How to create 10DLC-compliant Terms of Service and Privacy Policies

Share

10DLC, or 10-digit long code, is a phone number system that enables businesses to send application-to-person messages with improved throughput in the United States. Companies engaging in SMS marketing in this country must register their numbers with The Campaign Registry and comply with several key requirements. 

One such requirement is 10DLC-compliant Terms of Service and Privacy Policies that transparently inform recipients of how their consent is gained and managed, how they can opt out of messages, and more.

This article will guide you through the essential clauses and provisions to include in your Terms of Service and Privacy Policy to achieve 10DLC compliance effectively.  

What is 10DLC compliance?

10DLC compliance refers to the regulations and guidelines established for the use of 10-digit long code phone numbers (10DLC) in application-to-person (A2P) messaging in the United States. This compliance framework is designed to ensure that businesses using 10DLC numbers for messaging adhere to carrier and industry standards.

Here are the key elements of 10DLC compliance:

• Registration and approval: Businesses must register their brand and campaigns with The Campaign Registry for approval, offering information on content and purpose.
• Opt-in/opt-out compliance: Users must explicitly opt-in to receive messages, and businesses must provide an easy opt-out mechanism.
• Content and volume guidelines: Messages must adhere to content guidelines, avoid prohibited topics, and respect throughput and volume limits set by carriers.
• Data security and transparency: Businesses must protect user data and clearly identify themselves and the message’s purpose to recipients.
• Carrier compliance and fees: Businesses must adhere to carrier-specific policies, monitor message delivery, and pay associated registration and usage fees.

These A2P 10DLC compliance requirements are designed to enhance the reliability and security of messaging services and protect consumers from unwanted messages.

Why 10DLC compliance matters

If The Campaign Registry finds a company non-compliant with 10DLC standards, carriers will suspend its communications. This happens most often with numbers that haven’t been properly registered. 

In addition to having an unregistered number, companies can also breach 10DLC regulations through content violations, such as sending spam or phishing campaigns. Non-compliant organizations can face fines and penalties imposed by carriers or regulatory authorities, ranging from $500 to $10,000 or more, depending on the severity of the violation.

Establishing consumer trust and transparency through A2P 10DLC compliance is thus essential in SMS marketing. That’s where terms of service and privacy policies come into play. 

Terms of Service vs Privacy Policy

Terms of service (ToS), also known as terms of use (ToU) or terms and conditions (T&C), are agreements that outline the rules for using a service, specifying user responsibilities, intellectual property rights, liability limitations, and dispute resolution. They are legally binding contracts between the service provider and users.

Privacy policies describe how a company collects, uses, shares, and protects personal data. They cover data collection, usage, sharing, user rights, and protection measures.

We’ve created the table below to capture the fundamental differences in purpose, content, legal requirements, and user interaction between terms of service and privacy policies.

In a nutshell, while terms of service focus on service usage rules, privacy policies focus on data privacy. Both serve to protect businesses and inform users legally, but they differ in scope and approach.  

Key clauses for 10DLC-compliant Terms of Service

There are a few key clauses you need to include in your Terms of Service to achieve A2P 10DLC compliance. Here’s what you need to know about them, complete with useful examples.  

User consent

User consent is the explicit agreement consumers give to receive messages from a business. It guarantees that they’ve granted permission and understand the nature of the messages.

What to include

• Methods for obtaining consent (e.g., checkboxes, written agreements)
• The type of consent that is required (explicit or implied)
• The purpose for which consent is sought (e.g., promotional, informational)

Why it matters

• Complies with legal regulations like GDPR and CCPA
• Builds trust with users by respecting their preferences
• Reduces legal risk by documenting consent

Example

Here’s how we incorporated a 10DLC-compliant user consent clause in our Textmagic Terms of Service:

Below, you can also find a template that you can replicate for your own Terms of Service:

By using [Company]’s services, including signing up for text message communications, you expressly consent to collecting, using, and sharing your personal information as outlined in our Privacy Policy. You acknowledge that you have read, understood, and agree to our Terms of Service and Privacy Policy, including the terms related to data collection, communication, and security.

You further consent to receive text messages from [Company], including transactional and promotional messages. You may opt out of receiving promotional messages at any time by following the opt-out instructions provided in the messages. Your continued use of our services constitutes your ongoing consent to these terms.

Copy text

Opt-out procedures

Opt-out procedures are an essential part of 10DLC compliance. They allow consumers to stop receiving messages at any time and are vital for giving users control over their communication preferences.

What to include

• Instructions for opting out of messages
• Timeframe for processing opt-out requests
• Contact details for opt-out assistance

Why it matters

• Ensures compliance with regulations mandating easy opt-out options
• Enhances user satisfaction by providing control over communications
• Prevents complaints and reduces the risk of being flagged as spam

Example

The Textmagic Terms of Service contains the clause below that details opt-out procedures:

Feel free to use the template below in your Terms of Service:

You may choose to stop receiving promotional text messages from [Company] at any time. To opt out, simply reply to any text message you receive from us with the word ‘STOP’ or ‘UNSUBSCRIBE.’ Once we receive your opt-out request, we will promptly remove your number from our promotional messaging list. Please note that opting out of promotional messages will not affect your ability to receive important service-related communications.

