Skip to main content

Compliance & Best Practices

Stay compliant with SMS regulations and follow industry best practices.

Overview

SMS compliance protects:

  • Your business from fines
  • Customer privacy
  • Your sender reputation
  • Message deliverability

TCPA Compliance

Telephone Consumer Protection Act

Key requirements:

1. Prior express consent

  • Must have customer's permission
  • Before sending marketing messages
  • Written or electronic consent

2. Clear opt-out mechanism

  • Every marketing message needs opt-out
  • Example: "Reply STOP to opt out"
  • Must honor immediately

3. Identify your business

  • Include business name in messages
  • Example: "- Acme Dental"
  • Customer knows who's texting

Message Types

Transactional vs Marketing

Transactional messages:

  • Appointment confirmations
  • Booking receipts
  • Reminders
  • Order status
  • Account notifications
  • No opt-out required
  • Consent implied (customer initiated)

Marketing messages:

  • Promotional offers
  • Announcements
  • Newsletters
  • General updates
  • Opt-out required
  • Explicit consent needed

Valid consent methods:

1. During booking/purchase

☑ Yes, send me appointment reminders via text
☑ I'd like to receive special offers via SMS

2. Website opt-in

  • Checkbox on forms
  • Clear what they're agreeing to
  • Separate from other consents

3. Verbal consent (recorded)

  • During phone call
  • "May we send you text confirmations?"
  • Note in customer record

4. Reply to opt-in keyword

  • Customer texts JOIN, START, etc.
  • Confirmation sent
  • Opt-in recorded

Not acceptable:

  • Pre-checked boxes
  • Purchased phone lists
  • Implied consent for marketing
  • Consent for one purpose used for another

Opt-Out Management

Honor STOP Requests

Automatic handling:

  • Customer texts: STOP, UNSUBSCRIBE, CANCEL, END, QUIT
  • Immediately added to opt-out list
  • Confirmation sent
  • No more marketing messages

Confirmation message:

"You're unsubscribed from marketing messages.
Text START to re-subscribe. - [Business]"

Opt-Out List Management

Best practices:

  1. Maintain permanent opt-out list
  2. Check before sending
  3. Never remove without customer request
  4. Sync across all systems
  5. Include in exports/backups

Transactional exception:

  • Can still send appointment reminders
  • Can send order updates
  • Cannot send promotions

Required Message Elements

Marketing Messages Must Include

1. Business identification

Bad: "50% off today only! Reply YES to book."
Good: "50% off today at Style Studio! Reply YES. - Style Studio"

2. Opt-out instructions

"Special offer: $10 off your next visit!
Call 555-0100 to book. Reply STOP to opt out. - Acme Dental"

3. Help keyword (recommended)

"Reply HELP for info or STOP to opt out"

Transactional Messages Should Include

1. Business name

"Appointment confirmed for tomorrow at 2pm. - Style Studio"

2. Contact info

"Order ready! Call 555-0100 or reply with questions."

3. Clear purpose

"Reminder: Haircut tomorrow at 2pm with Style Studio."

Timing Restrictions

When to Send

Acceptable hours:

  • 8:00 AM - 9:00 PM (recipient's local time)
  • Industry standard
  • Reduces complaints

Respect time zones:

  • Consider customer location
  • Not your business location
  • Critical for multi-state businesses

Best practice:

  • 9:00 AM - 8:00 PM even safer
  • Avoid early morning/late evening
  • Respect weekends (unless expected)

Content Restrictions

Avoid Spam Triggers

Don't use:

  • ALL CAPS
  • Multiple exclamation points!!!
  • $ $ $ symbols everywhere
  • "FREE!!!" excessively
  • Shortened URLs without context

Carriers flag:

  • Spam-like content
  • Too many links
  • Suspicious keywords
  • High volume from new number

Prohibited Content

Never send:

  • Adult content
  • Illegal activities
  • Deceptive claims
  • Phishing attempts
  • Malware/virus links
  • Get-rich-quick schemes

Record Keeping

Documentation Requirements

Maintain records of:

