Overview
Navigating SMS marketing compliance can feel overwhelming. Between the Telephone Consumer Protection Act (TCPA), Cellular Telecommunications Industry Association (CTIA) guidelines, and varying state regulations, staying compliant requires careful attention to detail.
As a leading SMS marketing solution, TxtCart has compiled the most common compliance questions from our merchants, along with expert answers to help you navigate these complex requirements.
Please note: This information is for educational purposes and should not be considered legal advice. Always consult with a qualified legal professional for guidance specific to your situation.
Opt-ins and Consent Management
1. Why is double opt-in (confirmed opt-in) critical for compliance?
Double opt-in requires subscribers to confirm their subscription by responding "YES" or entering a verification code after their initial signup. This process is essential because:
It validates genuine subscriber intent
Under TCPA, unauthorized messaging can result in $500-$1,500 penalties per message
It prevents accidental or malicious signups using someone else's number
It maintains a higher-quality subscriber base with better engagement rates
It significantly reduces legal liability and potential class-action lawsuits
2. What compliance language should appear at SMS signup points?
We recommend using this standard disclosure language (ensure "Terms of Service" and "Privacy Policy" link to your actual pages):
By checking the checkbox above, you agree to receive recurring automated messages from [INSERT STORE NAME HERE], including cart reminders, at the phone number provided. Consent is not a condition of purchase. Reply STOP to unsubscribe. Reply HELP for help. Message frequency varies. Msg & data rates may apply. View our {{ privacy_policy_link }} and {{ terms_of_service_link }}.
3. Must the consent checkbox be unchecked by default?
Yes, absolutely. Pre-checked boxes violate consent requirements. Subscribers must actively check the box to provide explicit consent. This manual action demonstrates a clear intent to receive messages.
4. Where must I display compliance disclosure language?
Compliance disclosures are required anywhere you collect SMS opt-ins, including:
Website popups and forms
Checkout pages
Social media campaigns
Landing pages
Video advertisements
QR code campaigns
5. How should disclosure language be positioned relative to the signup button?
For TCPA compliance:
Position disclosure text close to the call-to-action button
Use readable font size and contrasting colors
Add an asterisk (*) to your CTA directing attention to disclosures
Avoid large gaps, images, or distracting elements between CTA and disclosure
Ensure disclosure is visible when the submit button is clicked
Make hyperlinks obvious through underlining, capitalization, or color distinction
6. Do I need to specify exact message frequency in my disclosure?
No, you're not required to state specific message counts. However, we recommend setting clear expectations about message frequency and content in your welcome series. Consider asking new subscribers about their preferred message frequency and content types to enable better segmentation.
7. Can I use QR codes for SMS opt-ins on printed materials?
We recommend directing QR codes to a compliant landing page where full disclosure language appears alongside the signup form.
If you insist on a direct QR code signup, you must:
Print complete compliance disclosure language below the QR code
Include full URLs for Terms of Service and Privacy Policy (not shortened links)
Use unique keywords for each campaign for proper tracking
Maintain records of all printed materials showing compliant disclosure language
8. Can I collect SMS opt-ins over the phone?
No, TCPA consent cannot be obtained verbally during phone calls. Instead, direct callers to a compliant landing page where they can complete the opt-in process with proper disclosure language visible.
9. Can I message existing contacts to request SMS opt-in?
This is not compliant unless each message is sent individually by a human (not automated) and all numbers are scrubbed against the National Do Not Call Registry. Even if technically compliant, this approach:
Creates poor customer experience
Permanently blocks you from messaging anyone who declines
Generally yields lower-value subscribers compared to organic opt-ins
Carries significant legal and deliverability risks
10. Can subscribers refer friends by providing their phone numbers?
No. Valid consent must come directly from the person who will receive the messages. They must personally view the disclosure language and provide their own consent.
11. Can I promote SMS keywords on social media?
Unless you include complete compliance disclosure language in the social post, we recommend sharing a link to your compliant opt-in landing page instead. This approach provides stronger compliance protection.
12. Can multiple brands share the same opt-in form for giveaways?
No. Each brand must collect separate, explicit consent using individual opt-in forms, even if hosted on the same page. Shared consent does not meet compliance requirements.
13. Can I purchase phone number lists for SMS marketing?
Absolutely not. Purchased lists lack proper consent from recipients for your specific brand, making any marketing messages to those numbers non-compliant and legally risky.
Abandonment Messaging Rules
14. What are the rules for cart abandonment messages?
Cart abandonment messaging has strict limitations:
One message per abandonment event maximum
Must be sent within 48 hours of cart abandonment
The message should focus on completing the abandoned purchase
Cannot include general promotional content unrelated to the specific abandoned cart
15. Do the same rules apply to browse abandonment messages?
Yes, browse abandonment follows identical rules:
One message per browse abandonment event
48-hour sending window
We strongly recommend against sending both cart abandonment and browse abandonment messages within the same 48-hour period to avoid overwhelming subscribers
16. Can I send follow-up messages after abandonment notifications?
Follow-up messages are only permitted if the subscriber responds to your initial abandonment message, creating a conversational exchange. For example:
Initial abandonment message: "You left items in your cart. Complete your order now!"
If subscriber replies asking about shipping: You can respond with shipping information
You can then continue the conversation naturally as long as the subscriber remains engaged
17. Can I include keyword prompts in abandonment messages to trigger additional messages?
Yes, this is compliant. For example: "Reply SAVE for a 10% discount on your abandoned cart items." The follow-up discount message would be triggered by the subscriber's keyword response (a separate action), not the original abandonment event.
