Brand and Campaign Registration

Privacy Policy

The privacy policy is a non-negotiable requirement for all brands to ensure compliance with 10DLC regulations. Businesses are required to clearly state how consumer data is collected, used, and protected. The privacy policy must explicitly state that the brand does not share information with third parties for marketing purposes, even if they don’t engage in such practices.

Requirements

  1. The Privacy Policy must be publicly accessible on the website, ideally located in the footer section to ensure visibility and easy access for users. 
    1. If the brand already has a privacy policy in PDF format but does not have it published on the website, embedding that document on the website is a valid option. 
    2. For brands that do not have a website, this is still required and may be submitted as a PDF attachment. However, it must ultimately be made easily accessible to consumers through appropriate channels.  
  2. Clear Description of Data Use: 
    1. Privacy Policy must clearly state what Personally Identifiable Information (PII) are collected (e.g. phone numbers, names, location, etc.) 
    2. State how information is used. 
    3. Must state that consumer PII will not be sold, rented, or shared with third parties for marketing purposes. 
  3. To ensure compliance, this language must be added: 
    1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 

What to do if a brand does not have a Privacy Policy? 

  1. Create a Privacy Policy: draft a privacy policy by outlining how the brand collects, use, store, and protect user data. Be sure to include information like: 
    1. The types of data collected (e.g., phone numbers, names, etc.) 
    2. How data is used (e.g., for sending messages) 
    3. Whether they share data with third parties (e.g. service providers) 
    4. How users can opt-out or request their data be deleted 
    5. Add this language:  
      1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 
      2. The statement above indicates that data categories such as names and addresses will be shared with third parties, excluding text messaging opt-in data and consent, which are handled separately and not shared. 
  2. Use a Privacy Policy Generator: If the brand doesn’t have the resources to write a policy from scratch, they can explore online tools that can help generate a privacy policy tailored to their needs. These tools can give them a basic template to work with. 
  3. Consult with a Legal Professional: have a lawyer review their privacy policy, especially if the brand operates in a regulated industry or if unsure about specific legal requirements. 

TCR Brand Registration Requirements Guide

Due to the ever-changing nature of the 10DLC Messaging Initiative, this guide may quickly be outdated, however you will be updated on the information when trying to register your Brand.

Information Needed

Note:  If a system message is sent to recipients within a Brand's Campaign, it will include the name entered within the 'DBA or Brand Name if different from legal name' field during Brand Registration. 

A. WHEN REGISTERING A PRIVATE COMPANY
Legal company name, country of registration, Employer ID Number (EIN) / Tax ID, address, vertical, and contact details.

B. WHEN REGISTERING A PUBLIC COMPANY
Legal company name, country of registration, Employer ID Number (EIN) / Tax ID, address, website address, vertical, stock symbol, stock exchange, and contact details.

C. WHEN REGISTERING A CHARITY / NON-PROFIT ORGANIZATION
Legal company name, country of registration, Employer ID Number (EIN) / Tax ID, address, vertical, and contact details.

Note: If registering as a Non-Profit with a 'Charity' Special Campaign Use Case, you must also use the EIN and Legal Company name that matches your Federal Government Registration as a Non-Profit, and you must have a 501(c)(3) tax-exempt status to qualify as a Non-Profit Organization.

D. WHEN REGISTERING A GOVERNMENT ENTITY
Legal company name, country of registration, Employer ID Number (EIN) / Tax ID, address, vertical, website, and contact details.

Entering the correct Tax ID

The Tax ID number is used in conjunction with the company’s name, address, and other information to ensure we perform a background investigation on the correct company. The following guidelines provide the best verification opportunity for your company.

United States

If you are a US company or a foreign company with a US IRS Employer Identification Number (EIN), please enter the nine-digit number found in the EIN field and ensure that your legal company name is consistent with your IRS registration, including proper spelling. The address you enter should also be the same as that used in registering with the IRS.

Canada

On July 27th, TCR will switch to only accepting the Business Number (BN) rather than the Corporation/Incorporation/Registry ID numbers for Canadian Brand Registration. Until that time we will accept either the BN or the Corporation/Incorporation/Registry ID numbers. We will only accept the first 9 numeric digits of the BN (BN-9).  

