We also recommend including disclosures if any of the following apply to your business:
- SMS abandoned cart
- Third-party data sharing
- Location tracking or location-based services
SMS Abandoned Cart Disclosure
Third-Party Data Sharing
Express Consent is required for SMS; therefore, sharing data is prohibited. Privacy policies must specify that this data sharing excludes SMS opt-in data and consent. Privacy policies can be updated (or draft versions provided) where the practice of sharing personal data to third parties is expressly omitted from the short code program.
“The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.”
Location Tracking and Location-Based Services
SMS Compliance for Abandoned Carts
There are two main requirements for consent in connection with abandoned cart messages:
- A recipient must explicitly agree to receive abandoned cart reminders
- The list they are sent to must have double opt-in enabled
For the first, as a part of the SMS opt-in process on your website, mention in the call-to-action that your SMS program includes abandoned cart reminders. Typically, this mention is part of the disclosure text written on a signup form.
Every SMS subscriber must also go through the double opt-in process if you want to send them abandoned cart messages.
An SMS abandoned cart flow has two key restrictions:
- The flow is limited to one SMS message per each abandoned cart
- The message must be sent within 48 hours of the triggering event
Further, you cannot complete the transaction on behalf of the customer, collect payment information via text, or accept purchase via a keyword confirmation from the customer. The customer must complete the transaction themselves on your online store.
If you plan to send abandoned cart reminders through your short code SMS program, it needs to be specified within your mobile program terms of service. The language below is an example of such a disclosure.
“If you have opted in, the Service provides alerts, information, promotions, specials, and other marketing offers (e.g., cart reminders) from <Company Name>.”
SMS Compliance for Sweepstakes/Contests
Carriers have specific requirements for sweepstakes/contests where consumers enter, win, or otherwise participate. While these requirements are primarily for short codes, they are still good to have in place for other SMS sending numbers.
Sweepstakes rules must include:
- Having a “No Purchase Necessary” method of participation within the contest
- Not offering carrier-specific prizes
- Defining the contest period
- Listing all states where participation in the sweepstakes is available
- Listing the approximate retail value (ARV) of the prizes
If you plan to run sweepstakes programs on a short code, you must provide additional information by:
- Publishing the sweepstakes rules on your website
- Linking to the sweepstakes rules in the signup form, call-to-action, or other opt-in method (website, point-of-sale signage, etc)
- Attaching a physical copy in an email or via the application of the sweepstakes rules
What Is Double Opt-In?
Double opt-in is a process through which a new subscriber must confirm their subscription before being subscribed to a given list. It is the same for both email and SMS subscribers.
If someone provides both their email and SMS, confirming their consent by text will opt them into SMS and email. If they do so by email, they will only be opted into email.
Double opt-in is set at the list level. If a list has double opt-in, everyone who subscribes to that list must confirm their interest before they're added. The only exception is for SMS subscribers in the UK and Australia. Since alphanumeric sending IDs cannot receive text messages, there's no way for a subscriber to confirm that they want to opt in. Thus, even if a list is set to double opt-in, UK and Australian SMS subscribers will always go through single opt-in.