18. What about other automated message flows?
Non-abandonment flows (welcome series, order updates, promotional campaigns, post-purchase sequences, etc.) can include multiple messages as long as they comply with:
Proper opt-in consent
Quiet hours restrictions
SHAFT content guidelines
Clear opt-out instructions
Sender identification requirements
Brand Identity and Phone Number Updates
19. Can I continue messaging after a simple rebrand?
If you're only changing your business name while maintaining the same products and services, you can continue messaging existing subscribers. However, include information about the name change in your next message to keep subscribers informed.
If your products or services are changing along with the name, you must collect fresh opt-ins.
20. Can I promote another brand I own to my current subscribers?
No. Each brand requires separate opt-in consent, even if you own multiple brands. You cannot cross-promote between different brands using SMS. However, you could send an email from your current brand linking to an SMS opt-in page for your other brand.
21. Can multiple brands share the same phone number?
We strongly advise against this practice as it creates poor customer experience and complex compliance management. Each brand should maintain its own dedicated SMS number.
SHAFT Content Restrictions
22. What is SHAFT and why does it matter?
SHAFT refers to content related to Sex, Hate, Alcohol, Firearms, and Tobacco (including CBD). Carriers actively filter messages containing SHAFT-related content, which can result in message blocking, account suspension, or permanent filtering.
23. Which words might trigger SHAFT filtering?
While carriers don't publish complete lists, avoid these commonly flagged terms:
Sex-related: Aroused, arousal, sensual, sexual, intimate terms Alcohol: Booze, brewery, whiskey, vodka, tequila, wine, beer Firearms: Ammunition, rifle, handgun, gun, weapon, shooting Tobacco: Tobacco, cigarette, smoking, vaping terms Cannabis: CBD, marijuana, cannabis, hemp, weed, THC, vape, bong General flags: Profanity, "watch now," inappropriate content.
24. Can I market SHAFT-adjacent products?
Products related to but not directly including SHAFT items (like holsters for firearms) carry filtering risk. Exercise extreme caution with messaging and avoid trigger words. Consider whether SMS marketing is worth the deliverability risks for your specific business.
Messaging Hours and Timing
25. What are Quiet hours for SMS marketing?
Quiet hours protect subscribers from receiving messages during inappropriate times:
Federal Requirements (TCPA):
No messages before 8:00 AM or after 9:00 PM in recipient's local time zone
26. What are the consequences of violating quiet hours?
Penalties can be severe:
Connecticut: Up to $20,000 per violation
Maryland: $1,000 first offense, $5,000+ subsequent offenses, possible imprisonment
New Jersey: Up to $10,000 ($30,000 if recipient is 60+)
Florida: Up to $10,000, attorney fees, potential felony charges
Washington: $100 per violation plus legal actions
Oklahoma: $500 per violation
Additional consequences include higher unsubscribe rates, spam reports, carrier filtering, and customer complaints.
27. Do quiet hours apply to customer service responses?
No, manual one-on-one customer service responses are exempt from quiet hours restrictions, provided they don't contain marketing content.
Transactional vs. Promotional Messages
28. What's the difference between transactional and promotional messages?
Transactional messages:
Order confirmations, shipping updates, delivery notifications
Account alerts, password resets, appointment reminders
Time-sensitive, service-related information
Not subject to quiet hours due to urgent nature
Promotional messages:
Marketing campaigns, sales announcements, new product alerts
Abandoned cart reminders, promotional offers
Any content designed to encourage purchases
Subject to all compliance requirements including quiet hours
29. Can I add promotional content to transactional messages?
Generally, NO. Keep transactional messages focused on their primary purpose. Small amounts of promotional content might be acceptable (like a brief signature line), but the message's primary purpose should remain transactional.
Additional Compliance Considerations
30. Must I include my business name in every message?
Yes, CTIA regulations and many state laws require sender identification in each message. This prevents deliverability issues and ensures subscribers know who's messaging them.
31. Can I link to third-party sites like Amazon in my messages?
We advise against linking to domains that don't match your business domain, as carriers may flag these as fraudulent. Instead, encourage subscribers to search for your brand on the platform rather than providing direct links.
32. What about user-generated content collection via SMS?
You can collect customer content through SMS, but obtain signed releases before using photos, videos, or testimonials in broader marketing campaigns. Consult legal counsel for appropriate release forms.
33. Can I use SMS subscriber data for other marketing channels?
No, SMS consent is specifically limited to automated text message marketing. Using phone numbers for Facebook advertising, calling campaigns, or other purposes violates the limited scope of SMS opt-in consent.
34. What should my Terms of Service and Privacy Policy include?
Your legal documents should clearly explain:
What subscribers can expect from your SMS program
Message frequency and content types
How to opt out and get help
Data collection and usage practices
Contact information for questions
Consider using dynamically hosted terms that automatically update with regulatory changes to ensure ongoing compliance.
Tip: You can use our Privacy Policy and Terms of Service templates.
35. How does ADA compliance apply to SMS marketing?
Your opt-in forms must meet accessibility standards:
Keyboard navigation support
Proper focus management
Screen reader compatibility
4.5:1 color contrast ratio minimum
Clear, understandable language
Proper HTML markup structure
36. Does TxtCart store my subscriber data securely?
Yes, we employ industry-standard security measures, including technical, administrative, and physical safeguards, to protect subscriber information based on data sensitivity levels.
Remember: Compliance requirements continue evolving, and this guide provides general information only. For specific legal advice about your situation, always consult with qualified legal professionals who specialize in telecommunications and marketing law.
💡Tip:
Still, Have questions?
Please feel free to reach out to our wonderful Support team at support@txtcartapp.com or via Live Chat.