At Grasshopper, we are committed to supporting our customers through the evolving requirements of SMS compliance. We work closely with customers and the providers who deliver messaging traffic to monitor registration rates and understand what parts of the process may be confusing or challenging. A missing or noncompliant privacy policy is one of the most common reasons local number SMS registrations get rejected. (Demonstrating opt-in practices is another common challenge; see our post here for detailed guidance about opt-in.)
As a business owner and message sender, you are responsible for creating a privacy policy that complies with CTIA (Cellular Telecommunications Industry Association) guidelines and any state-specific privacy laws. Grasshopper cannot provide legal advice or dictate the terms of a legally compliant privacy policy, but we have compiled general guidance below to help you get started as you create a policy that reflects your specific business practices.
When you submit your local number SMS registration, carriers’ reviewers will search your website to find your privacy policy. Here are some key questions they typically expect a privacy policy to answer:
- What information do you collect from your customers? This could be contact information such as email address, phone number, mailing address, or even payment information like a credit card number. Be sure to be explicit with the types of data being collected.
How do you collect it? Common ways to collect customer information include a form on your website, by email, as part of your service contract, in person at point of sale, etc.
Why do you need this information and how do you use it? For example: you need address information to provide your services onsite at the customer’s location, contact information is used to schedule and confirm appointments, etc.
Do you share your customers’ information with anyone? If so, who do you share with and for what purpose?
Please note your registration will be denied by carriers if you share or sell customer information to third parties for promotional purposes. Assuming your do not engage in that kind of sharing, you should state it explicitly in you policy. For examples: "Customer information is never shared with third parties/affiliates for marketing/promotional purposes."
Information sharing is permitted for legitimate business purposes (e.g. to support essential business operations such as shipping or payment processing), but it cannot include the sharing of mobile information or opt-in consent. Assuming you do not share opt-in info, you should state that explicitly in your policy. For example: "All sharing mentioned in this policy excludes mobile opt-in and consent; opt-in information is never shared with anyone for any purpose."
How can customers opt out of communications with you? For example, by texting/replying STOP, UNSUBSCRIBE, QUIT; by unsubscribing from your emails, etc.
How can customers get more information about your privacy practices or request changes to their information? For example, a phone number, email, or contact form on your website.
It's important to make your privacy policy readily available on your website and anywhere that you collect customer information such as linked within a contact form, included in a service contract where you gather customer information, etc. When you submit your 10DLC registration, this will be a key component that carriers look for as they verify your business.
As a Grasshopper customer, we make it easy for you to start your 10DLC registration directly within the Admin portal.
For more information about the overall process and how to complete the registration form, see our support article.