SMS Opt-in Requirements & Compliance

Why SMS Opt-in Requirements Matter for Hospitality

The Business Challenge

In the hospitality industry, businesses naturally want to communicate with three distinct groups:

For Guest Communications:

• Current Guests: Actively staying at your property
• Past Guests: Previous visitors who may book again
• Future Guests: Potential customers considering your property

For Vacation Rental Owner Communications:

• Current Owners: Properties actively in your management portfolio
• Past Owners: Former clients who may return
• Future Owners: Prospects considering your management services

The Critical Problem: Future Relationships

The biggest compliance challenge comes with that third group - future guests and future owners. Here's why:

You cannot legally text people you have no relationship with.

This is where many hospitality businesses unknowingly violate federal law. Common illegal practices include:

• ❌ Purchasing phone lists and texting "hot leads"
• ❌ Texting people who filled out a general inquiry form
• ❌ Sending promotional texts to numbers from business cards
• ❌ Texting attendees from a trade show or open house
• ❌ Using phone numbers given for one purpose (like maintenance) for marketing

Why the Law is So Strict

The Telephone Consumer Protection Act (TCPA) was created because:

1. Privacy Protection: Cell phone numbers are considered private
2. Cost to Recipients: Historically, recipients paid for incoming texts
3. Intrusive Nature: Texts are more intrusive than email
4. Spam Prevention: Without strict rules, phones would be overwhelmed with spam

The Real-World Impact

• Federal Law (TCPA): Violations result in $500-$1,500 per message in statutory damages
• Carrier Enforcement: Non-compliance leads to message filtering, blocking, or account termination
• State Laws: Additional penalties and private rights of action in many states
• Class Actions: SMS violations frequently result in class action lawsuits with multi-million dollar settlements

The Solution: Proper Opt-in Procedures

The good news is that gaining legitimate consent is straightforward when you follow the proper procedures. This guide will show you exactly how to:

• ✅ Create compliant web forms that convert visitors into opted-in contacts
• ✅ Set up keyword campaigns for easy mobile opt-ins
• ✅ Train staff on verbal consent procedures
• ✅ Document consent properly to protect your business
• ✅ Build a legally compliant SMS database that drives bookings

Critical Legal Requirement

SMS messaging without proper opt-in consent can result in TCPA violations with fines up to $1,500 per message. Always obtain and document explicit consent before sending any SMS messages.

Legal Framework

Key Laws & Regulations

TCPA - Telephone Consumer Protection Act (47 U.S.C. § 227)

Synopsis: Federal law requiring prior express written consent for automated marketing texts and prior express consent for non-marketing texts to cell phones.

• Full Text
• FCC TCPA Rules (47 CFR § 64.1200)
• Key Section: § 227(b)(1)(A) - Prohibits automated calls/texts without consent
• Penalties: $500-$1,500 per violation

CTIA Messaging Principles and Best Practices

Synopsis: Industry guidelines that carriers enforce through The Campaign Registry for A2P messaging compliance.

• CTIA Guidelines
• Requires clear opt-in, easy opt-out, and transparent messaging practices
• Violation results in carrier filtering or blocking

CAN-SPAM Act (15 U.S.C. § 7701)

Synopsis: While primarily for email, applies to commercial SMS requiring accurate sender info and opt-out mechanisms.

• Full Text
• Key Section: § 7704(b) - Applies to "commercial electronic mail messages" to wireless devices

State Laws

Many states have additional requirements:

• California: CA Business & Professions Code § 17529.5
• Florida: Florida Statutes § 501.059
• Washington: RCW 19.190

Key Compliance Principles

Based on the legal framework above, here are the five core principles you must follow:

1. Prior Express Written Consent: Required for all marketing messages (TCPA § 64.1200(a)(2))
2. Clear Disclosures: All fees, frequency, and terms must be conspicuous (CTIA § 2.1)
3. Easy Opt-Out: STOP must work at all times (TCPA § 64.1200(a)(3))
4. No Pre-Checked Boxes: Consent must be affirmative action (FCC 2015 Order)
5. Documentation: Keep consent records minimum 4 years (FCC guidance)

Opt-in Consent Methods

The Campaign Registry and carriers recognize five primary methods for collecting opt-in consent. Each has specific requirements that must be met for compliance.

