Getting Compliant for A2P 10DLC


If you're new to the world of A2P 10DLC compliance, please review our original article's What is A2P 10DLC? section, then come back here for next steps.


Background

Since we first learned about A2P 10DLC rules, we at CATS/Top Echelon have been doing our best to help our customers get registered to continue sending text messages. During that time, A2P 10DLC has proven to be a shifting landscape of new and more stringent requirements.

What was once a simple process of establishing your company's legal identity for mobile carriers like Verizon and AT&T, and briefly describing your use-case for text messaging, has become an intense review process of each company's website and privacy policy, in addition to the simple act of registering.

The 3rd parties who review Brand and Campaign submissions will also do a deep dive on each organization's website and Privacy Policy, and will reject a Campaign when the requirements described below are not met.

Before you can successfully register your organization for A2P 10DLC messaging, you must first make sure your organization's privacy policy and website are compliant with A2P 10DLC requirements.

Privacy Policy Compliance

Does my organization need a Privacy Policy?

In short, yes. If your organization does not yet have a Privacy Policy in place, you should get one ASAP. Not only is it a requirement for A2P 10DLC compliance and registration, it is also a best practice for any organization with an online presence.

How do I get a Privacy Policy?

Because a Privacy Policy is a legal document, and we at CATS/Top Echelon are not lawyers, we cannot make specific recommendations. Several of our customers have used online policy "generators" or other tools. Others have sought out the policies of other organizations like their own, on which to model their new policy. Some have gone the more traditional route of seeking legal counsel to establish their policy.

What makes a Privacy Policy compliant with A2P 10DLC requirements?

According to Bandwidth, who actually provides the texting services available in CATS/TE Recruit, a compliant Privacy Policy must include all of the following:

  1. An explanation that mobile information will not be shared with 3rd parties for purposes not described in the policy, and that mobile opt-in/consent data will not be shared with 3rd parties for any purpose

    1. Example language from Bandwidth:

      "Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."

  2. Explanation of how a recipient can opt out of receiving additional text messages from your organization

    1. Example language from Bandwidth:

      “If you wish to be removed from receiving future SMS communications, you can opt out by texting STOP, STOP ALL, QUIT, END, CANCEL, or UNSUBSCRIBE.”

    2. Ideally your policy should also provide alternative contact information where a recipient can request to opt out, usually a toll free phone number or email address.

Where should I put the Privacy Policy?

Once you have a compliant Privacy Policy, it should be displayed on a page on your website, usually something like https://myagency.com/privacy

You must also place a hyperlink to that page on every other page of your website, usually by adding it to your site's footer, header, and/or navigation menus.

Your Privacy Policy must be prominently displayed to all visitors to your site, especially on any pages where a visitor might provide their phone number on a job application or contact form.

Website Compliance

In addition to the Privacy Policy requirements described above, you will need to make sure the rest of your website is compliant with A2P 10DLC requirements. The most common missing piece is collecting consent to receive SMS messages.

In short, any form on your website where a visitor can provide a phone number must also include a consent disclosure and a call-to-action (CTA) for visitors to give or withdraw consent to receive text messages.

Compliant Consent/CTA

In order to be compliant with A2P 10DLC requirements, an SMS consent CTA must include all of the following elements:

  1. The name of the organization that will be sending messages
  2. The nature or content of messages recipients are consenting to
  3. "Fees" disclaimer - usually "Msg&data rates may apply."
  4. Message "frequency" disclaimer - since most messaging in CATS/TE Recruit is conversational and not auto-recurring, we use "Msg frequency varies."
  5. Opt-out and Help instructions - usually "Text STOP to opt-out or HELP for assistance."

So, a "typical" consent CTA for a CATS/Top Echelon customer might look like this:

Job Application Forms

We have automatically included a compliant CTA like the one above to your CATS Career Portal. Visit any of your jobs' "apply" pages to see it underneath the Phone field.


If you do not use the Career Portal, but you allow jobseekers to apply for jobs or express interest on your website, any such forms must also include a compliant CTA as above.

Contact Forms

Just as with your job application forms, any other form on your site where a visitor can submit a phone number must also feature a compliant CTA.

The CTA requirements are the same regardless of the form, but where a form is designed to collect information from clients/prospects, other visitors, or mixed audiences, you should make sure the CTA calls out the different "types" of messages a visitor is consenting to receive.

For example, if the form is clearly geared for recruiting clients/prospects, the CTA might state:

I consent to receiving text messages related to recruiting services from Acme Agency.

Msg&data rates may apply. Msg frequency varies. Text STOP to opt-out or HELP for assistance.

If the form is multi-purpose, a general "contact us" form, the CTA might state:

I consent to receiving text messages related to employment opportunities or recruiting services from Acme Agency.
Msg&data rates may apply. Msg frequency varies. Text STOP to opt-out or HELP for assistance.

In short, make sure the CTA specifies exactly what content a visitor is agreeing to receive from your organization.

A2P Registration

Once you are confident that your website and privacy policy meet all of the requirements above, you are ready to register your organization for A2P 10DLC messaging. Please see our A2P 10DLC Registration Help Article for next steps.

If you submit A2P 10DLC registration, and your Privacy Policy and/or website are not yet compliant, your Campaign will most likely be Rejected.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us