Here is an example of the format of a BN where the bolded part is the part we will collect in the Canadian Brand: 

Tax/Corporation ID field: 123456789RT0001 

Brand Identity Verification

Each Brand will automatically go through an Identity Verification process. TCR validates the EIN, Legal Company Name, and Legal Company Address with third-party independent sources and confirms the existence of the Brand with a verification “Status” (Verified/Unverified).

Being a ‘Verified’ Brand is a requirement to message on 10DLC, and Identity Verification is a crucial step for each registered Brand. We suggest paying attention to entering correct and up-to-date information to allow the Brand to be swiftly verified. 

The outcome of Identify Verification shall be communicated to the Reseller upon submission of the form within one business day via email. 

‘Unverified’ Brands

Unverified Brands cannot register 10DLC campaigns, they must obtain the ‘Verified’ status if they wish to do so. These are the options available:

  1. Any ‘Unverified’ Brand can be resubmitted for verification for a fee of $4.  
  2. Any ‘Unverified’ Brand can request or import external Vetting through a third-party vetting process for an additional fee of $40.00 (Aegis Mobile).  We will provide instructions on how to do this if your brand is reported back to you as “Unverified”. 

In both cases, it is crucial that details about the Brand are corrected and updated before any submission.

Class/Tier assignment flow for Brands

For companies (Brands) who are a member of the Russell 3000, TCR will automatically assign available Classes (AT&T) or Tiers (T-Mobile) to their Brand. Verified Brands that are not part of the Russell 3000 list can improve their Class/Tier assignment through vetting.

image.png

Vetting

CSPs can apply for vetting on behalf of the Brand through one of TCR's external vetting partners to gain access to special use cases or improve the quality of service (where applicable).  The current Vetting partner used today is Aegis, there is an additional one-time fee of $40.00. 

Brand Details Update

In case of errors during Brand registration or change in Brand information over time, TCR allows updating your Brand information and resubmission of your Identity Verification for a fee of $4.00.

Website/Online Presence 

Please make sure to include any website or online presence the customer has. This can include a social media page, as long as our aggregator can access it and verify the business is who they say they are. Even if the customer avoids putting their website, our aggregator will search for the business to see if there’s any associated website. If there is prohibited content on their website, the campaign will be rejected. 


 Acceptable Rejected
Website
  • working and secured website 
  • If website has a webform that is used to collect mobile numbers, opt-in language is required 
  • The site's content and offerings correspond to the proposed messaging use cases 
  • Unsecured and non-working website 
  • A website that lands on a domain parking site (e.g. GoDaddy, Wix, or others)  
  • A website that is an empty placeholder (or a “coming soon” site) 
  • A website with a webform that collects phone numbers but no opt-in language
Facebook, Instagram, Twitter, and other social media page
  • Brand is clearly identified (meaning the brand name or DBA is the same as what appears on their social media) 
  • A more established social media presence will be more likely to be approved than something that was more recently launched 
  • Social media page should be public 
  • If the company's website that collects phone numbers is listed or mentioned on the customer’s social media page, the DCA will check it and reject the campaign. 
  • Private page
LinkedIn
  • LinkedIn page should be a company listing – not an individual 
  • LinkedIn page should be public
  • The 'About' section of the company page doesn't have enough information 
  • Private page
Yelp
  • Make sure your business page on Yelp is viewable in all regions
Profile Sites
  • Common with physicians, medical, and occasionally legal professionals, these sites provide general information about the professional in question.


IMPORTANT: sample Opt In language that can be added to webforms if used to collect phone numbers:

By clicking " Submit " I agree to receive emails, text messages, and phone calls, which may be recorded and/or sent using automated dialing or emailing equipment or software unless I opt-out from such communications. I also agree to the Terms of Use and Privacy Policy linked below. I understand that my consent to be contacted is not a requirement to purchase any product or service and that I can opt-out at any time. I agree to pay my mobile service provider's text messaging rates, if applicable." 

10DLC Key Attributes to get your Campaign Approved

Pre-Registration Guidelines 

These factors are critical for a successful registration process, so addressing them thoroughly can help avoid rejections: 

Phone Number and Email  

Website/Online Presence 

Brands must have a legitimate, well-established website that meets all necessary criteria. A website is essential for 10DLC campaign approval, as it serves as a key verification tool for the Direct Connect Aggregator (DCA), or “aggregator” to confirm the business’s legitimacy and compliance. The aggregator will review the website to ensure it aligns with the brand and campaign content. Without a website, the campaign will be rejected. 

