At Postscript, compliance is our top priority. We've put together this guide to make it easy for you to ensure your SMS/MMS marketing campaigns comply with U.S. laws and regulations, including the Telephone Consumer Protection Act (TCPA). As you use Postscript, it's important to keep the following questions in mind:
- Have I researched and reviewed all applicable laws, regulations, and guidelines related to text message marketing, including the Telephone Consumer Protection Act (TCPA) and the applicable CTIA guidelines?
- Have I obtained TCPA-compliant written consent from each consumer, through which they have acknowledged and agreed to receive automated marketing messages from my Shopify store?
In this article, we'll discuss key elements and best practices of compliance, describe TCPA and SHAFT regulations, and cover regulations like quiet hours, abandoned cart requirements, list upload compliance and required language at opt-in sources.
Understanding the TCPA and Its Regulations
U.S. Congress passed the Telephone Consumer Protection Act (TCPA) and its accompanying regulations to control how companies can use SMS and MMS text messaging services to reach out to their consumers.
It is your responsibility to ensure that when using Postscript to send messages to consumers, you understand and are complying with all relevant TCPA regulations. Therefore, you should make yourself familiar with all applicable TCPA laws and the relevant industry guidelines that build on these laws, including the CTIA guidelines for text message marketing.
You can boil down the TCPA’s regulation of text message marketing campaigns to the following statement:
Consumers have the right not to receive unsolicited marketing communications via SMS, and companies should not send consumers automated SMS marketing text messages unless they have obtained a consumer’s prior express written consent.
Key Elements of Compliance
Under the TCPA, you can only send a consumer automated marketing messages once that consumer has provided you with prior expressed written consent. You can gather consent electronically, including through text messaging keywords.
However, at minimum, consent must contain explicit language for every element identified below and indicate that the consumer acknowledges and agrees to each.
- To receive recurring marketing messages on the consumer’s mobile phone number.
- That text messages may involve the use of an automatic telephone dialing system (“ATDS”).
- That consent is not a condition of purchase.
You should retain consent so that you can produce it in the event of litigation as federal law dictates that it is the burden of the person sending the messages to prove that the consumer provided express written consent to text them.
Furthermore, you should ensure you are following the practices outlined in the latest version of CTIA’s Short Code Monitoring Handbook and CTIA’s Messaging Principles and Best Practices Guide, as these practices are designed to protect consumers and ensure your messages are being sent in a manner approved by the nation’s wireless carriers.
Compliance Language Requirements
You should include TCPA and CTIA-compliant language wherever a consumer is giving their consent to receive automated marketing messages.
This includes, but is not limited to:
- Instagram Stories
- Printed materials with QR Codes
- Emails containing opt-in links
Below is TCPA and CTIA-compliant language:
Localized SMS Compliance Laws
Some states have their own regulations and laws surrounding SMS marketing. In this section, you can find resources for more information about each state's laws and regulations:
Cart Recovery and Abandoned Cart Automations
In 2021, carriers enforced policies for abandoned shopping carts and abandoned checkout flows to ensure that their end consumers receive a consistent experience.
All automations related to abandoned shopping carts and abandoned checkouts should:
- Be limited to only one message.
- Send the message within 48 hours of the trigger event.
This is an industry-wide regulation; these policies are not driven by Postscript and they affect every SMS platform. Carriers require non-compliant senders to be blocked from sending messages beginning June 22, 2021.
SMS Quiet Hours
Quiet hours are specific times during the day when you should avoid sending text messages to your subscribers (e.g., early in the morning, late at night, when they are sleeping, etc.). In addition to a bad customer experience, messages sent during these hours often lead to higher unsubscribe rates and a greater likelihood of customer complaints and spam reporting.
While there are no explicit federal laws outlining quiet hours for promotional text messages, TCPA and FCC guidance suggests that text messages should not be sent before 8 am and after 9 pm in the recipient's local time zone. Further, Florida, Oklahoma, and Washington state laws imposed stricter requirements that state text messages can only be sent between the hours of 8 am and 8 pm in the recipient’s local time zone. Oklahoma also limits the number of messages a subscriber can receive to 3 messages in a rolling 24-hour period. Learn more here.
To be safe, you should only send texts during the hours of 8 am to 8 pm in the recipient's local time zone.
At Postscript, we've implemented safeguards to assist shops in complying with quiet hours when sending campaigns and automations. These safeguards also allow shops to target subscribers at times that make sense across the contiguous U.S.
Postscript's current global waking hours are as follows:
- Global legacy campaign waking hours:
- 5 am - 8 pm PT (US/CAN excluding Florida, Oklahoma, and Washington)
- 8 am - 8 pm local time (Florida, Oklahoma, and Washington)
- Global legacy automation, automation flow, and campaign flow waking hours:
- 8 am - 9 pm local time (US/CAN excluding Florida and Washington)
- 8 am - 8 pm local time (Florida, Oklahoma and Washington)
Note: "local time" refers to waking hours that are observed in the subscribers' local timezone based on their phone numbers.
