All Businesses and Organizations must have a published privacy policy to be compliant with 10DLC regulations.
This guide will detail what's required in order to meet the 10DLC privacy policy guidelines.
Requirement 1: Publish a Privacy Policy on your Website
Carriers require that your business publish a privacy policy on your website, which must be located on your homepage.
You can look at MessageDesk.com for an example:
If you do not have a privacy policy you can use one of the following policy generators to create a boiler plate policy.
A privacy policy generator automates the process of creating a privacy policy for a website by providing a template and customizable options to suit the organization's data collection and usage practices.
Here are some free privacy policy generators:
IMPORTANT: Once you've generated a privacy policy using the generator above, you MUST check to make sure it meets the 10DLC Requirements detailed below, or your policy will be denied.
IMPORTANT: Some generators include a section about sharing or disclosing information. this section should be removed according to requirement 2 below.
Ensure that your Privacy Policy Complies with 10DLC Standards.
All privacy policies must comply with 10DLC standards. Ensure your policy includes the following:
The type of contact and personal information your organization collects
How your organization collects information from users
How your organization uses any information collected
Explain how your organization protects user data
Requirement 2: Explicitly State Your Organization Does Not Share Information
Carriers scrutinize any language interpreted as sharing information with third parties for marketing purposes.
Specifically:
Your privacy policy should explicitly mention that personal information will not be shared with third parties unless legally required.
You are not allowed to include any verbiage indicating you will collect consent for any third party.
We recommend asserting your commitment to not sharing information legal obligation with the following language at the beginning of this section:
Include the following in your policy:
"[Your organization] maintains strict privacy policies, ensuring that personal information of our users and members is not shared, sold, rented, released, or traded to third parties without legal obligation."
Requirement 3: Opt-Out instructions
Your privacy policy must include instructions on how to opt out of further text communications. We recommend adding the following language to an appropriate section within your privacy policy:
Include the following in your policy:
SMS Opt-Out: If you are receiving text messages from us and wish to stop receiving them, simply respond with either "STOP" to the number from which you received the message. Once we receive your message, you will no longer receive further text messages from us."
Requirement 4: Ensure your Privacy Policy Does Not Suggest Data Sharing
Once you've added the 3 previous requirements to your Privacy Policy, it's important to ensure that it does not contain any language suggesting your company shares or sells information with any third parties.
IMPORTANT: Failure to meet this requirement is a leading cause of carrier rejections.
FAQ
Do I need a website in order to register with Carriers?
Do I need a website in order to register with Carriers?
Yes, all businesses must have a published website in order to register with carriers
Can I send compliant business text messages without a privacy policy?
Can I send compliant business text messages without a privacy policy?
No, all businesses must have a published privacy policy that meets 10DLC requirements before they can get approved for compliant SMS within the United States
Can I use Google Analytics or similar to collect analytics on my website and still be 10DLC compliant?
Can I use Google Analytics or similar to collect analytics on my website and still be 10DLC compliant?
Yes, you just need to include the following phrase in your privacy policy:
โWe use information gained through cookies to compile statistical information about use of our Website, such as the time users spend at the site and the pages they visit most often. Those statistics do not include PII.โ
If you have any questions regarding your Privacy Policy, please feel free to reach us at support@messagedesk.com, and we'll be happy to help!