1. Web Form Opt-ins

Online forms with explicit SMS consent checkboxes

2. Mobile/Keyword Opt-ins

Text-to-join using keywords like "START" or "JOIN"

3. Point-of-Sale Opt-ins

In-person consent at physical locations

4. Paper Form Opt-ins

Physical forms with written consent

5. Phone Call Opt-ins

Verbal consent via phone or IVR systems

Web Form Opt-in Requirements

Web forms are the most common opt-in method and must include ALL of the following elements per 47 CFR § 64.1200(a)(2):

Required Elements Checklist

✅ Program Information

• Program Name: Your organization/brand name (TCPA § 64.1200(a)(2))
• Message Description: Clear explanation of message types
  • Example: "Receive booking confirmations, check-in instructions, and special offers"

✅ Required Disclosures

• Fee Disclosure: "Message and data rates may apply" (CTIA requirement)
• Frequency Disclosure: (TCPA § 64.1200(a)(2))
  • "Message frequency varies" OR
  • "Up to [X] messages per [time period]"
  • Example: "Up to 4 messages per month"

✅ Opt-out Instructions

• STOP Command: "Text STOP to cancel" (CTIA Messaging Principles § 4.2)
• HELP Command: "Text HELP for help" (CTIA Messaging Principles § 4.3)
• Must be clearly visible, not hidden in fine print

✅ Legal Documents

• Privacy Policy Link: Active, accessible link (TCPA § 64.1200(a)(2))
• Terms of Service Link: Active, accessible link
• Both must be functional and lead to actual policies

✅ Consent Checkbox

Critical requirements per FCC 2015 TCPA Order (¶¶ 23-24):

• ❌ CANNOT be pre-checked
• ❌ CANNOT be required for form submission
• ✅ MUST be separate from email consent
• ✅ MUST be explicit for SMS only

Complete Web Form Example

<form>
  <!-- Other form fields (name, email, etc.) -->
  
  <!-- SMS Opt-in Section -->
  <div class="sms-consent-section">
    <h3>Guest Text Message Updates</h3>
    <p>Get reservation confirmations, check-in details, and exclusive guest offers via text.</p>
    
    <!-- The consent checkbox - NOT pre-checked, NOT required -->
    <label>
      <input type="checkbox" name="sms_consent" value="yes">
      <span>
        Yes, I want to receive reservation confirmations, check-in information, 
        and promotional text messages from [Hotel/Resort Name]. I understand 
        that consent is not a condition of booking.
      </span>
    </label>
    
    <!-- Required disclosures -->
    <div class="sms-disclosures">
      <p><small>
        By checking this box, you agree to receive recurring automated 
        booking confirmations, property updates, and marketing text messages 
        from [Hotel/Resort Name] at the cell number used when booking.
      </small></p>
      
      <p><small>
        Message frequency varies. Msg & data rates may apply. 
        Reply HELP for help or STOP to cancel at any time.
      </small></p>
      
      <p><small>
        View our <a href="/privacy-policy">Privacy Policy</a> and 
        <a href="/terms-of-service">Terms of Service</a>.
      </small></p>
    </div>
  </div>
  
  <!-- Separate email consent if needed -->
  <div class="email-consent-section">
    <label>
      <input type="checkbox" name="email_consent" value="yes">
      <span>Yes, send me email updates</span>
    </label>
  </div>
  
  <button type="submit">Submit Form</button>
</form>

Implementation Tips

1. Visibility: All disclosures above the fold when possible
2. Clarity: Use plain language, avoid legal jargon
3. Separation: Keep SMS consent separate from other consents
4. Documentation: Screenshot your form for registration

Mobile/Keyword Opt-in Requirements

Mobile opt-ins allow customers to text a keyword to subscribe. Requirements per CTIA § 2.1.2 and TCPA § 64.1200 include:

Signage/Advertisement Requirements

All promotional materials must display (CTIA § 2.1 and TCPA § 64.1200(a)(2)):

📱 Join Our Guest Text Club!

Text STAY to 55555

What you'll receive:
✓ Exclusive guest offers & early booking deals
✓ Reservation confirmations & check-in details
✓ Property updates & local area alerts

Message frequency varies. Up to 4 msgs/month.
Msg & data rates may apply.
Reply STOP to cancel, HELP for help.

