SMS Marketing Compliance Overview

At Postscript, compliance is our top priority. We've put together this guide to make it easy for you to ensure your SMS/MMS marketing campaigns comply with U.S. laws and regulations, including the Telephone Consumer Protection Act (TCPA). As you use Postscript, it's important to keep the following questions in mind:

  1. Have I researched and reviewed all applicable laws, regulations, and guidelines related to text message marketing, including the Telephone Consumer Protection Act (TCPA) and the applicable CTIA guidelines?
  2. Have I implemented a Terms of Service Agreement and a Privacy Policy for my Shopify store’s use of Postscript to conduct SMS/MMS marketing campaigns?
  3. Have I obtained TCPA-compliant written consent from each consumer, through which they have acknowledged and agreed to receive automated marketing messages from my Shopify store?

In this article, we'll discuss key elements and best practices of compliance, describe TCPA and SHAFT regulations, and cover regulations like quiet hours, abandoned cart requirements, list upload compliance and required language at opt-in sources.

Understanding the TCPA and Its Regulations


U.S. Congress passed the Telephone Consumer Protection Act (TCPA) and its accompanying regulations to control how companies can use SMS and MMS text messaging services to reach out to their consumers.

It is your responsibility to ensure that when using Postscript to send messages to consumers, you understand and are complying with all relevant TCPA regulations. Therefore, you should make yourself familiar with all applicable TCPA laws and the relevant industry guidelines that build on these laws, including the CTIA guidelines for text message marketing.

You can boil down the TCPA’s regulation of text message marketing campaigns to the following statement:

Consumers have the right not to receive unsolicited marketing communications via SMS, and companies should not send consumers automated SMS marketing text messages unless they have obtained a consumer’s prior express written consent.

Key Elements of Compliance


Under the TCPA, you can only send a consumer automated marketing messages once that consumer has provided you with prior expressed written consent. You can gather consent electronically, including through text messaging keywords.

However, at minimum, consent must contain explicit language for every element identified below and indicate that the consumer acknowledges and agrees to each.

  1. To receive recurring marketing messages on the consumer’s mobile phone number.
  2. That text messages may involve the use of an automatic telephone dialing system (“ATDS”).
  3. That consent is not a condition of purchase.

In 2024, The FCC clarified that marketing text messages are subject to do-not-call regulations. This clarification underscores the importance of obtaining valid consent for text message marketing. Non-compliant businesses risk litigation and substantial penalties, emphasizing the criticality of regulatory compliance in marketing practices.

In other words, you should retain consent so that you can produce it in the event of litigation as federal law dictates that it is the burden of the person sending the messages to prove that the consumer provided express written consent to text them.

Furthermore, you should ensure you are following the practices outlined in the latest version of CTIA’s Short Code Monitoring Handbook and CTIA’s Messaging Principles and Best Practices Guide, as these practices are designed to protect consumers and ensure your messages are being sent in a manner approved by the nation’s wireless carriers.

Compliance Language Requirements


You should include TCPA and CTIA-compliant language wherever a consumer is giving their consent to receive automated marketing messages.

This includes, but is not limited to:

  • Popups
  • Forms
  • Instagram Stories
  • Printed materials with QR Codes
  • Emails containing opt-in links

Below is TCPA and CTIA-compliant language: 

*By providing your phone number, you agree to receive recurring automated marketing text messages (e.g. cart reminders) from this shop and third parties acting on its behalf. Consent is not a condition to obtain goods or services. Msg & data rates may apply. Msg frequency varies. Reply HELP for help and STOP to cancel. You also agree to the Terms of Service and Privacy Policy.

Note: In order to collect subscribers compliantly, your shop's Terms of Service and Privacy Policy need to be hyperlinked in the language shown above. If they cannot be hyperlinked, the full URLs of each need to be included so a viewer may search your terms or privacy policy if needed.

For example, "You also agree to the Terms of Service (https:/myshop.com/terms-of-service/) and Privacy Policy (https://myshop.com/privacy-policy/).”

Localized SMS Compliance Laws

Some states have their own regulations and laws surrounding SMS marketing. In this section, you can find resources for more information about each state's laws and regulations:

Cart Recovery and Abandoned Cart Automations


In 2021, carriers enforced policies for abandoned shopping carts and abandoned checkout flows to ensure that their end consumers receive a consistent experience.

All automations related to abandoned shopping carts and abandoned checkouts should:

    • Be limited to only one message.
    • Send the message within 48 hours of the trigger event.

This is an industry-wide regulation; these policies are not driven by Postscript and they affect every SMS platform. Carriers require non-compliant senders to be blocked from sending messages beginning June 22, 2021.

   Important: Abandoned cart text messages, and all other cart recovery messages, can only be sent to individuals who have compliantly opted in to your store's SMS program before abandoning their cart. Learn more about growing your subscriber list here.

SMS Quiet Hours


Quiet hours are specific times during the day when you should avoid sending text messages to your subscribers (e.g., early in the morning, late at night, when they are sleeping, etc.). In addition to a bad customer experience, messages sent during these hours often lead to higher unsubscribe rates and a greater likelihood of customer complaints and spam reporting.

