Skip to main content

Privacy Policy

The privacy policy is a non-negotiable requirement for all brands to ensure compliance with 10DLC regulations. Businesses are required to clearly state how consumer data is collected, used, and protected. The privacy policy must explicitly state that the brand does not share information with third parties for marketing purposes, even if they don’t engage in such practices.

Requirements

  1. The Privacy Policy must be publicly accessible on the website, ideally located in the footer section to ensure visibility and easy access for users. 
    1. If the brand already has a privacy policy in PDF format but does not have it published on the website, embedding that document on the website is a valid option. 
    2. For brands that do not have a website, this is still required and may be submitted as a PDF attachment. However, it must ultimately be made easily accessible to consumers through appropriate channels.  
  2. Clear Description of Data Use: 
    1. Privacy Policy must clearly state what Personally Identifiable Information (PII) are collected (e.g. phone numbers, names, location, etc.) 
    2. State how information is used. 
    3. Must state that consumer PII will not be sold, rented, or shared with third parties for marketing purposes. 
  3. To ensure compliance, this language must be added: 
    1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 

What to do if a brand does not have a Privacy Policy? 

  1. Create a Privacy Policy: draft a privacy policy by outlining how the brand collects, use, store, and protect user data. Be sure to include information like: 
    1. The types of data collected (e.g., phone numbers, names, etc.) 
    2. How data is used (e.g., for sending messages) 
    3. Whether they share data with third parties (e.g. service providers) 
    4. How users can opt-out or request their data be deleted 
    5. Add this language:  
      1. No phone/mobile number information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. 
      2. The statement above indicates that data categories such as names and addresses will be shared with third parties, excluding text messaging opt-in data and consent, which are handled separately and not shared. 
  2. Use a Privacy Policy Generator: If the brand doesn’t have the resources to write a policy from scratch, they can explore online tools that can help generate a privacy policy tailored to their needs. These tools can give them a basic template to work with. 
  3. Consult with a Legal Professional: have a lawyer review their privacy policy, especially if the brand operates in a regulated industry or if unsure about specific legal requirements. 
No Comments
Back to top