TCPA & CTIA Compliance


This information is not legal advice. While we do our best to provide useful information as a starting point, Yotpo SMSBump advises all merchants to obtain professional legal advice to ensure that all marketing campaigns are sent in full compliance with all applicable laws. 



If you are one of the many merchants sending SMS marketing messages to US shoppers, you must familiarize yourself with the local regulations and comply with them. All Yotpo SMSBump users can easily adhere to these regulations by following a couple of simple and intuitive steps.


The following article will introduce you to the key takeaways of the main guideline sources for SMS marketing in the US - the TCPA regulations and CTIA best practices, as well as some local state rules such as the Florida Mini-TCPA and California's CCPA, and how Yotpo SMSBump helps you comply with them at all times.



Understanding the TCPA and CTIA


TCPA is an acronym for the Telephone Consumer Protection Act. It is a federal law that covers the use of automated telephone communications - including phone calls, voicemails, fax machines, and text messages. It clearly defines spam text messages as an “unsolicited advertisement transmitted to any person without that person's prior express invitation or permission, in writing or otherwise” and deems them illegal. Sending these can result in fines up to $1,500 per violation. 


The CTIA stands for the Cellular Telecommunications Industry Association. It is an association created by key stakeholders in the telecommunications industry (i.e., mobile network operators) that serves, among other things, as a gatekeeper between advertisers and end-users. The CTIA is not a legal authority, and you cannot be sued for not following its guidelines, but there can be other consequences for violating them. You can be reported or flagged by the mobile carriers, which may shut down or suspend your SMS marketing campaigns to your customers.  CTIA guidelines also regulate messages that contain content related to sex, hate, alcohol, firearms, or tobacco (SHAFT).



While not following some of these regulations might not result in any legal consequences, we advise you to comply with all of them equally to ensure the success of your SMS marketing program.



How to Stay TCPA & CTIA Compliant


Before sending marketing messages to US consumers, you must: 


  • Obtain consent. 

  • Conspicuously explain what the shopper is subscribing to.

  • Include a free and available opt-out mechanism at all times.

  • Comply with quiet hours restrictions.

  • Comply with abandoned checkout reminder regulations.



How to Get Consent


Shoppers must explicitly agree to receive promotional text marketing messages from you. When collecting phone numbers on your website, through a pop-up or another subscriber collection method, you must clearly state that the individual agrees to receive recurring marketing messages, including abandoned checkout reminders, at the mobile phone number they provide. You must mention that consent is not a condition of any purchase and provide links to your Terms of Service and Privacy Policy


A consumer opt-in to receive messages should not be transferable or assignable, and message senders should not use opt-in lists that have been rented, sold, or shared.


With Yotpo SMSBump, this is done at your store’s checkout or via our various subscriber collection tools. All of them are built-in for compliance with all legal regulations and include the required legal verbiage. 






Remember that having consent for SMS doesn’t apply to sending other types of promotional messages (i.e., email).



How to Provide an Opt-out Method


CTIA and carrier guidelines require you to occasionally include in your text messages clear instructions on how to opt-out, like the STOP to opt out verbiage. Some carriers ask that you do it once a month, while others - every five messages; we recommend including it every time to avoid oversight and possible sanctions. 


It is important to remember that opting-out must be free and available at all times. When you use Yotpo SMSBump, even if your message doesn’t include verbiage such as “STOP to opt out,” a customer that replies “STOP” will be unsubscribed.


The Yotpo SMSBump campaign text editor automatically includes the STOP to opt out verbiage to all your text messages and ensures compliance at all times.



How to Respect Quiet Hours 


Quiet hours are specific times during the day when you should avoid sending text messages to your subscribers (e.g., early in the morning, late at night). 


Yotpo SMSBump users can easily set up their quiet hours from the app. Simply go to your General Settings, enable the Quiet Hours option, and choose the desired period. 


The TCPA prohibits sending text messages anytime after 9 PM and before 8 AM in the recipient's time zone, but certain states have more restrictive rules, such as Florida - between 8 PM and 8 AM



When to Send Abandoned Checkout Reminders


Abandoned Checkout Reminders are automated text messages sent by eCommerce merchants to shoppers who have left items in their online carts at checkout but haven’t completed their purchase. The regulations in the US on Abandoned Checkout Reminders are stricter, and on top of the other regulations, merchants must: 


  •  Limit their Abandoned Checkout Reminders to 1 per shopping event.

  • Send the Abandoned Checkout Reminder within 48 hours after the shopping cart was abandoned.


When activating abandoned checkout automation or flow, Yotpo SMSBump users will get the following warning:






It serves as a reminder that to comply with the CTIA regulations, when sending an abandoned checkout reminder to US shoppers, merchants are allowed to send just 1 message within 48 hours of checkout, including opt-out verbiage.


Additional State Laws


Apart from the federal law (TCPA) and the CTIA guidelines, Florida and California have issued additional relevant laws for SMS marketing. They include some specific regulations that any merchant who wishes to send text marketing messages in those states must adhere to. 



Florida’s Mini-TCPA


In 2021, Florida introduced some additions on top of the TCPA, known as Florida’s Mini-TCPA. According to these additions, when sending marketing messages, merchants must: 


  • Respect quiet hours between 8 pm to 8 am.

  • Limit messages to three within a 24-hour period (easily done with our Smart sending option). 



California’s CCPA 


The California Consumer Privacy Act (CCPA) is a law that came as a response to users’ concerns regarding their privacy protection. It states that every California user has the right to demand a report of all the personal information a company has collected on them and a list of all third parties this data is shared with (if any). 

To comply with the CCPA, make sure that you: 


  • Provide customers with a contact on your website, enabling them to opt out of sharing or selling their personal information.

  • Explicitly mention in your privacy policy you are using third parties such as Yotpo SMSBump for text marketing purposes (or any other marketing reasons), and give complete information on your vendor.


These are the general guidelines you must follow to comply with US Legislation and the various ways Yotpo SMSBump ensures compliance at all times.  


If you have any more questions about US laws and regulations, don’t hesitate to contact us.


GDPR Regulations

Australia’s Anti-Spam Legislation

Canada's Anti-Spam Legislation

Last Modified: Aug 1, 2022