Terms: example.com/terms
Privacy: example.com/privacy

Auto-Response Requirements

Initial Opt-in Response

Welcome to [Resort/Hotel Name] SMS! You'll receive up to 4 msgs/month with 
booking confirmations, check-in info & exclusive guest offers. Msg & data rates may apply. 
Reply STOP to cancel, HELP for help. 
Terms: example.com/terms

Double Opt-in (If Required)

[Resort/Hotel Name]: Reply YES to confirm subscription to our guest SMS program. 
You'll receive up to 4 msgs/month about your stays and special offers. Msg & data rates may apply. 
Reply STOP to cancel.

Keyword Configuration

Standard keywords that MUST be configured per CTIA § 4.0:

• START/SUBSCRIBE/JOIN: Opt-in confirmation (CTIA § 4.1)
• STOP/UNSUBSCRIBE/CANCEL: Opt-out confirmation (CTIA § 4.2)
• HELP/INFO: Support information (CTIA § 4.3)

Point-of-Sale Opt-in Requirements

For in-person registrations at physical locations per TCPA § 64.1200(a)(1):

Verbal Disclosure Script

"Would you like to receive text messages from [Hotel/Resort Name] with 
reservation confirmations, check-in information, and exclusive guest offers? 
You'll receive up to 4 messages per month. Message and data rates may apply. 
You can opt-out anytime by texting STOP."

Written Requirements

• Display terms and conditions visibly
• Provide privacy policy access
• Document consent method
• Train staff on requirements

Documentation Best Practices

• Use tablet/digital forms when possible
• Include timestamp and location
• Store consent records securely
• Maintain for minimum 4 years

Paper Form Opt-in Requirements

Physical forms must include all web form requirements:

Paper Form Template

GUEST SMS PROGRAM SIGNUP

□ YES, I want to receive text messages from [Hotel/Resort Name]

Mobile Number: _________________________

By providing your mobile number and checking the box above, you 
consent to receive recurring automated reservation confirmations, 
check-in details, and promotional text messages from [Hotel/Resort Name]. 

• Message types: Booking confirmations, check-in info, special offers
• Message frequency: Up to 4 messages per month
• Message and data rates may apply
• Text STOP to cancel anytime
• Text HELP for assistance
• Consent is not a condition of booking

Privacy Policy: www.example.com/privacy
Terms of Service: www.example.com/terms

Signature: ______________________ Date: __________

Phone Call Opt-in Requirements

Verbal consent requires specific disclosures per TCPA § 64.1200(a)(1) for non-marketing and § 64.1200(a)(2) for marketing:

IVR Script Template

"To receive text messages about your reservations, check-in details, 
and exclusive guest offers from [Hotel/Resort Name], press 1. 
You'll receive up to 4 messages per month. Message and data rates may apply. 
You can opt-out anytime by texting STOP. For our privacy policy, 
visit example.com/privacy. Press 1 to confirm or 2 to decline."

Live Agent Script

"I can also sign you up for text message updates about your stay, including 
check-in details, property information, and exclusive guest offers. 
You'd receive up to 4 messages per month, and message and data rates may apply. 
You can opt-out anytime by texting STOP. Would you like to receive these 
guest text messages?"

Documentation Requirements

• Record verbal consent (where legal)
• Log timestamp and agent ID
• Send confirmation text immediately
• Store records for 4+ years

Privacy Policy Requirements

Critical Compliance Element

Missing or non-compliant privacy policies are the #1 cause of 10DLC registration rejections per TCR and CTIA guidelines.

Required SMS Section

Your privacy policy MUST include per TCPA § 64.1200(a)(2) and CTIA Guidelines:

## SMS/Text Messaging

When you opt-in to receive text messages from [Company Name], 
we collect your mobile phone number and consent preferences.

### Information We Collect
- Mobile phone number
- Opt-in source and timestamp
- Message interaction history
- Opt-out preferences

### How We Use Your Mobile Information
- Send reservation confirmations and updates
- Send check-in and checkout reminders
- Send exclusive guest offers (with consent)
- Provide property support and assistance
- Emergency or weather-related property notifications

### CRITICAL REQUIRED STATEMENT:
"Mobile information will not be shared with third parties/affiliates 
for marketing/promotional purposes. All the above categories exclude 
text messaging originator opt-in data and consent; this information 
will not be shared with any third parties."

*Required by CTIA Messaging Principles § 5.1.3 and TCR registration guidelines*

### Your Rights
- Opt-out anytime by texting STOP
- Request data deletion
- Update communication preferences
- Access your information

### Message Frequency & Charges
- Frequency: [Specify, e.g., "Up to 4 messages per month"]
- Message and data rates may apply
- Contact your carrier for rate details

Privacy Policy Generators

Free tools to create compliant policies:

• TermsFeed Generator
• Termly Generator
• FreePrivacyPolicy.com

Important: Always have legal counsel review generated policies.