Each website must contain a Privacy Policy page to be accepted. 

Note: Any other online presence (such as Facebook, Instagram, etc.) will ONLY be acceptable if the brand does not have an official website. However, they also must have a Privacy Policy. 

Use Case

As mandated by MNOs, TCR requires the CSP to declare a Use Case at the beginning of the Campaign Registration process. Select the appropriate use case that would best align with the type of content you intend to send.  

IMPORTANT: Do not select the 'Low Volume Mixed' use case if the brand sends high volume traffic. Applying for external vetting to improve throughput will have no effect on campaigns with this use case. A new campaign would need to be registered using appropriate use cases, such as Mixed, Customer Care, Account Notifications, etc. as only these are eligible for throughput enhancement through external vetting.

Campaign Description 

A Campaign Description includes the intended purpose of the overall messages. A few examples of this are sending appointment reminders, sending 2FA codes, responding to inquiries, sending transaction notifications, or providing customer support updates. 

Your campaign description should answer the questions:  

For Example:  

Sample Messages 

The sample messages should show the kind of messages that would be sent by the campaign.  A sample message is required for each use case selected. The message should be relevant to the specific use case and the purpose of messaging described in the campaign description. 

Requirements: 

IMPORTANT: If the Campaign & Content Attributes for embedded links and phone numbers are checked as "Yes," please provide a sample message that shows this.

Call-to-Action / Message Flow

An explanation on how the brand obtains the numbers and consent from the consumers they text. If there are multiple methods involved, it must be disclosed in the CTA (Call-to-Action). 

  1. Consent Prompt is a method designed to confirm a consumer’s consent twice. This process is used to ensure that the recipient has explicitly opted in to receive text from the Brand. 
  2. Enabling this feature improves the likelihood of campaign approval. It assures the DCA and carriers that consent is explicitly obtained. 
  3. Once the campaign is approved with this setting on, you will no longer be able to turn it off. Disabling this setting will require you to register a new campaign, adhering to 10DLC guidelines. 

IMPORTANT: Carriers have the authority to reject campaigns and require double opt-in. When this happens, we cannot override their decision. Carriers may require this if they determine that the consent process is insufficient or if they identify any potential risks related to the brand based on their own internal vetting process.

Website 

Brand collects consent when consumers fill out a webform on the website, providing their explicit consent to receive SMS from the brand. 

Requirements: 

  1. Provide the exact URL(s) where the webform is located. 
  2. The form must contain SMS disclaimer: 
    1. Brand Name  
    2. Program Description (messages consumers expect to receive from the brand)
    3. “Message & data rates may apply.”  
    4. “Message frequency may vary.”  
    5. “You can text HELP for support or STOP at any time to unsubscribe.”  
    6. Link to Privacy Policy and Terms - must direct to the brand's own Privacy Policy, not to a third-party
  3. The SMS disclaimer must contain a checkbox alongside it: 
    1. The checkbox must not be pre-checked.
    2. Checking the box must be optional for users to submit the form.
  4. For campaigns that intends to send marketing messages, the phone/mobile number field must be optional.
    1. However, if the form is exclusively intended for SMS use, the phone number field may be required. 

      image.png


  5. If the brand sends marketing and non-marketing SMS options, the SMS disclaimer must be broken out. Marketing SMS Disclaimer can't be merged with other programs and checkbox for other programs.
  6. If the website is not disclosed as part of the opt-in process, but the webform clearly indicates phone numbers will be used for SMS communication (as implied in the existing SMS Disclaimer), this should be included in the CTA. However, if the existing SMS disclaimer is not in compliance, the brand needs to either: 
    1. Revise the webform to meet requirements. 
    2. If the webform is not intended for SMS communication, completely remove any SMS related disclaimer to prevent rejection.

image.png

The above SMS disclaimer does not meet compliance requirements and needs to be either updated or removed.

