GDPR Compliance


GDPR is European data protection and privacy regulation that became law in May 2018. This law protects the privacy and personal data of individuals within the European Union, as well as addresses the export of data outside of EU borders.


GDPR puts privacy in the hands of European citizens and centralizes the rules and processes businesses must follow in order to guard and respect the interests of the European people.


This post will give you some insight on how to abide by GDPR regulations by telling you:

  • • How to update your Privacy Policy
  • • How to get customer consent and collect subscribers
  • • How to setup checkout opt-in


GDPR Compliance


In order to send text marketing and automation messages, you need to have legally gathered the client's phone numbers first. When talking about legally we refer to the customer giving you an explicit "Prior Written Consent". Yotpo SMSBump offers 2 different ways for Store owners to legally gather prior written consent.


  • • Opting in through the checkout
  • • Opting in through our subscription forms


‚ÄčWe will cover all these a bit later on. Now back to the GDPR. The most important things we need to know here are:


  • • Customers need to agree to your Privacy Policy that needs to be explicitly stated on your checkout page
  • • Give customers the option to subscribe through a subscription form. Read more here.
  • • All agreement forms must clearly be visible to customers prior to giving their consent.


Disclaimer: We have worked with an attorney to help us draft the presented information, however, we are not a certified legal advisory team so we encourage you to consult with a lawyer who is familiar with GDPR before using our legal texts.


I Privacy Policy


Please note that, if you haven’t already done so, Shopify will require you to set up your terms of service and privacy policy in your legal settings for your store to be fully compliant. In order to do it, click on the link in the blue box below the checkbox, or go to your Shopify Admin →  Settings → Policies and insert the full compliance text in the Terms of Service and Privacy Policy sections from the button link below.



How to update your Terms of Service and Privacy Policy texts


II Gathering Checkout opt-ins


Now that we have edited the Privacy Policy we will show you the process of receiving consent from the Shopify Checkout.


Step 1. Go to Shopify Settings and click on Checkout where you will be able to edit your checkout process.




Step 2. To add a sign-up checkbox to your checkout, in the Marketing consent section, check Show an option to subscribe at checkout.


Shopify checkout


Step 3. Click Save.


Step 4. Customize checkbox


From your Shopify Admin Settings go to Online Store → Themes → Actions → Edit Languages → Checkout & System.


Shopify checkout


Type “sms” in the Filter items bar to quickly locate the related fields. 

Search bar

This is where you get to customize your checkout checkbox. You can fill in:


  1. The “accept SMS checkbox” label message: i.e., Text me with news and offers.

  2. Privacy policy: leading to the Privacy Policy compliance text in the Legal section of your Shopify Admin.

  3. Terms of service: leading to the ToS text in the Legal section of your Shopify Admin.

  4. Description html: feel free to use the preset compliance text or edit it to better reflect your brand tone of voice.



How it looks in the admin panel:





How it looks on your checkout page:






Customers can now choose a different phone number - other than the one provided for shipping purposes.



Keep in mind that for the SMS marketing subscription preference to be saved, the customer needs to complete the checkout and finish their order. If the customer doesn’t complete the checkout process, they won’t be signed to your text marketing services, and no SMS automations or flows will be triggered.



Great job, you have now updated your checkout opt-in to comply with GDPR. Your store’s checkout page will look something like this:


GDPR checkout


III Unsubscribing clients


GDPR requires store owners to honor opt-out requests.


Yotpo SMSBump automatically unsubscribes all customers who reply to text messages with “STOP” or click on the unsubscribe link in their text message. You can also unsubscribe customers manually in Lists & Segments in the Yotpo SMSBump app.


Yotpo SMSBump adheres to the national DND (Do Not Disturb) register each time a message is sent.


Rest assured that no marketing campaigns will be sent unless they contain a clearly written text giving customers a way to opt out.


If a customer changes their mind and wishes to opt in to receive text marketing again, all they need to do is respond to a text message with “JOIN.”


If a customer requests to have their personal data deleted from our servers, please forward their number to, and we will act on it.

Last Modified: Apr 26, 2022