Compliance Guide

SMS Opt-In Compliance & Configuration

How to capture consent correctly, configure opt-out keywords, include required message disclosures, and meet A2P 10DLC carrier obligations — so your SMS notifications stay legal and land in inboxes.

This is practical guidance, not legal advice.

SMS compliance rules (TCPA, CTIA, state laws) change regularly. The steps below reflect common industry requirements as of early 2026. For campaigns with high message volume or legal exposure, consult a communications attorney.

Why SMS Compliance Matters

TCPA violations can result in $500–$1,500 per text message in statutory damages.

The Telephone Consumer Protection Act (TCPA) governs business text messaging in the US. Sending marketing or promotional texts without proper consent exposes your shop to class-action lawsuits, FCC complaints, and carrier-side blocking. Even transactional messages (order updates, shipping alerts) require documented consent if they are sent using an automated system.

TCPA

Federal law. Requires prior express written consent for automated marketing texts. $500–$1,500 per violation.

CTIA Guidelines

Carrier-enforced rules. Non-compliance results in message filtering or number deregistration — no lawsuit needed.

A2P 10DLC

US carrier registration program. Unregistered traffic is blocked. Registration demonstrates compliant messaging.

Note: Order status updates and shipping notifications are generally considered transactional messages, which carry lighter compliance requirements than marketing texts. But you still need documented consent and must honor opt-outs immediately.

How to Capture Valid Opt-In Consent

Consent must be explicit, documented, and obtained before the first message.

You need proof that each customer agreed to receive texts from your shop before you send them anything. The CTIA calls this prior express written consent. There are several valid ways to capture it:

Checkbox on order form / job intake form

The most common method for screen print shops. When a customer places an order (in person, via your website, or in your customer portal), show a checkbox that reads:

☐ I agree to receive order updates and notifications via SMS from [Your Shop Name]. Message & data rates may apply. Message frequency varies. Reply STOP to opt out at any time.

The checkbox must be unchecked by default — a pre-checked box does not constitute valid consent.

Keyword opt-in (text-to-join)

Customers text a keyword to your Twilio number to opt in. Common keywords: JOIN, YES, ORDERS. You must advertise this keyword somewhere visible (email signature, storefront, invoice footer). After they text in, send a confirmation reply immediately.

Example confirmation replySend automatically when JOIN is received

[Shop Name]: You're signed up for order updates! Msg&data rates may apply. Msg freq varies. Reply STOP to cancel, HELP for info.

Written consent at point of sale

A physical or digital form the customer signs when placing an order in person. The form must include the same required language as the checkbox above. Keep a copy (scanned or digital) for your records.

Legal requirement: You cannot rely on a customer giving you their phone number as opt-in consent. Providing a phone number is not the same as agreeing to receive automated text messages. You need a separate, affirmative act.

Every valid opt-in disclosure must include:

Your shop's name (so the customer knows who is texting)
A brief description of the types of messages they'll receive
Message frequency disclosure (e.g., "Message frequency varies" if it's unpredictable, or "Up to 4 msgs/order" if you know the count)
"Message & data rates may apply" — required verbatim
How to opt out (e.g., "Reply STOP to cancel")
How to get help (e.g., "Reply HELP for info")

Required Opt-Out Keywords

Carriers mandate that these keywords always trigger an immediate unsubscribe.

Under CTIA rules, your messaging system must recognize the following standard opt-out keywords and immediately stop sending messages when any of them are received. Twilio handles this automatically for your registered number — but you need to understand what's happening so you can troubleshoot and keep your customer records in sync.

STOPPrimary opt-out keyword. Twilio unsubscribes the number automatically and sends a confirmation reply.

STOPALLOpt out from all messages on the number, including future campaigns. Treated identically to STOP.

UNSUBSCRIBEAlternative opt-out. Carriers require this be treated the same as STOP.

CANCELAlternative opt-out. Must trigger unsubscribe.

ENDAlternative opt-out. Must trigger unsubscribe.

QUITAlternative opt-out. Must trigger unsubscribe.

Watch out: Twilio manages opt-out blocking automatically at the carrier level for your registered number — once a customer texts STOP, your number physically cannot deliver messages to them until they opt back in (by texting START or UNSTOP). You cannot override this. Do not attempt to message opted-out numbers by switching to a different number — carriers track this behavior and will deregister your brand.

Required help keyword:

HELPMust trigger an informational reply containing your shop name, a support contact, and opt-out instructions. Example: '[Shop Name] Help: For support call/text 555-1234. Reply STOP to unsubscribe. Msg&data rates may apply.'