Suggested SMS Disclaimer Table

Non-Marketing SMS Disclaimer
Marketing SMS Disclaimer
I consent to receive text messages about [NON-MARKETING PROGRAM DESCRIPTION] from [Brand Name] at the phone number I provided. I acknowledge that my consent is not a condition of purchase. Msg & data rates may apply. Msg frequency varies. Reply HELP for assistance or STOP to opt out of receiving messages. Privacy Policy [link] & Terms [link] (where applicable).  I consent to receive marketing text messages, such as [MARKETING PROGRAM DESCRIPTION], from [Brand Name] at the phone number I provided, including messages sent via auto dialer. I understand that my consent is not a condition of purchase. Msg & data rates may apply. Msg frequency varies. Reply HELP for assistance or STOP to opt out of receiving messages. Privacy Policy [link] & Terms [link] (where applicable). 

Sample non-marketing program description:  

  • Order status  
  • Shipping updates  
  • Security alerts 
  • Account activity
  • Important announcements  
  • Event reminders  
  • Appointment reminders 

Sample marketing program description:  

  • Promotional offers  
  • New product announcements  
  • Personalized recommendations  
  • Exclusive promotions  
  • Product launches  
  • Sales events  
  • Discounts 


Example non-marketing SMS Form:

image.png

Example Mixed Form (Marketing and Non-Marketing):

image.png

IMPORTANT: Do not use language in the SMS Disclaimer that could be seen as a forced opt-in, such as "By submitting," "By completing this form," or similar phrases.

Form 

Consumers opt in by completing/signing a form to give written consent.

Requirements:

  1. Attach a copy of the physical form. Add an explanation of how consumers can access this form. This must be uploaded to the CTA Multimedia section when submitting the campaign.
  2. The form must contain the necessary SMS Disclaimer: 
    1. Brand Name  
    2. Program Description (messages consumers expect to receive from the brand)
    3. Message & data rates may apply.”  
    4. “Message frequency may vary.”  
    5. “You can text HELP for support or STOP at any time to unsubscribe.”  
    6. Information how the brand handles SMS data or a direct link to the privacy policy

Sample Form: 

image.png

Verbal 

Consumers opt in to the brand by providing verbal consent.  

Requirements: 

  1. Provide the scenario in which the verbal exchange took place: For example, a phone call or face-to-face conversation. 
  2. Provide the script used when obtaining verbal consent. Script must include the following SMS disclaimers: 
    1. Brand Name  
    2. Program Description (messages consumers expect to receive from the brand)
    3. “Message & data rates may apply.”  
    4. “Message frequency may vary.”  
    5. “You can text HELP for support or STOP at any time to unsubscribe.”  
    6. “Visit our website to view our privacy policy at www.abc.com/privacy-policy” 
  3. For marketing messages, double opt-in is highly recommended to ensure approval. 
    1. Verbal consent can be the initial step, but a follow-up SMS confirmation should be sent to the consumer to get the consumer's explicit consent for marketing messages. 
    2. This piece is vital because verbal consent are typically not documented and can therefore be difficult to prove in the event of any dispute. 

Do we have your permission to send appointment reminders via text from ACME Corp to the number provided? Standard message and data rates may apply. Message frequency may vary. You can reply HELP for support or STOP to opt out of future messages. For more details, please visit our privacy policy on our website.

Keyword/Text

Consumers opt in by texting an opt-in keyword to a phone number associated with a brand, giving explicit consent. 

Requirements: 

  1. Provide proof (screenshot or link) on which the opt in instructions is displayed
  2. Instruction must include the Keyword customer needs to use to opt in: e.g., START, SUBSCRIBE, OPT IN, etc.  
  3. Provide the phone number to which consumers need to text the opt in keyword
  4. Instruction or advertisement must contain SMS Disclaimer:   
    1. Brand Name  
    2. Program Description (messages consumers expect to receive from the brand)
    3. “Message & data rates may apply.”
    4. “Message frequency may vary.”
    5. “You can text HELP for support or STOP at any time to unsubscribe.”  
    6. Link to Privacy Policy and Terms 

QR Code  

A QR code allows consumers to opt-in by scanning a code.

