend seeking specific legal advice before adopting any of the compliance practices listed below.

For 10DLC approval, all businesses are required to have a easily accessible, compliant privacy policy.

Beginning Nov 6, 2024, carriers are requiring your privacy policy include a disclaimer that no mobile opt-in will be shared with third parties for marketing purposes.

Here is an example you can include in your Privacy Policy's Use or Sharing section:

Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with or obtained from any third parties.

What is a Privacy Policy?

A privacy policy is a document that explains how an organization collects, uses, discloses, and manages customer or client data. 

According to the CTIA Guidelines, message senders must have an easily accessible privacy policy.

  • Your privacy policy should be mentioned in the call-to-action when submitting a campaign for vetting.
  • If you lack a privacy policy or if your privacy policy is not compliant, your campaign will be rejected.

Requirements

It is not feasible to offer a one-size-fits-all list or template for an privacy policy, as these need to be tailored to your specific business and processes. However, here are some guidelines:

Every privacy policy should include specific clauses that explain:

  • The types of data you collect
  • How you collect the data
  • How you use the data
  • How you store the data
  • The rights and choices consumers have
  • Whether you share or sell data to third parties

Keep in mind, the complete list for your business might include additional components, so please consult your legal representative.

Related to