Re-opt-in keywords (customers can re-subscribe after opting out):

STARTStandard re-opt-in keyword. Twilio re-enables delivery to this number.

UNSTOPAlternative re-opt-in keyword. Treated identically to START.

YESCan be used as a re-opt-in keyword in some campaign configurations. Confirm with your Twilio campaign settings.

Managing SMS Opt-Ins in Kontrol™

Where customer SMS preferences live and how to update them.

1
Open any customer record from the Customers page.
2
Find the "Notifications" section in the customer detail panel. Each customer has a toggle for SMS notifications.
3
When a customer asks to opt out (by any method — phone call, in-person, reply to a text), turn off their SMS toggle immediately.
4
Add a note in the customer record with the date, how they opted out ("replied STOP", "called in", etc.), and the staff member who recorded it.
5
The automation engine checks this toggle before sending any SMS. A customer with SMS disabled will receive email notifications only.

Legal requirement: If Twilio automatically blocks a number (because the customer texted STOP), you must also turn off the SMS toggle in Kontrol™ — otherwise your automation logs will fill with failed delivery errors and it looks like a system problem when it's actually an opted-out number.

Note: Twilio's opt-out list and Kontraktr™'s customer toggles are independent systems. Twilio blocks delivery at the carrier level; Kontraktr™'s toggle prevents the send attempt from even happening. Keep both in sync for clean logs and accurate delivery reporting.

Required Content in Every SMS

What each message must include to stay compliant.

CTIA guidelines require specific elements in different message types. Here's what must be in each category:

Every outbound business message must include:

Your shop name (so the customer knows who it's from)
Opt-out instruction on the first message in any conversation and at least every 30 days for recurring message programs (e.g., "Reply STOP to opt out")

For your initial opt-in confirmation message:

Your shop name
Confirmation that they've been enrolled
Message frequency disclosure
"Msg & data rates may apply"
STOP and HELP keyword instructions

What you must NOT include in business SMS:

Clickbait or misleading subject lines (yes, applies to SMS bodies too)
URL shorteners that mask the destination (use your actual domain — short links from bit.ly are flagged by carriers)
Cannabis, gambling, alcohol, adult content, hate speech, or firearms-related content (even if legal in your state — these are carrier-level bans)
Deceptive pricing or misleading promotions

Compliant message examples for screen printing shops:

Order shipped✓ Has shop name + STOP instruction

Ink & Thread Co: Your order #1042 has shipped! Track it: kontraktr.io/track/abc123. Reply STOP to opt out.

Art approval request✓ Has shop name + STOP instruction

Ink & Thread Co: Your mockup for order #1042 is ready for review. Approve or request changes here: [portal link]. Reply STOP to opt out.

Invoice ready✓ Has shop name + STOP instruction

Ink & Thread Co: Invoice #INV-0089 for $320 is ready. Pay online: [link]. Questions? Call 555-1234. Reply STOP to opt out.

Order complete / pickup✓ Has shop name + STOP instruction

Ink & Thread Co: Your order is complete and ready for pickup at 123 Main St! We're open M-F 9am–5pm. Reply STOP to opt out.

Tip: Kontraktr™'s default SMS templates already include the shop name shortcode ({{shop_name}}). Add "Reply STOP to opt out" to the end of any template where it might be the first message a customer receives. You can edit all templates under Settings → Automations → SMS Templates.

A2P 10DLC Registration & Compliance

How your Twilio campaign registration keeps you carrier-compliant automatically.

When you complete A2P 10DLC brand and campaign registration in Twilio (covered in the Twilio SMS Setup guide), you're not just unlocking reliable delivery — you're filing a legally significant declaration with US carriers about how you use SMS. Here's why each step matters for compliance:

Brand registration

Links your EIN and legal business name to your texting activity. Carriers use this to trace problematic traffic back to the source. Accurate brand info = carrier trust.

Campaign registration

Your campaign declares the use case (transactional order updates), sample message content, and opt-out language. Carriers review this before approving your traffic.

Number pool linking

Links your specific phone number to your registered campaign. Traffic from that number is treated as pre-approved for your declared use case.

What your campaign registration must match:

The sample messages in your Twilio campaign must match the actual messages you send. If you registered with order update examples, don't start sending promotional discount texts on the same campaign — that's misuse and can get you deregistered.
Your campaign must include opt-out language in sample messages (Twilio's registration form has a checkbox confirming this).
Your declared message frequency should roughly match actual volume. A "Low Volume Mixed" campaign is appropriate for most screen print shops sending under 2,000 messages/month.

Watch out: Never register a campaign for a use case just because it's easier to get approved. Carriers audit message content against declared use cases. Sending marketing blasts under a "transactional" campaign is a compliance violation that can permanently ban your Twilio number and brand.