Requirements: 

  1. Provide a copy of the QR code or provide a link where consumers can access this. The QR code must be uploaded in the CTA multimedia section. 
  2. The QR code must let users know what to expect when they scan the QR code. For example, "Scan this QR code to opt in to messaging!" 
  3. QR code instructions must contain SMS Disclaimer: 
    1. Brand Name   
    2. Program Description (messages consumers expect to receive from the brand)
    3. “Message & data rates may apply.”  
    4. “Message frequency may vary.”  
    5. “You can text HELP for support or STOP at any time to unsubscribe.”   
    6. Link to Privacy Policy and Terms. 

image.png

Note: The QR code should be tested prior to submitting the campaign to ensure it works as expected. Scan it to verify that it leads to the correct destination (whether it’s a sign-up page, landing page, etc.), and check for any potential issues like broken links or misdirects. 

Privacy Policy 

The privacy policy is a non-negotiable requirement for all brands to ensure compliance with 10DLC regulations. Businesses are required to clearly state how consumer data is collected, used, and protected. The privacy policy must explicitly state that the brand does not share information with third parties for marketing purposes, even if they don’t engage in such practices.

Requirements

  1. The Privacy Policy must be publicly accessible on the website, ideally located in the footer section to ensure visibility and easy access for users. 
    1. If the brand already has a privacy policy in PDF format but does not have it published on the website, embedding that document on the website is a valid option. 
    2. For brands that do not have a website, this is still required and may be submitted as a PDF attachment. However, it must ultimately be made easily accessible to consumers through appropriate channels.  
  2. Clear Description of Data Use: 
    1. Privacy Policy must clearly state what Personally Identifiable Information (PII) are collected (e.g. phone numbers, names, location, etc.) 
    2. State how information is used. 
    3. Must state that consumer PII will not be sold, rented, or shared with third parties for marketing purposes. 
  3. To ensure compliance, this language must be added: 
    1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 

What to do if a brand does not have a Privacy Policy? 

  1. Create a Privacy Policy: draft a privacy policy by outlining how the brand collects, use, store, and protect user data. Be sure to include information like: 
    1. The types of data collected (e.g., phone numbers, names, etc.) 
    2. How data is used (e.g., for sending messages) 
    3. Whether they share data with third parties (e.g. service providers) 
    4. How users can opt-out or request their data be deleted 
    5. Add this language:  
      1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 
      2. The statement above indicates that data categories such as names and addresses will be shared with third parties, excluding text messaging opt-in data and consent, which are handled separately and not shared. 
  2. Use a Privacy Policy Generator: If the brand doesn’t have the resources to write a policy from scratch, they can explore online tools that can help generate a privacy policy tailored to their needs. These tools can give them a basic template to work with. 
  3. Consult with a Legal Professional: have a lawyer review their privacy policy, especially if the brand operates in a regulated industry or if unsure about specific legal requirements. 

Terms & Conditions  

The terms and conditions can either be presented as part of the call-to-action (CTA) or via a dedicated webpage on the website. Pop-ups cannot be used to display terms and conditions. 

This is required for all 10DLC messaging campaigns. This typically outlines general business practices.  However, what the DCA is looking for are the terms related to messaging such as: 

Brand Name and Program Description 
 By voluntarily providing your mobile phone number and explicitly opting in to SMS, you consent to receive SMS messages from [Your Brand Name] related to [describe the purpose, e.g., "order updates, promotional offers, or account notifications"].
Message and Data Rates 
 Standard message and data rates may apply depending on your carrier. 

Message Frequency 
  • Message frequency may vary. 
  • You may receive [X] SMS messages per [week/month]
Opting Out 
 You may opt out of receiving SMS messages at any time by replying with "STOP" to any SMS message you receive from us. After opting out, you will receive a confirmation message, and we will cease sending SMS messages to your number.

Help Information 

 If you need assistance or have questions about our SMS service, reply with "HELP" to any SMS message you receive, or contact our customer support team at [support contact information]
Privacy Policy 
 Your phone number will be handled in accordance with our Privacy Policy, available at [link to Privacy Policy]. We do not sell or share your phone number with third parties except as required by law.


Campaign & Content Attributes 

Campaign and Content Attributes refers to the specific characteristics of the messaging, such as the type of content, and any elements included in the message. During the Campaign registration process, you will be asked to answer ‘Yes’ or ‘No’ to indicate whether the Campaign has the following attributes. Some attributes may require you to add specific information: 

IMPORTANT: Non-acceptable age gating function includes but is not limited to Yes or No responses. 

What to Avoid