Texting your customers without proper privacy policies isn’t just risky — it can cost you thousands in fines. Yet most businesses have no idea what should be in their SMS privacy policy or whether they even need one.
In this article, we’ll share everything you need to know about what to include in an SMS privacy policy. We’ll also share an SMS privacy policy template you can use.
What is an SMS privacy policy?
An SMS privacy policy is a document that outlines how a business collects, uses, stores, and protects personal information obtained for business SMS and MMS communications.
Your SMS privacy policy should live on your website and be easily accessible to your customers when you collect consent from them. Include a link to the policy with any SMS opt-in text you use so customers understand how you plan to use their data before deciding to opt in.
Having an SMS privacy policy is a best practice for businesses that offer customers the ability to text them. Recent regulations required by all major US carriers have made it mandatory for businesses to have an SMS privacy policy if they wish to text customers based in the US.
If you already have a privacy policy, you don’t need a different document to cover SMS communications. You can add information related to your SMS privacy policies in your overall privacy policy so that you’re compliant.
Why you need a 10DLC SMS privacy policy
With an SMS privacy policy, you can be transparent with customers about how you plan to use their personal info for your text communications. When they’re aware of how you plan to use their data, they’ll be more likely to trust you and opt in to receive texts from you — which helps you get proper SMS consent and builds trust.
Equally important, you’ll stay compliant with TCPA and CTIA guidelines.
What does an SMS privacy policy contain?
An SMS privacy policy should be added to your call-to-action form when customers sign up for texts. It contains the following details:
- Type of data collected: What information you plan to collect for your text communications like name, phone number, and other contact information.
- Data collection methods: How you plan to collect customer data — this could be through verbal, written, or online sign-up forms.
- Data sharing policies: Who you plan to share customer data with, including any third parties and affiliates.
- User rights: How users can opt out of text communications from you.
- Data protection and retention: How you store and secure customer data and how long you keep it, like until the user opts out, or for legal compliance.
Use this free SMS privacy policy template
Here is sample language you can add to your privacy policy so you’re compliant with 10DLC regulations:
1. Information we collect
When you opt in to receive SMS messages from [COMPANY NAME], we may collect the following personal information:
- Your mobile phone number
- Your name — if provided
- Any information you provide in your message responses
- Message delivery and interaction data — timestamps, status, etc.
2. How we collect your information
We collect information directly from you when:
- You enter your phone number into a web form
- You interact with our customer support via SMS
- You opt in through a purchase or registration form
3. How we use SMS information
We use your SMS data to:
- Send transactional or account-related messages — order updates, appointment reminders, etc.
- Send promotional or marketing messages only with prior consent
- Respond to your inquiries or support requests
- Analyze message delivery and engagement to improve our services
4. Sharing your information
[COMPANY NAME] does not sell or share your SMS opt-in data with third parties for their marketing purposes.
We may share your information with trusted service providers who help us deliver our SMS messaging services, such as:
- SMS gateway providers
- Phone carriers
- Customer support platforms
These vendors are contractually obligated to keep your information secure and only use it to provide services to [COMPANY NAME].
5. Your choices and rights
You can opt out of SMS messages at any time by replying “STOP” to any message. After you opt out, you will no longer receive text messages from us unless you opt in again.
To request access to or deletion of your SMS-related data, please contact us at [CONTACT EMAIL].
6. Data security and retention
We implement reasonable technical and organizational measures to protect your personal data. SMS data is retained only as long as necessary to fulfill the purposes outlined above or to comply with legal requirements.
7. Changes to this policy
We may update this SMS privacy policy periodically. If we make material changes, we’ll notify you via SMS. Continued use of our SMS service indicates your acceptance of the revised policy.
8. Contact us
If you have any questions about this policy or your SMS data, please contact us at:
[COMPANY NAME]
[COMPANY EMAIL]
[COMPANY ADDRESS (optional)]
SMS privacy policy examples
Here are a couple of real-world examples of SMS privacy policies used by small businesses.
Green Paper Products
Green Paper Products is a small Ohio-based business that makes disposable tableware and paper products. Here’s their privacy policy:
The Stone Dry Company
The Stone Dry Company is an Indiana-based non-profit that provides communities with tools and resources to practice sobriety. Here’s their SMS privacy policy:
Garage Up
Garage Up is a garage renovation company that specializes in transforming garages into functional spaces. Here’s a look at their privacy policy:
Bonus: Terms & Conditions template for SMS
While a privacy policy explains how you handle customer data across your entire business, SMS terms and conditions serve a more specific purpose. These terms outline the rules and expectations for your text messaging program specifically.
Unlike your privacy policy, which typically lives on your website for general reference, SMS terms and conditions are usually sent directly to customers when they opt into your SMS campaigns. Here’s a template you can use:
1. Program description
By opting into the [PROGRAM NAME] SMS service, you agree to receive recurring text messages from [COMPANY NAME] about [brief description of what types of messages you’ll send, e.g., order updates, appointment reminders, exclusive promotions].
2. Opting out
You can cancel the SMS service at any time. Just text “STOP” to the number you received the messages from. After you send “STOP,” we will confirm your unsubscribe status via SMS. You will no longer receive message notifications from us unless you opt in again.
3. Customer support
If you are experiencing issues, reply “HELP” for more assistance or contact us directly at [SUPPORT EMAIL or TOLL-FREE NUMBER].
4. Message and data rates
Message and data rates may apply for any messages sent to you from us and to us from you. Message frequency varies. Contact your wireless provider for more information about your text or data plan.
5. Carriers disclaimer
Carriers are not liable for delayed or undelivered messages.
6. Privacy
Your privacy is important to us. For more information, view our Privacy Policy at [PRIVACY POLICY URL].
7. Consent and conditions
By opting in, you consent to receive recurring automated marketing and informational text messages from [COMPANY NAME] to the mobile number you provided. Consent is not a condition of purchase.
Make SMS compliance easy with Quo (formerly OpenPhone)
An SMS privacy policy is necessary to follow SMS compliance laws, but it’s only one piece of the compliance puzzle. Other compliance considerations include your consent collection methods and your opt-in and opt-out language.
Quo makes it easy for small businesses to become compliant with SMS compliance regulations. Our 10DLC registration process guides you through registering your number and navigating through all your compliance needs.
Want to learn more about how you can become and stay compliant with US texting regulations? Check out our detailed SMS compliance guide.
FAQs
You can write your own privacy policy, but it’s often better to use a template or get legal counsel to ensure you cover all required disclosures and comply with relevant privacy laws. Privacy laws vary by state and region, like Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Protection Act (CCPA).
An SMS privacy policy explains how customer data is collected, stored, and used, while terms and conditions outline the rules of your messaging program. This includes how to opt in or out, message frequency, and carrier disclaimers.
The FCC requires businesses to obtain prior express written consent before sending promotional text messages, clearly identify themselves in messages, and provide easy opt-out instructions. They also enforce regulations around automated calling and texting under the Telephone Consumer Protection Act (TCPA).
