Compliance Checklist for Dedicated Phone Numbers and Short Codes

At Postscript, we are committed to helping keep you and your brand compliant as it pertains to SMS messaging and subscriber collection.

We have created the below checklist to help those merchants with dedicated phone numbers and short codes ensure their SMS marketing efforts are compliant with TCPA, CTIA, and telephone carrier requirements.

Calls to Action


All Calls to Action (CTAs) that ask for users to opt-in to SMS Marketing messaging, such as popups (desktop and mobile), forms, keyword marketing, and checkout pages must include compliant language per telephone carrier policy.

We break down additional compliance requirements below by CTA type.

Desktop and Mobile Popups

The following applies to all popups created either through Postscript or via an integration.

  • If using desktop or mobile popups to collect phone numbers, then phone number collection must have a field separate from other collection fields (like email) and be displayed separate from other forms of communication (like email).
    • Compliant example: First page of a popup collects email. The second page collects a phone number and displays compliant language.
  • Opt-in is optional, meaning visitors have the option to exit out of the popup without entering any information.
  • Phone fields on popups must include the following language in order to be compliant:
    • Affirmative consent to receive automated text message marketing messages and an explicit call out that this encompasses cart reminders
    • The frequency with which messages will be sent
    • "Message and data rates may apply"
    • Opt-out instructions (i.e. "Reply HELP for help and STOP to cancel")
    • Link to SMS Terms of Service
    • Link to Privacy Policy
Note: Forms used to collect SMS subscribers must also include opt-in compliance language that follows the above requirements. This includes forms embedded in your website or forms used for giveaways or promotions.

Checkout Page

The following applies to all checkout pages that collect subscribers. This includes Shopify Plus merchants and those merchants using a custom checkout or checkout integration with Recharge or ChartHook. All other merchants cannot collect subscribers at checkout at this time. This includes requesting SMS marketing consent from the top-most customer contact field reserved for account identification and login. Learn more here.

  • Fields that reference phone number collection cannot be pre-checked.
  • Phone fields are clearly marked as optional.
  • Compliant language must appear directly below the phone field.
    • Shopify Plus merchants can install Postscript’s SDK, which adds the correct compliance language to your checkout page. Learn more here.

Complaint opt-in language must be present and on the same popup, form, or checkout page where a user opts in. It cannot be hidden or on a separate page. 

Here is TCPA-approved compliance language:

*By providing your phone number, you agree to receive recurring automated marketing text messages (e.g. cart reminders) from this shop and third parties acting on its behalf. Consent is not a condition to obtain goods or services. Msg & data rates may apply. Msg frequency varies. Reply HELP for help and STOP to cancel. You also agree to the Terms of Service and Privacy Policy.

Note: In order to collect subscribers compliantly, your shop's Terms of Service and Privacy Policy need to be hyperlinked in the language shown above. If they cannot be hyperlinked, the full URLs of each need to be included so a viewer may search your terms or privacy policy if needed.

For example, "View our Terms of Service (https:/myshop.com/terms-of-service/) and Privacy Policy (https://myshop.com/privacy-policy/).”

Terms of Service


You must link to your Terms of Service in any opt-in Calls to Action (CTAs) such as popups, forms, and checkout pages. You should also link to your Terms of Service in the footer of your website.

Your Terms of Service must include the following information:

  • The name of your message program
  • Description of the program and types of messages you will send
  • The frequency at which you’ll send messages (see example in our template below)
  • "Message and data rates may apply" and "Message frequency varies" disclosure
  • Opt-out instructions
    • For recurring campaigns, this will be the STOP keyword. Single message campaigns will vary by program.
  • Customer care information such as the HELP keyword or any other form of support contact
  • "Carriers are not liable for delayed or undelivered messages" disclosure
  • Link to your Privacy Policy

We’ve created a draft Terms of Service regarding SMS that includes the above requirements that you can use and/or reference for compliance. You will need to add this wording to your existing Terms of Service. Please note that this template lists instructions at the top that require your attention throughout the document. View our Terms of Service template here.

Privacy Policy


You must link to your Privacy Policy in any opt-in Calls to Action (CTAs) such as popups, forms, and checkout pages. You should also link to your Privacy Policy in the footer of your website.

Your Privacy Policy must include the following wording:

"Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system."

We’ve drafted language regarding SMS marketing that should be added to your Privacy Policy. View this language here.

Get Support


Have questions? Please feel free to reach out to our wonderful Support team at support@postscript.io or via live chat. You can also submit a support request here!

Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.

Was this article helpful?
0 out of 0 found this helpful