Copy text

Create 10DLC compliant SMS campaigns

Send texts that customers trust: fully carrier-approved, high-delivery, and ready to scale with your business

Learn more

Message frequency and content

Message frequency and content outline how often and what type of messages users will receive. They set expectations and help prevent message fatigue by creating an easy-to-follow schedule.

What to include

• Expected message frequency (e.g. daily, weekly)
• Description of message types (e.g., promotions, alerts)
• Imposed limits on message volume

Why it matters

• Manages user expectations and prevents spam
• Maintains a positive user experience
• Aligns with carrier and industry guidelines

Example

To ensure that Textmagic meets messaging frequency requirements, we’ve included the following clause in our Terms of Service:

Here’s a handy template for this clause that you can copy and use on your own Terms of Service page:

By subscribing to [Company]’s text messaging service, you agree to receive [specify the type, e.g., promotional, transactional, or informational] messages related to [describe the content, e.g., products, services, updates, special offers]. You can expect to receive [specify frequency, e.g., up to 5 messages per week]. Message and data rates may apply. You can opt out of receiving these messages at any time by following the instructions provided in each message.

Copy text

Liability and disclaimers

Liability and disclaimers promote A2P 10DLC compliance by limiting the company’s legal responsibility for message delivery failures and content issues. They clarify the scope of responsibility and protect the business in the event of an error. 

What to include

• Disclaimers for delivery failures
• Limitations on liability for message content
• User responsibilities regarding service use

Why it matters

• Protects the company from legal claims
• Sets clear expectations for responsibilities
• Reduces potential disputes by defining terms upfront

Example

Here’s a liability and disclaimers template that you can easily copy and include in your Terms of Service:

[Company] is not responsible for any delays, failures in delivery, or any other issues related to the transmission or receipt of text messages. Delivery of text messages is subject to effective transmission by your mobile carrier and is not guaranteed by [Company]. 

By subscribing to our SMS services, you acknowledge and agree that [Company] will not be liable for any damages, losses, or injuries arising from or related to the use or failure to receive any text messages, including but not limited to, delays, non-delivery, or technical issues. Your use of our SMS services is at your own risk, and we provide our services on an ‘as-is’ basis without any warranties of any kind, express or implied.

Copy text

Data security and information handling

Data security and information handling describe how user data is collected, stored, and protected. They ensure data privacy and regulatory compliance with international standards. 

What to include

• Security measures for protecting user data
• Compliance with data protection laws
• User rights related to data access and correction

Why it matters

• Ensures compliance with privacy regulations like GDPR
• Builds trust by showing a commitment to data security
• Minimizes risks of data breaches and legal consequences

Example

You can copy and paste the template into your Terms of Service to comply with 10DLC regulations on data handling:

[Company] is committed to protecting the security of your personal information. We implement industry-standard security measures to safeguard your data against unauthorized access, use, or disclosure. However, it is also your responsibility to protect the confidentiality of your account information and any passwords associated with your use of our services.

You agree to notify [Company] immediately of any unauthorized use of your account or any other security breach. [Company] will not be liable for any loss or damage arising from your failure to protect your account or personal information adequately. By using our services, you acknowledge and accept that no data transmission over the Internet or mobile networks can be guaranteed to be 100% secure, and therefore, you use our services at your own risk.

Copy text

Key provisions of a 10DLC-compliant Privacy Policy

A 10DLC privacy policy has a few key provisions to include to achieve and maintain compliance. Here’s what you need to know and some useful examples to follow.  

Data collection and usage

Data collection and usage policies in 10DLC compliance outline the types of personal information collected from users and how it is used, enhancing transparency and user awareness.

What to include

• Types of data collected (e.g., names, emails, phone numbers)
• Methods of data collection (e.g., forms, cookies)
• Purposes for which data is used (e.g., marketing, service improvement)

Why it matters

• Builds trust through transparency
• Complies with legal requirements for disclosure
• Helps users understand data benefits and implications

Example

Here’s how we’ve easily incorporated provisions on data collection and usage in the Textmagic Privacy Policy:

You can include the pre-made template below in your Privacy Policy to ensure compliance:

[Company] collects personal information from you when you interact with our services, including when you sign up, make purchases, or communicate with us via text messages. The types of information we collect may include your name, contact details, payment information, and any other information you voluntarily provide.

We use this information to provide, maintain, and improve our services, process transactions, communicate with you, and comply with legal obligations. Your information may be shared with trusted third-party service providers solely for the purpose of operating our business and fulfilling our commitments to you. We do not sell, rent, or share your personal data with third parties for marketing purposes without your explicit consent.

You have the right to access, correct, or delete your personal information at any time, and we are committed to handling your data in a secure and transparent manner.

Copy text

Data protection

Data protection policies detail the measures taken to secure user data from unauthorized access and breaches, ensuring compliance with data protection laws.

