Guide · Privacy policy

A2P 10DLC Privacy Policy Requirements & SMS Data-Sharing Language

US carriers require campaign privacy policies to address the SMS program specifically — a generic privacy policy alone is one of the most common rejection causes. This guide lists what reviewers expect, with copy-paste templates.

What reviewers check for

A dedicated Mobile Messaging or SMS Program section.
How phone numbers are collected (opt-in source: web form, QR, paper, verbal, in-app).
The program description: what messages, frequency, STOP/HELP behavior, rates language.
An explicit statement that no mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
Data retention disclosure for phone numbers and message records.
Security overview and contact info for privacy inquiries.
Public reachability — the policy URL must work without authentication.

The data-sharing clause that gets approved

Use this language verbatim or close to it:

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories described in our broader Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Full SMS-section template

## Mobile Messaging (SMS) Program

This section applies to the SMS messaging program operated by {Brand Name}.

**Program description.** When you opt in to receive text messages from {Brand Name}, you may receive {types}. Message frequency {freq}. Message and data rates may apply. Reply STOP to unsubscribe at any time. Reply HELP for help.

**How we collect your number.** We collect your mobile number when you (a) submit it through a web form on our website, (b) provide it verbally and confirm via SMS, (c) provide it on a paper form, or (d) text a keyword to our number. In every case, your express consent is required prior to sending program messages.

**No sharing of mobile information.** No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories described in our broader Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

**Data we collect.** We collect your phone number, the date/time and source of your opt-in, message content sent and received, and opt-out events.

**Retention.** Mobile numbers and opt-in records are retained for as long as you remain opted in and for a reasonable period thereafter to maintain audit records and demonstrate compliance.

**Security.** We apply administrative, technical, and physical safeguards to protect mobile information.

**Contact.** Questions about this SMS program: {contact email}.

Where to publish

Your live privacy policy page (publicly reachable, no auth required).
Linked from your website footer.
Linked from the opt-in CTA, near the consent checkbox.

Get the full Approval Packet — your privacy addendum is one of eight artifacts inside.

The free decoder gives you the diagnosis. The $199 Approval Packet gives you every paste-ready field, screenshot checklist, and submission step. No demos. No calls.

Decode my rejection — Free See pricing

FAQ

Can I link my privacy policy from a third-party host?

Yes, but the policy URL should match the brand's domain when possible. Hosting on a third-party tool is acceptable only if the URL clearly belongs to your brand.

Do I need a separate "SMS Terms" page?

Not strictly. A clear SMS section inside your main privacy policy is acceptable to TCR/carriers as long as all required elements are present.