At TxtCart we want Shopify merchants and their customers to have a great experience when sending and receiving text messages.

For us, a great experience doesn’t just mean great deals and offers. It is also about being respectful of customers and their privacy, or in other words, being compliant with TCPA, CTIA, and GDPR regulations, and as of January 1, 2020 - with the California Consumer Privacy Act (CCPA).

In order for Shopify merchants to send text messages to customers based in the USA and Canada, they need to abide by all TCPA rules and know how to create a text message that respects and protects customer data according to CTIA guidelines. As for store owners who do business with California - since the beginning of the new year they need to also comply with the CCPA in regards to how they handle any type of personal information.
​
This article contains the steps needed to ensure you are compliant with TCPA and CTIA rules and regulations when using TxtCart, and additional information on CCPA.

TCPA stands for the “Telephone Consumer Protection Act” and was passed by the United States Congress and then ratified in 1991. The TCPA limits the use of auto-dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines to make calls without the recipient’s prior consent.
​
Look at all TCPA regulations here.

The CTIA, or Cellular Telecommunications and Internet Association, represents the United States’ wireless communications industry and the companies throughout the mobile ecosystem in the United States, such as carriers and suppliers. The CTIA promotes the industry’s voluntary best practices.
​
You can get yourself familiar with their guide which includes best practices on how to send both SMS and MMS securely here.
​

The California Consumer Privacy Act (CCPA), understandably, considers all California users and all businesses that do business with them and in any way collect personal information. The only companies exempt from the CCPA are “insurance institutions, agents, and support organizations”, as they already are subject to similar regulations.
​
The CCPA takes a wider view than the GDPR of what constitutes private data and discusses the matter of "selling" personal information in much broader terms. According to CCPA, it’s every California user’s right to demand a report of all the personal information a company has collected on them, and a list of all third parties this data is shared with (if any). Customers can also revoke their consent to have their personal data collected. The CCPA also specifies stricter requirements companies must meet to be able to share information with third parties.
​
For further information and a more in-depth look at the CCPA regulations, check out this text.

There are a few steps you as a Shopify store owner need to complete so you can start collecting SMS subscribers and sending marketing text messages.

First and foremost, Shopify store owners should know that in order to send text marketing and automation messages, they need to have legally gathered customers’ phone numbers. Every customer must give you their explicit Prior Written Consent.
​
TxtCart offers three options for store owners to legally obtain a customer’s prior written consent to subscribe to text marketing services.

The checkout page is a great spot to invite your customers to subscribe for text message marketing deals and updates without being pushy.
​
You can easily set up an opt-in checkbox. From your, Shopify Settings go to Checkout.
​
​

Afterward, scroll down to Email Marketing and select the Show a sign-up option at checkout. Make sure to always leave the Preselect the sign-up option DISABLED.
​

Don’t forget to hit Save to save all the changes you made.
​
Next, you want to configure what your opt-in option message will say to your customers. To do that, scroll further down to Checkout language and hit the Manage checkout language button.

With your Find function (Ctrl + F; CMD + F) search for Accept marketing checkbox label. In the designated field type in the message you want your customers to see. It should be inspirational enough for them to decide to subscribe to your store. Here is an example:
​

Again, don’t forget to click Save before you continue.
​
Next up, let’s see how to enable phone fields where customers can leave their phone numbers to get exclusive deals and offers from your Shopify store.
​
With your Find function (Ctrl + F; CMD + F) search for Phone label and Optional Phone Label. Go ahead and write your message. Make it informative, but intriguing enough for the customer to want to leave their phone number. It can be something like this:
​

Save your changes and let’s move on to configuring the checkout footer language. Click on Online Store in your Shopify menu and select Themes.

From the Actions drop-down menu choose Edit languages.

From the tab, header menu click on Checkout & system.
​

Use the Find function (Ctrl+F) to search for Checkout shop policies. When you have located it, paste the following text in the Privacy Policy text box:
​

​Confirm your changes and you will be all set to start gathering subscriptions on checkout in accordance with all TCPA, CTIA, and GDPR rules!
​
This is what your checkout page should look like if you have completed all steps successfully:
​
​

The setup and appearance of the checkout page in Shopify Plus accounts will differ from the one we just went over. Users on the Shopify Plus plan can choose between two options to customize their checkout opt-in box - with or without a discount code.

​
​

Another way to invite customers and site visitors to subscribe to your deals and news is through subscription forms. These could be popups, embed forms, and floating buttons.
​
Regardless of which type they decide to use, Shopify store owners can choose between setting up a single, double opt-in method or enabling mobile phone quick subscribe - our newest addition.
​

​
​
To set up and enable the subscription form consent field according to TCPA, CTIA, and GDPR rules, you need to go to the Additional fields section in your Subscription form builder and switch the Enable the TCPA/CTIA checkbox toggle button on.
​
Next, type in the text that will indicate to your visitors that you are asking them to agree with your Privacy Policy & TOS. It should be something like this: I agree to Privacy Policy & TOS.
​
Finally, paste the link to your Privacy Policy & ToS in the required field and hit Save.
​
​Note: If you can’t find your Privacy Policy, make sure to generate it first by going to Settings > Legal > Privacy Policy and pasting the compliant text as above.
​
​

​Important: Consent is not a condition to purchase. Customers cannot be forced to subscribe to your text marketing service when they make a purchase. Make sure to always include the following text:
​

By signing up via text you agree to receive recurring automated marketing messages at the phone number provided. Consent is not a condition of purchase. Reply STOP to unsubscribe. HELP for help. Msg & Data rates may apply.
​

Look at how Subway crafted an effective, yet non-intrusive, clear, and compliant key-word strategy.
​
​

All agreement forms must be made "clear and conspicuous" prior to customers giving consent.

Try to be as clear as possible, e.g. if you are asking people to subscribe to a recurring SMS marketing campaign (such as weekly or monthly updates), then clearly explain the regularity (i.e. “sign up for monthly updates”).
​
​Be specific. Messaging “Text YES to ### to subscribe to {SiteName}’s weekly update and receive deals” is more likely to increase your opt-in rate than a message like “Text YES to subscribe.”
​

How to Comply with the CCPA
​
The CCPA gives complete guidelines on what businesses can do to respect the CCPA and all users it affects under Section 8.
​
Among them are to give customers an explicit opt-out option on the company website and in your Privacy Policy, where they can revoke data sharing. This should not, however, require users to create an account.
​
In the event where companies use third parties for text marketing purposes (or any other marketing reasons), they should explicitly say so in their privacy policy and give complete information on who their vendor is.
​
If a customer does choose to opt-out, according to the CCPA companies should refrain for at least 12 months from requesting that they authorize the sale of the consumer’s personal information.

Remember that customers are giving you access to their personal phone numbers. Use this privilege wisely, respect people’s privacy, and treat others as you wish to be treated. Get started today!
​