Terms of Service Requirements

SMS-Specific Terms Section

## SMS Terms and Conditions

### Service Description
[Hotel/Resort Name] SMS service provides reservation confirmations, 
check-in/checkout reminders, property updates, and exclusive guest 
offers via text message.

### Enrollment
By opting in via our website, texting a keyword, or other method, 
you agree to receive recurring automated text messages.

### Message Types
- Transactional: Reservation confirmations, check-in details, checkout reminders
- Promotional: Special rates, package deals, seasonal offers
- Service: Property updates, weather alerts, local area notifications

### Message Frequency
- Varies based on account activity
- Maximum: [X] messages per [time period]
- You control frequency through preferences

### Costs
- Message and data rates may apply
- Check with your wireless carrier
- [Company] does not charge for messages

### Opt-Out
- Text STOP to any message
- Call [phone number]
- Email [email address]
- Opt-out is immediate

### Help
- Text HELP for assistance
- Email: support@example.com
- Phone: [phone number]

### Supported Carriers
- Compatible with major US carriers
- Not liable for carrier delays
- Delivery not guaranteed

CTIA Compliance Guidelines

The Cellular Telecommunications Industry Association (CTIA) sets industry standards enforced through CTIA's Messaging Principles and Best Practices:

Core Requirements

1. Clear & Conspicuous Consent (CTIA § 2.1)

   • Explicit opt-in required
   • Clear program description
   • No deceptive practices

2. Message Content Rules (CTIA § 3.0)

   • Identify sender clearly
   • Include program name
   • Regular opt-out reminders (monthly minimum)

3. Prohibited Content (SHAFT) (CTIA § 6.0)

   • Sex/adult content
   • Hate speech
   • Alcohol (restricted)
   • Firearms
   • Tobacco/vaping

4. Frequency Compliance (CTIA § 2.1.4)

   • State frequency clearly
   • Adhere to stated frequency
   • Update if frequency changes

5. Age Requirements (CTIA § 2.1.5)

   • Minimum age 13 (18 for certain content)
   • Parental consent for minors (COPPA compliance)
   • Age verification when required

Compliance Best Practices

Documentation Requirements

What to Document (per TCPA § 64.1200(a)(2) and FCC guidelines)

• Opt-in source and method
• Timestamp of consent
• IP address (for web forms)
• Version of terms accepted
• Opt-out requests and timestamps

How Long to Keep Records

• Minimum: 4 years (FCC statute of limitations)
• Recommended: 6 years (some state statutes)
• Best Practice: Indefinitely (for defense against claims)

Opt-out Management

Immediate Processing (CTIA § 4.0 and TCPA § 64.1200(a)(3))

• Process within 24 hours maximum (CTIA requirement)
• Send confirmation message
• Remove from all SMS lists
• Document opt-out

Opt-out Confirmation Message

You have been unsubscribed from [Hotel/Resort Name] SMS messages. 
No further messages will be sent. Reply START to resubscribe.

Quiet Hours

• Respect 8am-9pm local time
• Account for time zones
• Allow exceptions only with explicit consent
• Consider local regulations

Compliance Checklist

Pre-Launch Requirements

• Privacy policy includes SMS section with required statement
• Terms of service includes SMS terms
• Web forms have all required elements
• Consent checkboxes are NOT pre-checked
• Opt-out instructions are clear and visible
• Message frequency is disclosed
• "Msg & data rates may apply" disclosure present
• Links to legal documents are functional
• Keyword auto-replies configured
• Documentation system in place

Ongoing Compliance

• Process opt-outs within 24 hours
• Include opt-out instructions regularly
• Maintain consent records
• Monitor compliance metrics
• Regular staff training
• Update policies as needed
• Audit consent practices
• Review message content
• Track frequency compliance
• Handle complaints promptly

Best Practices for Legally Building Your SMS List

Converting Inquiries to Opt-ins

When someone inquires about your property or services, you have a golden opportunity to gain consent:

The Right Way:

1. Inquiry Form: "Interested in Ocean View Villa?"
2. Follow-up Call/Email: "Thanks for your interest! Would you like to receive text updates about availability and special offers?"
3. Consent Capture: Use compliant web form or verbal consent script
4. Welcome Text: Send immediate confirmation of opt-in
5. Result: Legally opted-in contact you can market to

