Per Twilio’s Acceptable Use Policy, your company is required to comply with wireless carrier compliance rules, industry standards, and all applicable laws, in the use of any Twilio-provided short code. One key compliance requirement is ensuring that the recipients of your text messages (your recipients) have expressly consented or “opted-in” to receiving text messages as part of your campaign. There are several ways that your recipients can opt-in to receiving messages from you as part of your text messaging campaign. In each case, however, your campaign’s opt-in message flow must meet compliance standards set by the law, industry standards, and wireless carriers. The industry compliance standards for US short code opt-ins can be found in the CTIA Short Code Monitoring Handbook. As a courtesy, we’ve outlined them below.
Opt-In Mockup/Call-to-Action Requirements
The telecom providers are require that all short code applications be submitted with a mockup showing where users are being advertised the short code service. This can be a mockup of a website, signage, or, in the case of verbal opt-ins, a script. Twilio will be unable to submit your application to the carriers without a valid opt-in mockup. Here are the required elements in a short code mockup:
- Service description and name
- Example: Sign up to receive shipping notifications from Twilio!
- Fee disclosure
- Example: Message and data rates may apply (NOTE: In the US this verbiage is required verbatim, carriers will not approve mockups that include the word "standard" as this implies the existence of premium rate messaging, which is no longer allowed in the US.)
- Frequency
- Example: "One message per login", "Message frequency varies", "Three messages per delivery"
- Customer care contact information
- Example: "Reply HELP for help"
- Opt out instructions
- Example: "Reply STOP to opt out"
- Link to Mobile Terms of Service
- Link to Privacy Policy
Mockup FAQ
Does my website have to look exactly like my mockup?
No. However, your website must have all the required elements.
My users are opted-in either over the phone or in person. What do you need from me?
We need a script with the same details as what is listed above. For the Terms and Privacy Policy link, it is sufficient to use language along the lines of “You can find our mobile terms and privacy policy online at www.example.com.”
I have been assured by my lawyers that my proposed opt-in process is fully TCPA compliant, but it doesn’t seem to meet the requirements outlined above. What gives?
There are three levels of compliance when it comes to short codes, with TCPA only being the first. After that are CTIA requirements. While the above requirements are required by CTIA, there is no requirement to show a mockup during the application process. This requirement is a carrier policy. Carrier policies are often unpublished and are only known through interactions with the carriers during the application process.
I have an opt-in method that I think is compliant, but it does not seem to meet the requirements listed above. What should I do?
Please work with your Account Manager who can put you in touch with our Short Code specialists.
I’m not quite sure what my full opt-in process will look like or my website isn’t live yet. Is it possible to just give a description of the process and then update it later once my code goes live or is closer to going live?
Unfortunately, no. The mockup is a carrier requirement.
Additional Requirements
While these guidelines are based on industry standards, we recommend that your review the full set of standards outlined in the CTIA Short Code Monitoring Handbook. Additionally, you should expect that your short code campaign will be audited at some point by a carrier or industry organization. In our experience, U.S. short code campaigns are typically audited for compliance with the CTIA Short Code Monitoring Handbook, but please note that each carrier reserves the right to suspend short code service for any user at any time, so compliance with the above guidelines is not a guarantee against suspension of service by a carrier.
In addition to wireless carrier compliance standards, there may be compliance requirements under U.S. law, including the Telephone Consumers Protection Act of 1991 (TCPA) or the Healthcare Insurance Portability and Accountability Act (HIPAA), depending on the nature of your text messaging campaign. These requirements may include things such as ensuring that the consent you receive from your recipients is in writing or ensuring that use of your services is not conditioned upon consenting to receive your text messages, or both. The specific legal compliance requirements will depend on the details of your text message campaign, and you should consult with your legal counsel to ensure that your text messaging campaign complies with the wireless carriers standards, industry standards, and with the law applicable to your campaign.
Example Call to Action Mockups