California has stricter SMS marketing regulations than federal law requires. If you text customers in California, you need to follow both federal TCPA rules and California-specific requirements that add layers of consumer protection beyond what other states mandate.
Most business owners texting customers assume following federal law is sufficient. It's not, at least not for California customers. California's privacy laws, stricter consent standards, and aggressive enforcement mean businesses texting Californians face higher compliance requirements and bigger penalties for violations.
This guide covers what makes California different from federal SMS regulations, what specific requirements you must follow when texting California customers, and how to implement compliant SMS marketing that works in California's stricter legal environment.
Important disclaimer: This guide provides general information about California SMS marketing regulations, not legal advice. Consult with attorney familiar with telecommunications and privacy law for guidance on your specific situation.
You might be in Texas, Florida, or New York, but if you're texting customers in California, you need to follow California law. Jurisdiction follows the customer, not your business location.
California has roughly 40 million residents, about 12% of the US population. If you serve customers nationally, significant portion of your contact list likely includes California phone numbers. You can't just ignore California regulations because your business operates elsewhere.
California is also extremely aggressive about enforcement. The state has some of the strongest consumer protection laws in the country and actively prosecutes violations. Private lawsuits are common because California regulations often include statutory damages (fixed dollar amounts per violation) that make class action lawsuits profitable for plaintiff attorneys.
Federal TCPA violations carry $500-1,500 penalties per text. California laws stack on top of that. You could face TCPA penalties plus separate California state law penalties for the same violation. One improperly sent marketing text to California customer could trigger $2,000-3,000 in potential damages between federal and state claims.
The math gets scary fast. Send campaign to 500 California customers without proper consent, get sued, face $1-1.5 million in potential damages. Not theoretical risk. This happens to real businesses regularly.
Even if lawsuit odds feel low, California's regulations are strict enough that compliance makes business sense. Following California rules protects you everywhere, since California typically has strictest requirements. Build your SMS marketing to California standards and you're compliant nationally.
Federal TCPA sets baseline for SMS marketing nationwide. California adds multiple layers on top.
California Consumer Privacy Act (CCPA) gives California residents control over their personal information, including phone numbers used for SMS marketing.
Under CCPA, California customers have right to know what personal information you collect (including how you obtained their phone number), right to delete their personal information (including opting out of SMS communications), right to opt out of sale of their information, and right to non-discrimination for exercising privacy rights.
For SMS marketing, CCPA means you need to clearly disclose during opt-in process how you'll use phone number, provide easy mechanism for customers to request deletion of their information (beyond just opting out of messages), never sell or share California customer phone numbers without explicit consent, and maintain records of consent and deletion requests.
CCPA violations carry penalties up to $7,500 per intentional violation. For SMS context, this means sending messages after California customer requests deletion of their data could trigger CCPA penalties on top of TCPA penalties.
Federal TCPA requires "prior express written consent" for marketing texts. California law (specifically California Business and Professions Code Section 17529.5) adds requirements for electronic commercial messages.
California requires that consent must be affirmative action (no pre-checked boxes, no implied consent from business relationship), clear and conspicuous disclosure of what customer is consenting to, easy and obvious way to revoke consent at any time, and documentation proving consent was obtained and when.
California courts interpret consent requirements more strictly than federal standards. What passes federal TCPA scrutiny might still violate California law if consent wasn't sufficiently clear or prominent.
Practical implication: Consent language that works in other states might not be sufficient for California customers. California opt-in forms need extra clarity about exactly what customer is agreeing to receive.
California's "Shine the Light" law (Civil Code Section 1798.83) requires businesses to disclose what personal information they share with third parties for marketing purposes.
If you share California customer phone numbers with partners, affiliates, or marketing platforms, you must provide annual disclosure explaining what information you shared and with whom. This applies even if you're not "selling" data, just sharing it for business purposes.
For SMS marketing platforms, this means documenting which third parties have access to California customer phone numbers and providing disclosure to customers who request it.
While federal law restricts marketing texts before 8am and after 9pm, California courts have found that even these hours might be "unreasonable" depending on context. California emphasizes reasonableness and consumer expectations more than bright-line rules.
Safest approach for California customers: restrict marketing texts to 9am-8pm recipient's local time. More conservative than federal requirements but reduces California-specific risk.
