4 Tips to Ensure your 10DLC Privacy Policy is Compliant

Ensure compliance with privacy laws for your 10DLC campaign with 4 key tips on crafting a comprehensive Privacy Policy. Learn how to protect consumer data and pass CTIA standards for SMS marketing.

This information does not constitute legal advice. Every company has different policies, business needs, and compliance risks. We recommend seeking specific legal advice before adopting any of the compliance practices listed below.


Message Senders are responsible for protecting the privacy of consumers information and must comply with all applicable privacy laws.  How the business manages this should be documented in the companies Privacy Policy.  

While your 10DLC campaign is being reviewed, it will be evaluated on a number of criteria, including your businesses Privacy Policy.  This guide will walk through the four key tips to ensure your Privacy Policy is compliant and approved for your 10DLC campaign review.


Privacy Policy Requirements

1. Making it Publicly Accessible 

For your 10DLC campaign review, your Privacy Policy should not only exist, but also should be publicly accessible from your business website.  The policy should be conspicuously placed within your Website footer. 

Within your 10LDC campaign submission, be sure to include a link to your Privacy Policy in your submission.  The reviewer will be looking for it. 



2. Privacy Policy Included in your consumer Opt-In

In addition to your Privacy Policy being part of your website, this policy must be mentioned as part of the invitation for users to sign up or opt-in when a messaging campaign is undergoing the approval process.

The policy should be place conspicuously within your opt-in form. 



3. Include All the Key Elements

Within your Privacy Policy itself, you want to ensure it includes all of the required information.  A 10DLC campaign’s privacy policy could be rejected if it is absent or if it fails to meet compliance standards.

Key items to include in your Privacy Policy include: 

Clear Identification of the Service Provider

Provide consumers with a clear understanding of who is collecting their information. The policy should clearly state the name of the company or service provider the consumer is consenting to receive messages from.  

Type of Collected Information

The policy must detail the types of personal information collected from users. This includes both information that users actively provide (such as name, phone number, and email address) and information automatically collected through technical means (like cookies, web beacons, or usage details).

Purpose of Data Collection

It is essential to specify why the data is being collected. Whether for marketing, customer service, transaction processing, or other purposes, transparency about the intent behind data collection is crucial.

Data Usage

The privacy policy should clearly explain how the collected information will be used. This includes detailing any processing, analysis, or sharing of data with third parties.

Consumer Consent

The policy must outline how consent is obtained from consumers for collecting their personal information. It should also explain how users can withdraw their consent at any time and the process for doing so.

Data Security

Details on how the collected data is protected should be included. This includes physical, administrative, and technical safeguards put in place to protect personal information from unauthorized access, disclosure, alteration, and destruction.

Data Retention

The privacy policy should specify the duration for which the data will be retained and the criteria used to determine this duration. It should also explain how and when the information is disposed of.

Rights of Consumers

The policy should clearly describe the rights of consumers regarding their personal information, including the right to access, correct, and delete their data. It should also provide information on how consumers can exercise these rights.

Policy Updates

A statement should be included on how and when the privacy policy may be updated. It should also detail how consumers will be informed of these updates.

Contact Information

Finally, the privacy policy should provide clear contact information for consumers to reach out with questions or concerns about their privacy and data usage.



4. Ensure you're Not Sharing Data

Your Privacy Policy must state that no mobile information will be shared with third parties or affiliates for marketing or other promotional purposes. You are permitted to share information with subcontractors related to the support services (e.g. customer service).

All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.



Try it out yourself

Start your 14 day free trial and Discover the power of SMS marketing to reach your audience well. Our unique integrations save you time and improve your customer experience and satisfaction.


Leave a Comment

Your email adress will not be published