10DLC website requirements


As carriers evolve their 10DLC requirements to prevent spam messages, we are committed to helping keep your organization compliant. For users submitting new Use Cases, there are additional fields for a Contact Source URL and a Privacy Policy URL on the Brand Registration page

Why does my organization need a URL to our website?

As malicious actors continue using the texting medium to send spam, carriers have instituted a manual verification step above automation provided by The Campaign Registry. In an effort to reduce spam, carriers are using a third party to vet an organization's website to ensure that there is a place where a contact can opt into text messages knowingly and can reference a privacy policy about how their information will be used. However, this does not mean that opt-in is required to send texts. Please see our guide for more information about 10DLC and opt-ins in ThruText.


Already Registered?

If your organization has already registered its Use Case before manual vetting was required, your Account Owners will be prompted to input your organization's URL. A prompt will appear when navigating to the Brand & Use Case Registration page for easy updating. Please link to your main site homepage.


While previously registered use cases remain active, we recommend updating your organization's website to follow current 10DLC website standards outlined below. This will decrease any friction when we reach out to our provider's on your behalf. Please reach out to support@getthru.io with any questions about your current use case or to check if your website complies with the most recent 10DLC guidelines.


Use Case Registration 

For a Use Case to pass manual vetting, your website must include both a Contact Source URL and Privacy Policy page during use case registration.


Screenshot of two text input boxes with black text on a white background. The top for Contact Source URL and the bottom for Privacy Policy URL


Contact Source URL

Carriers are looking to ensure that message senders support opt-in mechanisms for users. They are looking for a valid URL, specific to your organization, where your organization collects phone numbers from users. This URL should take the person verifying the application directly to the phone number collection page. To fulfill all the requirements for the contact source URL, the third-party vetting team verifies that the URL:

  • includes a phone number input field that is unchecked by default
  • shares opt-in language
  • provides an easily discoverable link to the privacy policy
  • is directly associated with your organization or is linked from your organization's website


Opt-in Language

An example of opt-in language would be:

"By providing your phone number, you agree to receive text messages from [brand name]. 

"By providing your phone number, you agree to receive text messages from [brand name]. Message and data rates may apply. Message frequency varies. Reply HELP to request help or STOP to opt out of text messages"

The opt-in language should ideally be adjacent to the phone number input field. Here's an example of what that may look like:


Screenshot of example Contact Source page with text input fields for first and last name, email, phone number, and zip code. At the bottom is an unchecked checkbox besides the opt in clause detailed above this image. In the navy-colored footer of the image is a link to the "Privacy Policy" page written in dark grey text.


Link to your Privacy Policy

Your organization's privacy policy should be easily accessible from the contact source URL. It can be found in your website's navigation menu, footer, or integrated directly within the contact source form.


External Forms

When utilizing external pages or forms for contact sources and/or privacy policies, it's essential that they are linked from a website directly associated with your organization. For example, if you wish to use a Google Form for your contact source, ensure that it's accessible through your organization's website as submitted on the Brand Registration form.


Privacy Policy

Carriers require a comprehensive privacy policy on your organization's website that discloses how your organization may collect, use, and share personal information. Privacy policies should ensure the protection of user information from unauthorized access, use, and disclosure. 


For best practices, it's recommended to craft a personalized privacy policy addressing the following key points:

  • The type of information your organization collects
  • How your organization collects that information from users
  • How your organization uses and shares any information collected
  • Explicitly states you do not share or sell personal information with third parties without consent or legal obligation
  • How users can unsubscribe/opt-out from text messages from your organization
  • Explain how your organization protects user data


Carriers closely scrutinize language related to sharing information with third parties for marketing purposes. Your privacy policy should clearly indicate that you only share personal information with third parties to fulfill your organization's obligation to its users. It must explicitly state otherwise that personal information will not be shared with third parties without consent or legal obligation, but especially never for marketing purposes.


There are two crucial aspects your privacy policy must cover. The absence of either of these elements will result in the rejection of the use case. However, this information on its own will not fulfill the requirements for the privacy policy URL. We provide examples of these in the next section.

  1. Your privacy policy must explicitly state that your organization does not share or sell personal information with third parties without consent, except when legally required to do so. 
  2. Your privacy policy must share instructions on how users can opt out of receiving text messages.


Examples of Required Language:

We recommend asserting your commitment to not sharing information with third parties without consent or legal obligation with the following language:

"[Your organization] maintains strict privacy policies to protect the personal information of our users obtained for text message communications. This information is never sold, rented, released, or traded to others without prior consent or legal obligation. Any sharing of information with third parties is solely for the purpose of fulfilling the organization's obligations to the user. Personally identifiable information will never be shared with third parties for marketing purposes."

To share opt-out instructions with users, we recommend sharing the following language in your privacy policy:

"Text Message Opt-Out: If you are receiving text messages from us and wish to stop receiving them, simply respond with either “STOP” or “UNSUBSCRIBE” to the number from which you received the message."

Creating your Privacy Policy

While we recommend crafting a personalized privacy policy, we understand that creating one from scratch can be challenging. Consider utilizing a privacy policy generator to assist you. You can read more about this here: Online Resources for Privacy Policies.


You can also reference GetThru's privacy policy here: https://www.getthru.io/privacy-policy


If your site doesn't include a contact source URL and/or privacy policy already, adding them is necessary to help your organization get approval through manual vetting. If a use case fails manual vetting, your site must be updated to fulfill the requirements, which will require restarting the manual vetting process. 


Before You Submit

Take this quiz to determine if your contact source URL and privacy policy URL fulfill all the necessary requirements.


We recommend sharing your privacy policy with GetThru Support for review before publishing it to your website, in case any revisions are required. Please write to support@getthru.io if you have questions or difficulty adding your website!