California requires that commercial emails and texts clearly indicate they're advertisements. While similar to federal CAN-SPAM requirements for email, California applies this to SMS more strictly.
Marketing texts to California customers should clearly identify your business (not just in opt-out info) and clearly indicate message is promotional/marketing (if applicable). Transactional messages (appointment reminders, order confirmations) don't need "advertisement" labeling, but purely promotional texts do.
For detailed federal baseline requirements, review SMS marketing regulation guide covering TCPA compliance.
Use this checklist to verify your SMS marketing complies with California requirements for California customers.
Consent and opt-in:
[ ] Opt-in is affirmative action (customer checks box, texts keyword, verbally agrees and you document it)
[ ] Opt-in language clearly states customer will receive marketing texts (not buried in general "communications")
[ ] Opt-in language identifies your business by name
[ ] Opt-in language explains approximate message frequency
[ ] Opt-in language includes "message and data rates may apply"
[ ] Opt-in language includes opt-out instructions
[ ] Opt-in language states consent not required for purchase
[ ] You store timestamp and method of consent for every California customer
Message content:
[ ] Every marketing message clearly identifies your business
[ ] Promotional messages are clearly identifiable as advertisements
[ ] Every message includes clear opt-out instructions (STOP, UNSUBSCRIBE)
[ ] Messages sent only between 9am-8pm recipient's local time
[ ] No false or misleading content in messages
Opt-out and data handling:
[ ] Opt-outs processed immediately (within seconds, not hours)
[ ] System recognizes STOP, UNSUBSCRIBE, CANCEL, QUIT, END and variations
[ ] California customers can request deletion of their data easily
[ ] You maintain records of opt-out requests with timestamps
[ ] Phone numbers of California customers not shared with third parties without proper disclosure
[ ] You can provide disclosure of data sharing if California customer requests it
Documentation:
[ ] Records of consent method and timestamp for all California customers
[ ] Records of all opt-out requests from California customers
[ ] Documentation of any data sharing with third parties
[ ] Written SMS marketing policies and procedures
[ ] Staff training documentation on California compliance requirements
Platform requirements:
[ ] SMS platform automatically processes opt-outs
[ ] Platform prevents messages outside quiet hours
[ ] Platform provides audit trail of messages sent to California numbers
[ ] Platform can identify California customers for targeted compliance
Businesses using Sakari benefit from automatic opt-out processing, quiet hours enforcement, and comprehensive message logging that satisfies California documentation requirements. The platform handles technical compliance automatically while you focus on message strategy.
Understanding what triggers violations helps you avoid them.
Violation 1: Inadequate consent documentation
What it looks like: California customer claims they never opted in. You can't produce clear record of when and how they consented.
California penalty: Under CCPA, up to $2,500 per violation, up to $7,500 per intentional violation. Plus TCPA penalties of $500-1,500 per text sent.
How to avoid: Document everything. Store opt-in timestamp, method (web form, text-to-join, verbal with staff name), and IP address if applicable. If sued, you must prove consent existed.
Violation 2: Continuing to text after California customer requests data deletion
What it looks like: California customer exercises CCPA right to deletion. Requests you delete their phone number and all data. You process as simple opt-out but don't fully delete data. Continue texting them transactional messages because "they're still a customer."
California penalty: CCPA violation ($2,500-7,500) plus TCPA violation ($500-1,500) for each message sent after deletion request.
How to avoid: Treat CCPA deletion requests as complete removal from all communications, including transactional messages, unless customer maintains active service relationship requiring communication (like ongoing medical care).
Violation 3: Pre-checked consent boxes
What it looks like: Website form has SMS opt-in box pre-checked. California customer completes form. You text them marketing messages. They sue claiming they never meaningfully consented.
California penalty: Courts view pre-checked boxes as lack of affirmative consent. Each message could violate both TCPA and California consumer protection laws.
How to avoid: Never pre-check SMS consent boxes. Require affirmative action (customer must actively check box) for every California opt-in.
Violation 4: Sharing California customer data without proper disclosure
What it looks like: You share California customer phone numbers with marketing partner or sister company. California customer requests information about data sharing under Shine the Light law. You can't provide it or weren't aware of disclosure requirement.
