OneCloud's aggregator vets all new 10DLC campaigns to ensure campaigns are compliant with the wireless carriers’ codes of conduct. In this article, we'll provide more clarity and insight into them so you can register your campaigns successfully and as smoothly as possible.
We often see campaigns rejected for an insufficient Call to Action/Message Flow (CTA) section. There are two portions of the Call-to-Action review when it comes to vetting for 10DLC.
First, the vetting aggregator will review the Call to Action/Message Flow field in the campaign registration. This section should contain a clear and concise description of how an end user signs up to receive messages. Opt-in must be 1 to 1, can't be shared with third parties, specific for text messaging, and can't be implied. It must be clear, conspicuous, and can't be obscured within the terms & conditions and/or other agreement(s).
Examples of how to get users to opt in:
Secondly, the vetting aggregator will review the actual Call-to-Action disclosure shared with the consumer/recipient during the opt-in collection. This disclosure is the language provided to the consumer/recipient informing them that they are opting in. This disclosure must contain the following information:
This information must be provided regardless of the opt-in collection method. Here are some examples of different types of opt-in:
Website/Online opt-in: "By submitting this form and signing up for texts, you consent to receive marketing text messages (e.g. promos, cart reminders) from [Company Name] at the number provided, including messages sent by autodialer. Consent is not a condition of purchase. Msg & data rates may apply. Msg frequency varies. Unsubscribe at any time by replying STOP or clicking the unsubscribe link (where available). Reply HELP for help. Privacy Policy [link] & Terms [link]."
Keyword Opt-in: "By texting START to [phone number], you consent to receive marketing text messages from [Company Name]. Consent is not a condition of purchase. Msg & data rates may apply. Msg frequency varies. Unsubscribe at any time by replying STOP or clicking the unsubscribe link (where available). Reply HELP for help. Privacy Policy [link] & Terms [link]."
Consumer-Initiated Messaging: "By starting a text conversation with [Company Name] by texting [phone number] you are agreeing to receive conversational messages from [Company Name]. Msg & data rates may apply. Msg frequency varies. Unsubscribe at any time by replying STOP or clicking the unsubscribe link (where available). Reply HELP for help. Privacy Policy [link] & Terms [link]."
Verbal opt-in: "[Company name] will be collecting opt-in verbally from their customers. The customers will be able to opt in to receive messages either in person at their physical location, or over a phone call if the customer calls. When a customer is registered for the first time, they are asked to provide the phone number, and staff is trained to ask If the customer would like to opt in to SMS-based billing notifications. They will be verbally informed that "Message and data rates may apply", "Message frequency may vary", and they can "text HELP for support or more information and STOP to unsubscribe at any time." They will also be informed that their phone number will not be shared with third parties for marketing or promotional purposes. Privacy Policy and Terms & Conditions links must be added to the Call to Action/Message Flow field in the campaign registration via TCR.
Additional notes about CTAs:
Acceptable opt-out language must include at least one of the following words: END, STOP, UNSUBSCRIBE, CANCEL. If you’re using an opt-out phrase, it must be separated by spaces (i.e., STOP2END is not acceptable; it should be STOP 2 END). Please make sure that at least one of your sample messages shows your opt-out.
Example: "[Insert Business Name:] You have an appointment for Tuesday at 3:00 PM, reply YES to confirm, NO to reschedule. Reply STOP to unsubscribe."
The following types of content are prohibited on 10DLC: CBD, Cannabis, Sex, Hate, Alcohol*, Firearms, and Tobacco*. It’s also not allowed to be on the customer's website at all.
*Alcohol and Tobacco can be supported with robust age-gating and proper opt-in.
Example: If a chiropractor's office has CBD oils on its website, the campaign will be denied even if it's not directly related to CBD marketing.
Please make sure to include any website or online presence the customer has. Even if the customer avoids putting their website, our aggregator will still search to see if there's one associated with them. If there’s prohibited content on their website, the campaign will be rejected. If they do not have a website, we recommend providing any form of online presence in the Brand Details (social media page, Google search link, etc.). They can attach the Privacy Policy and Terms & Conditions in the registration if they are not found online.
Please follow proper Know Your Customer (KYC) guidelines for the campaign. The brand needs to reflect who will be sending the message to the customer, not the software behind the delivery.
Remember that the brand is the message sender. The Employer Identification Number (EIN) and company information should reflect the message sender, not you as the reseller.
Please confirm that your campaign and content attributes are correct when setting up your campaign.
Not all carriers accept these campaign types, so they’ll be automatically rejected. You’ll then be charged the $15 fee and need to resubmit them later, so please hold off on submitting any new Sole Proprietor campaigns until Bandwidth provides further notice.
To learn more about 10DLC registration best practices and how to overcome campaign vetting rejections, please see 10DLC registration best practices and vetting rejection reasons.
All message senders must have an acceptable Privacy Policy when registering 10DLC campaigns. The most important aspect of the Privacy Policy mandates clearly describing how consumer data will be used and shared (if applicable), and how consumers can contact the message sender. A compliant Privacy Policy for 10DLC messaging should include the points below to help ensure that campaign registration and vetting are successful.
Please also ensure you are linking to your privacy policy and terms and conditions in the Campaign Details section when registering your campaign. This will allow for quicker location of these items resulting in a more streamlined vetting process.
When a campaign is being vetted, the language presented in a sender's Privacy Policy is heavily scrutinized to ensure the message sender doesn't improperly claim to have the consumer’s consent to share end-user data with third parties for marketing purposes. While it's permissible for a business to share end-user data essential for business operations, the fundamental practice of sharing data to sell consumer information (leads) to third parties is a prohibited campaign type and will be rejected.
Privacy Policies are reviewed during vetting to ensure consumer data isn't transferred among various organizations. To successfully address these requirements, we recommend adopting and including a process in the Privacy Policy that demonstrates senders will refrain from sharing information consumer data.
Example: "Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."
Message senders are required to acknowledge the consumer's right to opt out of a messaging campaign to ensure that message recipients’ consent remains intact. The Privacy Policy must also include instructions on how to opt out of future communications.
Example: “If you wish to be removed from receiving future communications, you can opt out by texting STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, or UNSUBSCRIBE.”
Bandwidth strongly suggests that each brand create a personalized Privacy Policy with accompanying SMS disclosures as discussed above. Bandwidth cannot provide guidance on what is legally required within a Privacy Policy. It's the responsibility of the message sender and their provider to research and ensure the Privacy Policy meets TCPA laws, as well as, individual carrier compliance requirements. For new, non-established brands entering the messaging space, there are online resources that can help you develop the required operational processes and Privacy Policy templates that will fit the unique needs of your business.
Note: If you're using online resources, your Policy, Practices, and Procedures must still include the above SMS disclosures and functions. Failure to adopt these practices may result in receiving a registration and vetting rejection (i.e., “805 - Compliant privacy policy is required on website”).
All message senders must have compliant Terms & Conditions made available to their consumers/recipients. This document must be provided as a part of the campaign registration. Often, the Terms & Conditions are found on a brand's website. If the brand does not have a website, you can attach a hard copy as a PDF in the campaign registration.
The Terms & Conditions page must contain the following details:
An example might look like this:
"Messaging Terms & Conditions
You agree to receive informational messages (appointment reminders, account notifications, etc.) from [Company Name]. Message frequency varies. Message and data rates may apply. For help, reply HELP or email us at [email address]. You can opt out at any time by replying STOP."