The Wrong Way:

• ❌ Adding inquiry phone numbers directly to SMS campaigns
• ❌ Assuming interest equals consent
• ❌ Texting without explicit opt-in

Strategic Opt-in Opportunities

For Hotels & Resorts:

• Booking Process: Add SMS opt-in checkbox to reservation forms
• Check-in: Tablet-based consent during registration
• Concierge Desk: Train staff to offer SMS updates for amenities
• WiFi Landing Page: Exchange WiFi access for SMS consent
• Loyalty Programs: Include SMS as a benefit with clear opt-in

For Vacation Rentals:

• Property Inquiry Forms: Separate checkbox for SMS updates
• Owner Onboarding: Include SMS consent in management agreements
• Guest Booking: Add opt-in to rental agreements
• Property Tours: Capture consent during showings
• Owner Referral Programs: Text updates about referral rewards

Building Compliant Campaigns

High-Converting Keyword Campaigns:

Text BEACH to 55555
Get exclusive last-minute deals on beachfront properties!
Plus instant alerts when your favorite properties become available.

Why This Works:

• Clear value proposition
• Specific benefits
• Easy action step
• All required disclosures included

Web Form Best Practices:

DO:

• ✅ Place opt-in near valuable content (availability calendars, pricing)
• ✅ Offer exclusive SMS-only benefits
• ✅ Use clear, benefit-focused language
• ✅ Make the checkbox prominent but not required

DON'T:

• ❌ Hide the opt-in in lengthy terms
• ❌ Bundle with other permissions
• ❌ Use vague language like "updates"
• ❌ Make opt-in mandatory for booking

Maximizing Opt-in Rates While Staying Compliant

1. Timing is Everything

   • Best time: During positive interactions (booking confirmation, check-in)
   • Worst time: After complaints or service issues

2. Value Exchange

   • Offer exclusive SMS-only discounts
   • Provide early access to availability
   • Send local area insider tips
   • Give priority booking status

3. Staff Training

   • Create laminated script cards
   • Role-play consent conversations
   • Track opt-in rates by staff member
   • Reward compliant high performers

4. Multiple Touchpoints

   • Website forms
   • Email signatures with keyword
   • Business cards with text-to-join
   • QR codes in lobbies/properties
   • Social media campaigns

Common Violations & Penalties

TCPA Violations (47 U.S.C. § 227(b)(3))

• Penalty: $500 per violation (negligent), $1,500 per violation (willful)
• Common Causes:
  • No consent documentation (violates § 64.1200(a)(2))
  • Pre-checked boxes (FCC 2015 Order ¶ 23)
  • Required consent for purchase (violates § 64.1200(a)(2))
  • Ignoring opt-outs (violates § 64.1200(a)(3))

Carrier Violations (CTIA enforcement)

• Penalty: Service suspension/termination via TCR
• Common Causes:
  • High complaint rates (CTIA § 7.0)
  • Prohibited content (CTIA § 6.0)
  • Frequency violations (CTIA § 2.1.4)
  • Missing disclosures (CTIA § 2.1)

Frequently Asked Questions

Q: Can I use one checkbox for both email and SMS consent? A: No, SMS consent must be separate and explicit per FCC 2015 TCPA Order ¶ 24.

Q: What if someone says they didn't opt-in? A: Immediately honor their opt-out request and provide consent documentation if available.

Q: Can I require SMS opt-in for bookings? A: No, consent cannot be a condition of booking or reservation.

Q: How often should I include opt-out instructions? A: At minimum monthly for active users, and in every promotional message.

Q: Can I import an existing SMS list? A: Only if you have documented proof of compliant consent for each number.

Q: Do transactional messages need consent? A: Yes, all automated SMS messages require prior express consent per TCPA § 227(b)(1), including transactional messages.

Q: What's the minimum age for SMS consent? A: 13 years old, or 18 for certain content types. Parental consent required for minors.

Q: Can I text guests who gave their number for other purposes? A: No, you need explicit consent specifically for SMS messaging per TCPA § 64.1200(a)(2) - consent must be for the specific purpose.

Related Resources

• 10DLC Registration Guide - Complete registration process
• SMS Editor Overview - Creating and sending messages
• SMS Campaign Setup - Campaign configuration

Getting Support

For compliance questions or assistance:

• Email: support@sendsquared.com
• Include specific scenarios for guidance
• Request compliance review if needed