Record-Keeping Requirements

What to document and how long to keep it.

If your shop is ever named in a TCPA complaint or FCC investigation, your opt-in records are your primary defense. Here's what to document and retain:

Opt-in consent records: Date, method (checkbox, keyword, written form), and exact disclosure language shown at time of consent. Retain for at least 4 years (TCPA statute of limitations).

Opt-out requests and timestamps: When a customer opted out, by what channel (STOP reply, in-person request, phone call), and who processed it. Retain indefinitely.

Message logs: Twilio stores a full message history in your console. You can also view SMS delivery logs in Kontrol™ under Settings → Communication Logs. These logs show delivery status (delivered, failed, undelivered) per message.

Campaign registration records: Keep a copy of your Twilio A2P brand and campaign approval confirmations. These show your declared use case and approval date.

Note: Twilio retains message logs for 13 months by default. If you need longer retention for legal reasons, export your logs periodically from the Twilio Console (Monitor → Logs → Export). Kontraktr™'s Communication Log retains records per your data retention policy (Settings → Data Retention).

What to put in a customer note when they opt out:

SMS opt-out recorded [DATE] by [STAFF NAME]. Method: [replied STOP to order #1042 / called in / requested in person]. Customer confirmed: no further SMS. Email notifications still active.

Compliance Troubleshooting

Common compliance issues and how to resolve them.

Customer says they never opted in

Why: Either consent wasn't collected, wasn't documented, or they forgot about the checkbox at order time.

Fix: Pull the consent record for their account. If no record exists, stop messaging them immediately and update their customer record in Kontrol™ to disable SMS. Don't argue the point — honoring opt-out requests regardless of consent status is always the right call.

Customer receives messages after replying STOP

Why: Kontraktr's SMS toggle wasn't disabled after Twilio blocked the number, or a second staff member manually sent a message.

Fix: Check the customer's Notifications toggle in Kontrol™ and disable SMS. Check the Communication Log to find what was sent post-opt-out. Review with your team that manual SMS sends to opted-out customers are prohibited.

Carrier filtering your messages (30007 error)

Why: A2P registration is incomplete, expired, or your message content doesn't match your registered use case.

Fix: Verify your campaign status in Twilio Console → A2P 10DLC → Campaigns shows 'APPROVED'. If approved, review your message content — make sure it matches your declared use case and doesn't contain URL shorteners or prohibited content.

Messages missing opt-out instructions

Why: SMS templates don't include 'Reply STOP' language, or it was removed during a template edit.

Fix: Go to Settings → Automations → SMS Templates and add 'Reply STOP to opt out' to the end of each template body. The default templates include this — check if it was accidentally removed.

Customer complains to their carrier

Why: Carrier complaints trigger a review of your A2P registration. Enough complaints can result in campaign suspension.

Fix: Treat every complaint as an immediate opt-out. Contact the customer to apologize. Review how they ended up on your list and fix the consent capture process. If the complaint resulted in a Twilio ticket, respond promptly with documentation of your consent records.

Quick Compliance Checklist

Run through this before activating SMS automations.

Opt-in consent is captured via a form checkbox, keyword, or written signature — not just a phone number
Opt-in disclosure includes shop name, message types, frequency, "Msg & data rates may apply", and STOP/HELP instructions
Checkboxes are unchecked by default
A2P 10DLC brand and campaign are registered and show APPROVED status in Twilio Console
Phone number is linked to your approved campaign via a Number Pool
All SMS templates include your shop name
All SMS templates include opt-out instructions ("Reply STOP to opt out")
No URL shorteners (bit.ly, tinyurl) in message bodies — use your actual domain
Customer SMS toggles in Kontrol™ match Twilio's opt-out list
Staff know how to record opt-out requests and update customer records immediately
Opt-in consent records retained with date, method, and disclosure text shown
Opt-out records retained with date, method, and staff member who processed them

External Compliance Resources

CTIA Short Code Monitoring Program Handbook

Official CTIA messaging best practices for carriers and businesses.

Twilio A2P 10DLC Registration Guide

Step-by-step Twilio documentation for brand and campaign registration.

FCC TCPA Overview

Federal Communications Commission plain-language guide to TCPA rules.

Twilio Messaging Policy

Twilio's acceptable use policy — what they allow and prohibit on the platform.

Related guides

Setting Up SMS Notifications (Twilio)

Buy a number, complete A2P registration, and connect Twilio to Kontrol™.

Automation Rules

Configure which events trigger SMS and email messages and when.

Shortcodes Reference

Full list of dynamic variables you can use in SMS template bodies.

Loading…