California penalty: Shine the Light violations, plus potential CCPA penalties if sharing constitutes "sale" under California law.
How to avoid: Document all third parties who receive California customer data. Provide disclosure when requested. Better yet, minimize data sharing to only essential business purposes.
Violation 5: Ambiguous consent language
What it looks like: Consent form says customer agrees to "communications from [Business]." You interpret this as permission for marketing texts. California customer claims they thought it meant email only or service-related messages only.
California penalty: Courts strictly interpret consent in favor of consumer. Ambiguous language means no valid consent. Each text sent is violation.
How to avoid: Consent language must explicitly mention SMS, text messages, or similar clear terminology. "Communications" alone is insufficient under California standards.
Different business types face different California compliance challenges.
Healthcare providers: HIPAA compliance intersects with California privacy laws. Text messages to California patients must satisfy both HIPAA security requirements and California consent standards. Appointment reminders are generally okay without explicit marketing consent, but promotional messages (teeth whitening specials, cosmetic services) require full marketing consent.
Home services (HVAC, plumbing, electrical): Service confirmations and appointment reminders typically don't require marketing consent. But promotional texts (seasonal tune-up specials, discount offers) do. Many home service businesses blur this line, sending "reminder that it's time for seasonal maintenance" that's really promotional. California customers can challenge these messages as requiring marketing consent.
Real estate agents and brokers: California's "Do Not Call" regulations also affect SMS. Real estate communications to California consumers face additional restrictions. Safest approach: obtain explicit SMS consent before any marketing texts, even to existing clients.
Retail and e-commerce: Order confirmations and shipping updates are transactional (don't require marketing consent). But promotional offers and discount codes do. Cart abandonment texts are gray area in California. Conservative approach treats them as promotional requiring consent.
For industry-specific implementation strategies, explore SMS marketing automation approaches that maintain California compliance.
Get compliant with California regulations systematically.
Week 1: Audit current practices
Review how you currently collect SMS consent. Does language explicitly mention text messages? Is consent affirmative action? Do you document timestamp and method?
Identify California customers in database (area codes, addresses, or customer-provided location data).
Check whether any California customers in system lack proper consent documentation.
Week 2: Update consent processes
Revise website forms, intake documents, and verbal consent scripts to meet California standards.
Add explicit "text messages" or "SMS" language to all consent forms.
Ensure no pre-checked boxes.
Add CCPA-compliant disclosure about how phone numbers will be used and shared.
Implement system for documenting consent timestamp and method.
Week 3: Clean existing California customer list
Identify California customers without documented consent.
Send re-consent campaign: "Hi [Name], we're updating our systems. Want to keep getting texts from us? Reply YES to opt in. You can opt out anytime by replying STOP."
Remove California customers who don't re-consent from marketing lists (can keep for transactional messages if legitimate business relationship exists).
Week 4: Implement ongoing compliance
Configure SMS platform to flag California customers for special handling if needed.
Set quiet hours to 9am-8pm for California recipients.
Train staff on California consent requirements and data deletion requests.
Create process for handling CCPA data deletion requests.
Document all procedures for legal defensibility.
Most businesses achieve California compliance within 30 days of focused effort. Ongoing compliance is simpler once proper systems are in place. Platforms like Sakari automate technical compliance (opt-outs, quiet hours, logging) while you handle consent and documentation processes.
Your SMS platform should make California compliance easier, not harder.
Required platform features for California compliance:
Automatic opt-out processing (immediate, recognizing all common keywords)
Quiet hours enforcement configurable by recipient timezone
Message logging with timestamps for audit trail
Ability to tag or segment California customers
Webhook support for data deletion requests
Comprehensive consent documentation storage
API access for custom compliance workflows if needed
Sakari provides all these features as standard platform capabilities. California customers can be segmented for special handling, quiet hours enforce 9am-8pm restrictions automatically, and all messages are logged with timestamps for compliance documentation. The platform's automatic opt-out processing satisfies California's immediate opt-out requirements.
For businesses using CRM systems, HubSpot SMS integration maintains California compliance while syncing customer data and consent records between systems.
Ready to implement California-compliant SMS marketing that protects your business while effectively reaching California customers? Start your free trial with Sakari and access compliance features designed for California's stricter regulations.