Building 10DLC-compliant privacy policies

An organization must have a privacy policy to be compliant with 10DLC regulations. We provide detailed information on what is needed for your contact source URL and privacy policy in our guide Contact Source URL and Privacy Policy.

In this guide, we will detail an organization's options for getting assistance from online resources that generate custom privacy policies. We do recommend crafting your own personalized privacy policy, but we understand input from online resources may be useful to complete this step of the process.

A privacy policy generator automates the process of creating a privacy policy for a website by providing a template and customizable options to suit the organization's data collection and usage practices.

Here are some examples of online resources that provide privacy policy generators that may be helpful:

Ensure that your Privacy Policy Complies with 10DLC Standards

After a privacy policy is generated, it should be revised to ensure it complies with 10DLC standards. First, make sure that it is comprehensive and addresses these key points:

  • The type of information your organization collects
  • How your organization collects that information from users
  • How your organization uses and shares any information collected
  • Explain how your organization protects user data

Next, ensure that your privacy policy covers these crucial aspects: 

  • Your privacy policy must explicitly state that your organization does not share or sell personal information with third parties without consent, except when legally required to do so. 
  • Your privacy policy must share information about how to opt out of further communications, particularly text messages.

The absence of either of these elements will result in the rejection of the use case. Please note that if a privacy policy generator is used, we recommend reviewing, editing, and/or amending the policy to verify that it covers these points.

Explicitly Stating that Your Organization Does Not Share Information

Carriers closely scrutinize any language that might be interpreted as sharing information with third parties for marketing purposes. Your privacy policy can state that it shares personal information strictly for the purposes of conducting essential business operations, but it should explicitly mention that personal information will otherwise not be shared with third parties without the consent of the user or unless legally required. To address these concerns, we recommend ensuring that the language of your policy reflects these sentiments.

A generated policy will contain separate sections for each topic of your policy. There will typically be a section regarding when information is shared with others. We recommend asserting your commitment to not sharing information without consent or legal obligation with the following language at the beginning of this section:

"[Your organization] maintains strict privacy policies to protect the personal information of our users obtained for text message communications. This information is never sold, rented, released, or traded to others without prior consent or legal obligation. Any sharing of information with third parties is solely for the purpose of fulfilling the organization's obligations to the user. We guarantee that it will never be shared with third parties for marketing purposes."

Next, review any bullets in the section about sharing information for anything that is inconsistent with the requirements mentioned so far. Mentions of marketing can lead to the rejection of the use case, so these should be reworded or removed.

Opt-Out instructions

Your privacy policy must include instructions on how to opt out of further text communications. We recommend adding the following language to an appropriate section within your privacy policy:

"Text Message Opt-Out: If you are receiving text messages from us and wish to stop receiving them, simply respond with either “STOP” or “UNSUBSCRIBE” to the number from which you received the message. Once we receive your message, you will no longer receive further text messages from us."

Before You Submit

Take this quiz to determine if your contact source URL and privacy policy URL fulfill all the necessary requirements.

We recommend sharing your privacy policy with GetThru Support for review prior to adding it to your website, in case any revisions are required. Please write to if you have any questions or difficulty adding your website!