While broad campaign hours allow shops to send geographically targeted campaigns during the waking hours across the country, Postscript recommends that you either:
- Segment your campaign sends such that messages are only sent between 8 am and 8 pm in each recipient's local time zone, or
- Only schedule campaign sends between 11 am EST and 8 pm EST to ensure messages are sent within waking hours regardless of the recipient's local time zone.
Automations, on the other hand, are less targeted and fire automatically, so we employ the most conservative nationwide waking hours window to ensure compliance without shop oversight.
If a user subscribes to (or unsubscribes from) your store during quiet hours, Postscript will still promptly send opt-in or opt-out messages as required by federal law.
How Quiet Hours Work
Postscript prevents you from sending campaigns and automations during SMS quiet hours. For more information on how quiet hours affect automations and campaigns, check out the tabs below.
If a campaign flow is sent or scheduled to send during quiet hours, Postscript will hold off sending the campaign flow until waking hours begin in the subsciber's timezone.Postscript will not allow you to send or schedule legacy campaigns to send during quiet hours. You will receive a notification within the Postscript app. Our recommendation is to schedule your campaign to send during the next waking hours window.
List Upload Compliance
If you are new to Postscript, you may be able to upload a list of SMS subscribers you collected on another platform. These subscribers need to have been collected in a TCPA-compliant manner in order to be uploaded into Postscript.
You can upload your list by completing this form. Please note that by submitting a list for upload, you certify that you collected subscribers in a TCPA-compliant manner. If you're not sure, please consult a TCPA defense attorney.
Our team uploads and tags subscriber lists in 3 business days. You'll receive an email notification once a team member starts the process, and you will see a popup notification within your Postscript dashboard once this process completes.
If you have collected subscribers on Facebook or by other means while already using Postscript, our team can review these subscribers but their upload is not guaranteed as list upload assistance is geared for accounts that are just getting started.
SHAFT regulations protect consumers by prohibiting brands from sending content containing sex, hate, alcohol, firearms, or tobacco (CBD--included) to inappropriate audiences. These regulations are industry-wide and affect every SMS platform, including Postscript.
While SHAFT content has been heavily regulated in SMS marketing for years, the CTIA tightened its rules surrounding this content in May 2021. As a result, Postscript can no longer service brands that offer or communicate about sex, hate, firearms, tobacco (CBD--included) products.
Brands that sell alcohol and adhere to specific CTIA requirements --including age-verifying both on the website and in the SMS thread-- are able to promote their brand via SMS marketing.
As a carrier-trusted provider, Postscript offers in-thread age verification and is able to service US alcohol brands on the professional and enterprise plans starting in January 2023. If you are a brand that sells alcohol-related products, please see this article to understand how your brand can begin messaging the appropriate subscribers compliantly.
Compliance Best Practices
While using Postscript, it is crucial that you adhere to our anti-spam policy, as well as all relevant laws and regulations where you operate (such as the Telephone Consumer Protection Act (“TCPA”)). Violations of the TCPA can lead to damages of $500-$1,500 per message, while violations of CTIA guidelines can lead to being prevented from using the wireless carrier networks.
While not a comprehensive list, here are two critical guidelines to always follow when adding subscribers to your text message marketing program:
- Clearly display TCPA & CTIA-compliant opt-in language. Clearly display language that states what the subscriber is signing up for and ensure that the language complies with all relevant laws and regulations, such as the TCPA and CTIA.
- Do not precheck boxes on opt-in forms. Avoid prechecking boxes on any subscriber opt-in forms such as your checkout page. This helps ensure customers aren't automatically subscribed.
The CTIA is a trade association representing the wireless communications industry in the United States. This group creates and enforces guidelines and best practices as it relates to SMS marketing.
Below is an excerpt from CTIA's Messaging Principles and Best Practice guide regarding profanity:
5.3.1 Prevention of Unlawful Activities or Deceptive, Fraudulent, Unwanted, or Illicit Content Message
Senders should use reasonable efforts to prevent and combat unwanted or unlawful messaging traffic, including spam and unlawful spoofing. Specifically, Message Senders should take affirmative steps and employ tools that can monitor and prevent Unwanted Messages and content, including for example content that: (1) is unlawful, harmful, abusive, malicious, misleading, harassing, excessively violent, obscene/illicit, or defamatory; (2) deceives or intends to deceive (e.g., phishing messages intended to access private or confidential information); (3) invades privacy; (4) causes safety concerns; (5) incites harm, discrimination, or violence; (6) is intended to intimidate; (7) includes malware; (8) threatens Consumers; or (9) does not meet age-gating requirements. Message Senders can also review the Common Short Code Handbook for further examples of Unwanted Message content.
Further, Message Senders should take steps to ensure that marketing content is not misleading and complies with the Federal Trade Commission’s (FTC) Truth-In-Advertising rules.
The guidelines are especially relevant to shortcodes, which are built for marketing and distributed to specific industries (like Postscript). As a result, carriers monitor shortcodes more closely.
Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.