While there are no explicit federal laws outlining quiet hours for promotional text messages, TCPA and FCC guidance suggests that text messages should not be sent before 8 am and after 9 pm in the recipient's local time zone. Further, Florida, Maryland, Oklahoma, Connecticut, and Washington state laws imposed stricter requirements that state text messages can only be sent between the hours of 8 am and 8 pm in the recipient’s local time zone. New Jersey's waking hours are from 8am to 9pm local time. Finally, Oklahoma also limits the number of messages a subscriber can receive to 3 messages in a rolling 24-hour period. Learn more here.

To be safe, you should only send texts during the hours of 8 am to 8 pm in the recipient's local time zone.

At Postscript, we've implemented safeguards to assist shops in complying with quiet hours when sending campaigns and automations. These safeguards also allow shops to target subscribers at times that make sense across the contiguous U.S.

Postscript's current global waking hours are as follows:

  • Global legacy campaign waking hours:
    • 5 am - 8 pm PT (US/CAN excluding Florida, Connecticut, Maryland, Oklahoma, and Washington)
    • 8 am - 8 pm local time (Florida, Connecticut, Maryland, Oklahoma, and Washington)
    • 8 am - 9 pm local time (New Jersey)
  • Global legacy automation, automation flow, and campaign flow waking hours:
    • 8 am - 9 pm local time (US/CAN excluding Florida, Connecticut, Maryland, Oklahoma, and Washington)
    • 8 am - 8 pm local time (Florida, Connecticut, Maryland, Oklahoma and Washington)
    • 8 am - 9 pm local time (New Jersey)

    Note: "local time" refers to waking hours that are observed in the subscribers' local timezone based on their phone numbers.

While broad campaign hours allow shops to send geographically targeted campaigns during the waking hours across the country, Postscript recommends that you either:

      1. Segment your campaign sends such that messages are only sent between 8 am and 8 pm in each recipient's local time zone, or
      2. Only schedule campaign sends between 11 am EST and 8 pm EST to ensure messages are sent within waking hours regardless of the recipient's local time zone.

Automations, on the other hand, are less targeted and fire automatically, so we employ the most conservative nationwide waking hours window to ensure compliance without shop oversight.

If a user subscribes to (or unsubscribes from) your store during quiet hours, Postscript will still promptly send opt-in or opt-out messages as required by federal law.

How Quiet Hours Work

Postscript prevents you from sending campaigns and automations during SMS quiet hours. For more information on how quiet hours affect automations and campaigns, check out the tabs below.

Automations and Automation Flows Campaigns and Campaign Flows
If a subscriber triggers a legacy automation or an automation flow (ex: abandoned cart) during quiet hours, the automation will send during the next waking hours window.

List Upload Compliance


If you are new to Postscript, you may be able to upload a list of SMS subscribers you collected on another platform. These subscribers need to have been collected in a TCPA-compliant manner in order to be uploaded into Postscript.

You can upload your list by completing this form. Please note that by submitting a list for upload, you certify that you collected subscribers in a TCPA-compliant manner. If you're not sure, please consult a TCPA defense attorney.

Our team uploads and tags subscriber lists in 3 business days. You'll receive an email notification once a team member starts the process, and you will see a popup notification within your Postscript dashboard once this process completes. 

If you have collected subscribers on Facebook or by other means while already using Postscript, our team can review these subscribers but their upload is not guaranteed as list upload assistance is geared for accounts that are just getting started.  

SHAFT Compliance


SHAFT regulations protect consumers by prohibiting brands from sending content containing sex, hate, alcohol, firearms, or tobacco (CBD--included) to inappropriate audiences.  These regulations are industry-wide and affect every SMS platform, including Postscript.

While SHAFT content has been heavily regulated in SMS marketing for years, the CTIA tightened its rules surrounding this content in May 2021. As a result, Postscript can no longer service brands that offer or communicate about sex, hate, firearms, tobacco (CBD--included) products.

Brands that sell alcohol and adhere to specific CTIA requirements --including age-verifying both on the website and in the SMS thread-- are able to promote their brand via SMS marketing. 

As a carrier-trusted provider, Postscript offers in-thread age verification and is able to service US alcohol brands on the professional and enterprise plans starting in January 2023. If you are a brand that sells alcohol-related products, please see this article to understand how your brand can begin messaging the appropriate subscribers compliantly.

Compliance Best Practices


Avoid Sending Spam Profanity in Messages

While using Postscript, it is crucial that you adhere to our anti-spam policy, as well as all relevant laws and regulations where you operate (such as the Telephone Consumer Protection Act (“TCPA”)). Violations of the TCPA can lead to damages of $500-$1,500 per message, while violations of CTIA guidelines can lead to being prevented from using the wireless carrier networks.

While not a comprehensive list, here are two critical guidelines to always follow when adding subscribers to your text message marketing program:

  1. Clearly display TCPA & CTIA-compliant opt-in language. Clearly display language that states what the subscriber is signing up for and ensure that the language complies with all relevant laws and regulations, such as the TCPA and CTIA. 
  2. Do not precheck boxes on opt-in forms. Avoid prechecking boxes on any subscriber opt-in forms such as your checkout page. This helps ensure customers aren't automatically subscribed.

Please note that failure to follow the above guidelines violates our terms of use, and can lead to suspension or termination of your Postscript account.

Get Support


Have questions? Please feel free to reach out to our wonderful Support team at support@postscript.io or via live chat. You can also submit a support request here!

Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.

Was this article helpful?
2 out of 2 found this helpful