  • Consent (when/how obtained)
  • Message logs (sent/received)
  • Opt-out requests
  • Complaint handling

Retention period:

  • Keep at least 4 years
  • Some states require longer
  • Export regularly

Access in Voka AI:

  • AnalyticsMessages (message history)
  • SettingsOpt-Out List
  • Export regularly for backup

High-Volume Messaging

10DLC Registration

For high volume (>2,000 msgs/day):

  • Register with carriers
  • Verify business identity
  • Describe use case
  • Improves deliverability

Voka AI handles:

  • Automatic registration (Business+ plans)
  • Carrier approvals
  • Ongoing compliance

Note: Not required for most businesses

Carrier Guidelines

Following Carrier Rules

Carriers monitor:

  • Message volume
  • Opt-out rate
  • Spam complaints
  • Content patterns

Consequences of violations:

  • Message filtering
  • Delivery delays
  • Number suspension
  • Account termination

Stay compliant:

  • Honor opt-outs immediately
  • Send only to consented customers
  • Avoid spam content
  • Monitor deliverability

Best Practices

Deliverability

Improve message delivery:

1. Warm up new numbers

  • Start with low volume (50/day)
  • Gradually increase
  • Build sender reputation

2. Monitor metrics

  • Track delivery rates
  • Watch for failures
  • Address issues quickly

3. Clean your list

  • Remove inactive numbers
  • Honor opt-outs
  • Verify number validity

4. Avoid suspicious patterns

  • Don't send identical messages rapidly
  • Vary timing slightly
  • Personalize when possible

Customer Experience

1. Set expectations

  • Tell customers what to expect
  • How often you'll text
  • What types of messages

2. Provide value

  • Every message should help customer
  • Don't over-message
  • Respect their time

3. Make opt-out easy

  • Don't hide instructions
  • Process immediately
  • Confirm opt-out

4. Professional communication

  • Proofread messages
  • Consistent tone
  • Timely responses

Industry-Specific Rules

Healthcare (HIPAA)

Additional requirements:

  • Avoid PHI (Protected Health Information) in SMS
  • General reminders okay ("Appointment tomorrow")
  • Don't include: diagnosis, treatment details, test results
  • Get explicit consent for SMS communications

Example:

Bad: "Reminder: Blood test results appointment tomorrow 2pm"
Good: "Reminder: Appointment tomorrow at 2pm. - Medical Center"

Financial Services

Extra caution:

  • No sensitive account details via SMS
  • Two-factor authentication codes okay
  • Balance/transaction alerts need consent
  • Secure alternatives for sensitive info

International Messaging

Global Compliance

Each country has rules:

  • Canada: CASL (Canadian Anti-Spam Legislation)
  • EU: GDPR considerations
  • UK: Privacy and Electronic Communications Regulations
  • Australia: Spam Act 2003

Best practice:

  • Research target country rules
  • Obtain explicit consent
  • Provide clear opt-out
  • Limit to transactional if unsure

Violation Penalties

Consequences

TCPA penalties:

  • $500-$1,500 per violation
  • Each message can be a violation
  • Class action lawsuits possible

Carrier penalties:

  • Filtering/blocking
  • Number suspension
  • Account termination
  • Difficult to recover

Best protection:

  • Follow all guidelines
  • Maintain consent records
  • Honor opt-outs immediately
  • Monitor compliance regularly

Compliance Checklist

Before Sending

  • ☑ Have customer consent?
  • ☑ Message type clear (transactional/marketing)?
  • ☑ Includes business name?
  • ☑ Opt-out instructions (if marketing)?
  • ☑ Within acceptable hours?
  • ☑ Customer not on opt-out list?
  • ☑ Content compliant (no spam triggers)?
  • ☑ Message provides value?

Resources

Learn More

TCPA Information:

  • FCC TCPA Guidelines
  • CTIA Messaging Principles

Voka AI Tools:

  • Automatic opt-out handling
  • Consent tracking
  • Message logs
  • Compliance reports

Need help?