What to include

• Security measures (e.g., encryption, access controls)
• Compliance with data protection laws (e.g., GDPR, CCPA)
• Procedures for responding to data breaches

Why it matters

• Protects user data, enhancing trust
• Complies with legal obligations for data security
• Reduces financial and reputational risks 

Example

Here’s a sample template for you to incorporate into your 10DLC-compliant Privacy Policy:

[Company] takes the security of your personal information very seriously. We employ industry-standard security measures, including encryption and secure servers, to protect your data from unauthorized access, alteration, disclosure, or destruction. We continuously monitor our systems to ensure your information is safe and secure, and we are committed to maintaining the highest levels of data protection to safeguard your privacy.

Copy text

Explicit non-sharing of information

Explicit non-sharing of information is a provision of a 10DLC privacy policy that assures users that their data will not be shared with third parties without consent, except for specific disclosed circumstances.

What to include

• Statement of non-sharing without consent
• Exceptions for legal obligations or service providers
• Assurance against unauthorized data selling or sharing

Why it matters

• Builds user confidence and trust
• Complies with laws requiring explicit consent for data sharing
• Minimizes legal risks associated with unauthorized sharing

Example

We’ve added the following provision for explicit non-sharing to our Textmagic Privacy Policy:

You can also use the example template below in your Privacy Policy:

[Company] is committed to upholding the highest standards of privacy for all personal information collected through our text messaging services. We do not sell, rent, distribute, or trade your personal data to third parties without your explicit consent unless legally required to do so. Any information shared with third parties is exclusively for the purpose of delivering our services to you. We assure you that your data will never be shared with third parties for marketing purposes.

Copy text

Opt-out instructions

Opt-out instructions clearly explain how to stop data collection or communications, giving users control over their personal information.

What to include

• Steps for opting out of data collection or messages
• Implications of opting out (e.g., not receiving comms)
• Contact information for opt-out assistance

Why it matters

• Ensures compliance with consent regulations
• Enhances user satisfaction and control
• Reduces risks of complaints or legal action

Example

We provide the opt-out instructions below to our recipients as part of the Textmagic Privacy Policy:

Feel free to use the opt-out instructions template below in your Privacy Policy:

If you no longer wish to receive text messages from us, you can opt out at any time by replying with the word ‘STOP’ or ‘UNSUBSCRIBE’ to the number from which you received the message. Upon receiving your request, we will promptly remove you from our messaging list, and you will no longer receive further text communications from us.

Copy text

Changes to the privacy policy

Changes to the privacy policy explain how users will be informed of updates, ensuring ongoing transparency, trust, and 10DLC compliance.

What to include

• Procedure for notifying users about policy changes.
• Methods of communication (e.g., emails, website updates).
• User rights to review and accept changes.

Why it matters

• Maintains transparency by keeping users informed.
• Complies with legal obligations for notification.
• Reduces confusion or dissatisfaction with clear communication.

Example

The Textmagic Privacy Policy contains the following provision regarding changes:

Here’s a template you can easily copy and include to address changes to your Privacy Policy:

[Company] may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will notify you by updating the “Last Updated” date at the top of this policy. In the event of significant changes, we will provide a more prominent notice, such as sending an email notification or displaying a notice on our website.

By continuing to use our services after these changes, you agree to the revised Privacy Policy. We encourage you to periodically review this policy for the latest information on our privacy practices.

Copy text

Best practices for maintaining 10DLC compliance

Maintaining the proper Terms of Service and Privacy Policy helps you achieve initial 10DLC compliance, but maintaining it is an ongoing process. 

Here are a few best practices to help you in the long run: 

1. Review and update your Terms of Service regularly to ensure that they remain current with legal requirements and industry standards. 
2. Stay informed about changes in 10DLC regulations. Keeping up-to-date with regulatory changes helps avoid compliance issues. 
3. Consult with legal professionals for compliance assurance. Legal experts can provide guidance tailored to your specific business needs. 
4. Have your legal team review documents before publication. This helps identify and address potential legal risks.
5. Participate in industry groups for regulatory updates. Engaging with these groups keeps you informed about new developments. 
6. Train staff on compliance requirements and legal changes. Regular training ensures employees understand their responsibilities. 
7. Monitor updates to individual carrier policies. 10DLC carriers may have specific rules that impact your messaging practices.
8. Keep records of user consent and communication. Proper documentation demonstrates compliance with user consent laws. 
9. Perform regular audits to ensure compliance. Periodic audits help identify areas for improvement in your processes.
10. Request feedback to identify regulatory issues. User feedback can reveal potential gaps in your compliance efforts. 

Conclusion

Adhering to 10DLC regulations is essential for businesses engaging in SMS marketing in the United States. By incorporating the key clauses and provisions outlined in this article into their Terms of Service and Privacy Policy, businesses can effectively achieve 10DLC compliance.

Ultimately, a compliant and transparent approach mitigates legal and financial risks, strengthens customer relationships, and supports sustainable business growth for many years to come.