Overview
As part of the 10DLC campaign registration process, mobile carriers require that your business maintain a publicly accessible Privacy Policy that specifically addresses your SMS messaging program. This is a mandatory requirement — campaigns submitted without a compliant privacy policy will be rejected by carriers.
Your privacy policy tells your customers what personal data you collect, how it is used, and crucially, confirms that their mobile number and personal information will not be sold or shared with third parties for marketing purposes.
This article provides boilerplate language and guidance you can use as a starting point. You should review this content with your legal counsel before publishing to ensure it accurately reflects your business practices and complies with applicable laws including TCPA, CCPA, and any other regulations relevant to your industry or region.
Required Elements
Your privacy policy must address all of the following as they relate to your SMS program.
1. What Data You Collect
Clearly state what personal information you collect from customers who opt in to your SMS program.
Boilerplate Example:
When you opt in to receive SMS messages from [Business Name], we collect your mobile phone number and any additional information you provide at the time of opt-in, such as your name and email address. We may also collect information about your interactions with our messages, such as delivery status and response data.
2. How the Data Is Used
Explain the specific purposes for which you use the data collected.
Boilerplate Example:
We use your mobile phone number solely to send you SMS messages related to [describe program, e.g. order updates, appointment reminders, promotional offers, customer support] that you have consented to receive. We do not use your mobile number for any purpose other than the SMS program you opted in to.
3. No Sharing with Third Parties for Marketing
This is one of the most critical elements for 10DLC compliance. Carriers specifically require confirmation that customer data will not be shared or sold for marketing purposes. This must be stated explicitly.
Boilerplate Example:
[Business Name] does not sell, rent, share, or disclose your mobile phone number or personal information to third parties or affiliates for their marketing or promotional purposes. Your information is used exclusively to operate our SMS messaging program as described in these terms.
4. Data Security
Describe the measures you take to protect customer data.
Boilerplate Example:
We take reasonable technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
5. Data Retention
State how long you retain customer data and what happens when a customer opts out.
Boilerplate Example:
We retain your mobile phone number and related opt-in data for as long as you are enrolled in our SMS program. If you opt out by replying STOP, your number will be removed from our active messaging list. We may retain a record of your opt-out request to ensure compliance with your preferences.
6. Customer Rights
Inform customers of their rights regarding their personal data.
Boilerplate Example:
You have the right to access, correct, or request deletion of your personal information held by [Business Name]. To exercise these rights or to ask questions about how your data is used, please contact us at [support email] or [support phone number].
7. Updates to the Privacy Policy
Boilerplate Example:
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website. Your continued participation in our SMS program following any update constitutes your acceptance of the revised policy.
Full Boilerplate Template
The following is a complete template you can copy, customize, and publish on your website. Replace all bracketed placeholders with your business-specific information.
[Business Name] SMS Privacy Policy
Last updated: [Date]
Introduction At [Business Name], we are committed to protecting your privacy. This policy explains how we collect, use, and safeguard the personal information you provide when you opt in to our SMS messaging program.
Information We Collect When you opt in to receive SMS messages from [Business Name], we collect your mobile phone number and any information provided at the time of opt-in, such as your name or email address. We may also collect data about your message interactions including delivery and response status.
How We Use Your Information Your mobile phone number is used solely to send you SMS messages you have consented to receive, including [describe: e.g. order confirmations, appointment reminders, promotional offers, account alerts]. We do not use your number for any other purpose.
No Sale or Sharing of Your Information [Business Name] does not sell, rent, share, or disclose your mobile phone number or any personal information to third parties or affiliates for marketing or promotional purposes. Your data is used exclusively to operate the SMS program you opted in to.
Data Security We implement reasonable technical and organizational safeguards to protect your personal information. While we strive to protect your data, no method of transmission or electronic storage is completely secure.
Data Retention and Opt-Out We retain your information for as long as you are enrolled in our SMS program. You may opt out at any time by replying STOP to any message. Upon opt-out, your number will be removed from our active messaging list. A record of your opt-out may be retained for compliance purposes.
Your Rights You have the right to access, update, or request deletion of your personal data. To exercise these rights, contact us at:
- Email: [support email address]
- Phone: [support phone number]
Changes to This Policy We reserve the right to update this Privacy Policy at any time. Changes will be posted to this page with an updated effective date. Continued participation in our SMS program following any update constitutes your acceptance of the revised policy.
Contact Us If you have questions about this Privacy Policy or how your data is handled, please contact:
[Business Name] [Business Address] [support email address] [support phone number]
Where to Publish This Page
Your Privacy Policy must be:
- Publicly accessible — no login required to view it
- Linked directly from your opt-in form or page — customers must be able to review it before consenting
- Linked in your 10DLC registration submission — you will provide the direct URL during registration
Common locations include a dedicated /privacy-policy page on your website or a clearly labeled section within your existing Privacy Policy page.
Important Notes
- The no-sharing clause is non-negotiable for 10DLC compliance. Carriers will reject campaigns where the privacy policy does not explicitly state that mobile data will not be shared with third parties for marketing purposes.
- Your privacy policy must reflect your actual data practices. Publishing a policy that does not match how you handle data creates legal and compliance risk.
- If you already have a Privacy Policy on your website, you can add an SMS-specific section rather than creating a separate page — as long as the required elements above are clearly addressed.
- We strongly recommend having your legal counsel review your final Privacy Policy before publishing.
Have questions about your 10DLC registration? Submit a support request and our team will be happy to help.
Comments
0 comments
Article is closed for comments.