Use the links to jump to relevant sections of the article.
Basic consumer consent rules in the USA
Like email, in the US, the FCC highly regulates text messaging to a personal phone number under the Telephone Consumer Protection Act (TCPA). In addition, cellular carriers (such as AT&T, Verizon, or T-Mobile) control SMS traffic and block messages that don't conform to industry rules and regulations.
To comply with these rules, you must:
- Have consent from guests and future guests before sending out text messages.
- Clearly identify your business as the sender when sending SMS messages to guests and future guests.
- Have an opt out option so consumers can choose not to receive messages.
- Make sure that your Terms and Conditions and privacy policies have relevant information and clauses. For more information on how you can write and set these up check out this post by termsfeed.
Laws you should be aware of
Below are some of the privacy and anti spam laws you will want to be aware of.
CAN-SPAM is the United States' anti-spam law that businesses that use SMS marketing are obligated to follow. Failure to follow its requirements can result in fines and jail time. The Federal Trade Commission (FTC) website outlines some of CAN-SPAM's requirements.
The California Consumer Privacy Act (CCPA/CPRA). Businesses that make over $25 million a year and collect or share personal information from more than 50,000 California residents each year or get at least half of their revenue from selling the personal information of California residents must observe the CCPA's guidelines. Section 1798.100 of the CCPA outlines some of California consumers' rights and applicable businesses' responsibilities under the Act:
The General Data Protection Regulation (GDPR) is the European Union's (EU) data privacy law. The GDPR applies to businesses that collect and/or use personal data from consumers living within the EU, and gives EU consumers the ability to view, edit, and delete their own data.
Companies that violate the GDPR can be fined up to 4% of their annual revenue. To be in compliance with the GDPR, businesses must:
- Only collect or process data that is essential to the functioning of the business
- Keep the collected personal data secure
- Inform consumers of their rights to access, change, or delete their personal data
Article 5 of the GDPR describes how businesses should treat the personal data they collect.
If you engage in SMS marketing with citizens of the EU, you must make sure you are not in violation of the GDPR.
Double Opt In
A double opt in is best practice, and in most cases, Required by Spam and privacy regulation. Double opt in makes guests agree to receive SMS from you 2 separate times. First when they give you their contact information, and a second time when they receive the first message from you confirming that they signed up to receive sms communication from you.
Check out this article from rejoiner for more information on opt in.
IVY SMS opt out
Ivy is preloaded with Messages for opt out and terms and conditions. See below for more information.
- Your initial Welcome Message contains an OPT-OUT or STOP clause and the ability to check terms and services. For example, “Message & data rates may apply. Text STOP to unsubscribe or TERMS for T&C.”
- If the guest replies with the keyword “TERMS,” Ivy will reply with a link to your Terms and Conditions.
- If the guest replies to Ivy with the keyword “STOP”, Ivy will block the guest from receiving all further messages from the platform. The guest will receive a message confirming that they have been unsubscribed and inform them of the option to resubscribe by replying “START”.
- Hotels should only send Marketing or Promotional offers if the guest has opted-in by providing their express written consent. This can be accomplished by asking the guest to reply with a specific opt-in keyword such as “agree” or “join” to consent to receive promotional messages.