10DLC website requirements
As carriers evolve their 10DLC requirements to prevent spam messages, we are committed to helping keep your organization compliant. For users submitting new Use Cases, there are additional fields for a Contact Source URL and a Privacy Policy URL on the Brand Registration page.
Why does my organization need a URL to our website?
As malicious actors continue using the texting medium to send spam, carriers have instituted a manual verification level above The Campaign Registry. In an effort to reduce spam, carriers are vetting an organization's website to ensure that they have a place where a contact can opt into text messages knowingly and can reference a privacy policy about how their information will be used. However, this does not mean that opt-in is required to send texts. Click here for more information about 10DLC and opt-ins.
Already Registered?
If your organization has already registered its Use Case before manual vetting was required, your Account Owners will be prompted to input your organization's URL. A prompt will appear when navigating to the Brand & Use Case Registration page for easy updating. Please link to your main site homepage.
Use Case Registration
For a Use Case to pass manual vetting, your website must include both a Contact Source URL and Privacy Policy page during use case registration.
Contact Source URL
Carriers are looking to ensure that message senders support opt-in mechanisms for users. They are looking for a valid URL, specific to your organization, where your organization collects phone numbers from users. This URL should take the person verifying the application directly to the phone number collection page. To fulfill all the requirements for the contact source URL, the third-party vetting team verifies that the URL:
- includes a phone number input field
- shares opt-in language
- provides an easily discoverable link to the privacy policy
- is directly associated with your organization or is linked from your organization's website
Opt-in Language
An example of opt-in language would be:
"By providing your phone number, you agree to receive text messages from this organization. Message and data rates may apply. Message frequency varies." |
The opt-in language should ideally be adjacent to the phone number input field. Here's an example of what that may look like:
Link to your Privacy Policy
Your organization's privacy policy should be easily accessible from the contact source URL. It can be found in your website's navigation menu, footer, or integrated directly within the contact source form.
External Forms
When utilizing external pages or forms for contact sources and/or privacy policies, it's essential that they are linked from a website directly associated with your organization. For example, if you wish to use a Google Form for your contact source, ensure that it's accessible through your organization's website as submitted on the Brand Registration form.
Privacy Policy
Carriers require a comprehensive privacy policy on your organization's website that discloses how your organization may collect, use, and share personal information. Privacy policies should ensure the protection of user information from unauthorized access, use, and disclosure.
For best practices, it's recommended to craft a personalized privacy policy addressing the following key points:
- The type of information your organization collects
- How your organization collects that information from users
- How your organization uses and shares any information collected
- Explicitly states you do not share or sell personal information with third parties without consent or legal obligation
- How users can unsubscribe/opt-out from text messages from your organization
- Explain how your organization protects user data
Carriers closely scrutinize language related to sharing information with third parties for marketing purposes. Your privacy policy should clearly indicate that you only share personal information with third parties to fulfill your organization's obligation to its users. It must explicitly state otherwise that personal information will not be shared with third parties without consent or legal obligation, but especially never for marketing purposes.
There are two crucial aspects your privacy policy must cover. The absence of either of these elements will result in the rejection of the use case. However, this information on its own will not fulfill the requirements for the privacy policy URL. We provide examples of these in the next section.
- Your privacy policy must explicitly state that your organization does not share or sell personal information with third parties without consent, except when legally required to do so.
- Your privacy policy must share instructions on how users can opt out of receiving text messages.
Examples of Required Language:
We recommend asserting your commitment to not sharing information with third parties without consent or legal obligation with the following language:
"[Your organization] maintains strict privacy policies to protect the personal information of our users obtained for text message communications. This information is never sold, rented, released, or traded to others without prior consent or legal obligation. Any sharing of information with third parties is solely for the purpose of fulfilling the organization's obligations to the user. We guarantee that it will never be shared with third parties for marketing purposes." |
To share opt-out instructions with users, we recommend sharing the following language in your privacy policy:
"Text Message Opt-Out: If you are receiving text messages from us and wish to stop receiving them, simply respond with either “STOP” or “UNSUBSCRIBE” to the number from which you received the message. Once we receive your message, you will no longer receive further text messages from us." |
Creating your Privacy Policy
While we recommend crafting a personalized privacy policy, we understand that creating one from scratch can be challenging. Consider utilizing a privacy policy generator to assist you. You can read more about this here: Online Resources for Privacy Policies.
You can also reference GetThru's privacy policy here: https://www.getthru.io/privacy-policy.
If your site doesn't include a contact source URL and/or privacy policy already, adding them is necessary to help your organization get approval through manual vetting. If a use case fails manual vetting, your site must be updated to fulfill the requirements, which will require restarting the manual vetting process.
Before You Submit
Take this quiz to determine if your contact source URL and privacy policy URL fulfill all the necessary requirements.
We recommend sharing your privacy policy with GetThru Support for review before publishing it to your website, in case any revisions are required. Please write to support@getthru.io if you have questions or difficulty adding your website!