10DLC website requirements
As carriers evolve their 10DLC requirements to prevent spam messages, we are committed to helping keep your organization compliant. For users submitting new Use Cases, there are additional fields for a Contact Source URL and a Privacy Policy URL on the Brand Registration page.
Why does my organization need a URL to our website?
As malicious actors continue using the texting medium to send spam, carriers have instituted a manual verification level above The Campaign Registry. In an effort to reduce spam, carriers are vetting an organization's website to ensure that they have a place where a contact can opt into text messages knowingly, and can reference a privacy policy about how their information will be used. However, this does not mean that opt-in is required to send texts. Click here for more information about 10DLC and opt-ins.
Already Registered?
If your organization has already registered its Use Case before manual vetting was required, your Account Owners will be prompted to input your organization's URL. A prompt will appear when navigating to the Brand & Use Case Registration page for easy updating. Please link to your main site homepage.
Use Case Registration
For a Use Case to pass manual vetting, your website must include both a Contact Source URL and Privacy Policy page during use case registration.
Contact Source URL
Carriers are looking for a valid URL, specific to the organization, where an organization collects phone numbers from contacts. This URL should take the person verifying the application directly to the phone number collection page. To fulfill the requirements for the contact source URL, the third-party vetting team verifies that the URL has a phone number input field and opt-in language. An example of opt-in language would be:
"By providing your phone number, you agree to receive text messages from this organization. Message and data rates may apply. Message frequency varies." |
The opt-in language should preferably be adjacent to the phone number input field. Here's an example of what that may look like:
If your organization has a "Contact" page, that would be the best page to include the phone number and opt-in information. On the Contact Source page there should be a findable link to the Privacy Policy page (see section below for more information).
Privacy Policy
Carriers need to see a page dedicated to the privacy policy on your organization's website that discloses how your organization may collect, use, and share personal information. Privacy policies should be consistent with applicable privacy law and must ensure the protection of user information from unauthorized access, use, and disclosure. Carriers are particularly vigilant regarding language that could be interpreted as your organization sharing information with third parties for marketing purposes. Your privacy policy should clearly indicate that you share personal information with third parties solely for essential business operations and explicitly state that personal information will otherwise not be shared with third parties without consent or legal obligation. The privacy policy should be easily discoverable from your contact source URL, preferably linked in the footer of your website, as seen in the example above.
There are two crucial aspects your privacy policy must cover.
- Your privacy policy must explicitly state that your organization does not share or sell personal information with third parties without consent, except when legally required to do so.
- Your privacy policy must share information about how to opt out of further communications, particularly text messages.
The absence of either of these elements will result in the rejection of the use case. However, this information on its own will not fulfill the requirements for the privacy policy URL.
Examples:
We recommend asserting your commitment to not sharing information without consent or legal obligation with the following language:
"[Your organization] maintains strict privacy policies, ensuring that personal information of our users and members is not sold, rented, released, or traded to others without prior consent or legal obligation." |
To share opt-out information with users, we recommend sharing the following language in your privacy policy:
"SMS Opt-Out: If you are receiving text messages from us and wish to stop receiving them, simply respond with either “STOP” or “UNSUBSCRIBE” to the number from which you received the message. Once we receive your message, you will no longer receive further text messages from us." |
Creating your Privacy Policy
For best practices, it's recommended to craft a personalized privacy policy addressing the following key points:
- The type of data and how you collect information from your users.
- How you use and share any information collected.
- Explicitly states you do not Share or Sell personal information with third parties without consent or legal obligation.
- How users can unsubscribe/opt-out from your organization.
- Explain how you protect your user data.
- Explain the update possibilities to your privacy policy.
It is recommended that you create a personalized privacy policy that pertains to your organization based on the points outlined above; however, if you need assistance crafting your organization's privacy policy, you can review some online resources that generate custom privacy policies. You can read more about this here: Online Resources for Privacy Policies.
You can also reference GetThru's comprehensive privacy policy here: https://www.getthru.io/privacy-policy.
If your site doesn't include a contact source URL and/or privacy policy already, adding them is necessary to help your organization get approval through manual vetting. If a use case fails manual vetting, your site must be updated to fulfill the requirements, which will require restarting the manual vetting process.
Please write to support@getthru.io if you have any questions or difficulty adding your website!