Understanding TCR and SMS Privacy Policy Requirements

Tags: , , ,
4 min read

About Beetexting

Beetexting

View all posts by Beetexting

Your guide to creating an SMS privacy policy for your website.

As a business leveraging 10DLC SMS for communication, you must meet specific requirements to ensure compliance and secure approval from The Campaign Registry (TCR).

One crucial requirement is having a clear and transparent SMS privacy policy that outlines how you handle personal data. This blog post will guide you through what an SMS privacy policy includes, why it’s important, and how to write one that works for your business.

What is a Privacy Policy?

A privacy policy is a legal document that explains how your company collects, uses, stores, shares, and protects personal information. It promotes transparency and ensures users understand your data-handling practices. Privacy policies are not just a legal formality—they’re an opportunity to build trust with your customers.

Organizations and regulations like The Campaign Registry (TCR), General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA), to name a few, are dedicated to protecting individuals’ privacy. As a business, it’s essential to adhere to these standards, especially when handling sensitive data through channels like SMS.

Why Do You Need an SMS-Specific Privacy Policy?

An SMS privacy policy is a specialized section of your general privacy policy (or a standalone page) that explains how you collect, use, and protect personal data gathered during SMS communication. Your privacy policy is mandatory for TCR approval and helps demonstrate your commitment to responsible data management.

Most digital activities—such as email marketing, digital advertising, SMS campaigns, e-commerce, and mobile apps—require proof of a privacy policy to use their tools and services. For SMS campaigns, a well-crafted privacy policy ensures compliance with TCR’s requirements and avoids application rejections.

What Should Your SMS Privacy Policy Include?

Each SMS privacy policy is unique and specific to your business and legal obligations. Here are key elements your policy should include:

  1. Program overview: Clearly describe your intention with collecting customer information for SMS, and what types of messages users can expect to receive from you (e.g., promotions, reminders, updates).
  2. Data collection: Outline the types of personal information you collect (e.g., phone numbers, names, message content). Explain how this data is collected, such as web forms.
  3. Purpose of data use: Communicate why you are collecting data (to send SMS messages, provide customer support, etc.)
  4. Data protection measures: Outline how you safeguard data against unauthorized access, breaches, or misuse.
  5. Third-party sharing: State if and when personal data is shared with third parties (e.g., SMS service providers) and under what circumstances.
  6. User rights: Provide options for users to access, correct, or delete their personal information. Should also include clear opt-out instructions (Reply "STOP" to opt-out of messages).
  7. Retention policy: Indicate how long data is stored and the criteria for its deletion.
  8. Contact information: Offer a point of contact for privacy-related inquiries or concerns.

What doesn't work: A vague or incomplete privacy policy can lead to TCR rejections. A comprehensive, user-friendly policy not only ensures compliance but also reinforces trust with your audience.

Creating an Effective SMS Privacy Policy

Here is an example structure for your review.

THIS SAMPLE PRIVACY POLICY IS NOT LEGAL ADVICE AND IS FOR INFORMATIONAL PURPOSES ONLY. This sample privacy policy may not meet all the legal requirements applicable to you.

Introduction

[Organization Name] values the privacy of your communication and is committed to safeguarding your SMS contact and content data. We do not sell or share SMS contact or content data with third parties.

Collection and Use of SMS Data

When you communicate with [Organization Name] via SMS, we may collect information such as:

    • Your phone number
    • The content of your messages

This information is used solely for the following purposes:

    • Responding to your inquiries
    • Providing customer support
    • Communications regarding [Use Case 1], [Use Case 2], or [Use Case 3]

We will not use your SMS data for any other purpose without your written consent.

Protection of SMS Data

[Organization Name] employs industry-standard security measures to protect SMS data from unauthorized access, disclosure, alteration, or destruction. We are dedicated to ensuring the confidentiality and integrity of your SMS communications.

Disclosure of SMS Data

[Organization Name] does not disclose SMS contact or content data to third parties unless:

    • Required by law
    • Necessary to protect the rights, property, or safety of [Organization Name], its users, or others

Your Rights

You have the right to:

    • Access, correct, or delete your SMS contact or content data, except where retention is required by law

For assistance or to exercise your rights, please contact us at [Organization Email].

Changes to this SMS Privacy Policy

[Organization Name] reserves the right to update or modify this SMS Privacy Policy at any time. Changes will be effective immediately upon posting the revised policy on our website. We encourage you to review this policy periodically for updates.

Contact Us

If you have questions or concerns regarding this SMS Privacy Policy or our privacy practices, please contact us at [Organization Email].

Need Inspiration?

While you should create a privacy policy tailored to your business, reviewing examples can provide valuable insights. Check out:

Remember, your privacy policy should reflect your actual practices and comply with applicable laws. Consult with a legal advisor to ensure accuracy and compliance.

ARTICLE: Top 5 Reasons TCR Gets Denied

Back To Blog