All You Need to Know on SMS Marketing Compliance for Shopify

At SMSBump we want Shopify merchants and their customers to have a great experience when sending and receiving text messages.

For us, a great experience doesn’t just mean great deals and offers. It is also about being respectful of customers and their privacy, or in other words, being compliant with TCPA, CTIA, and GDPR regulations, and as of January 1, 2020 - with the California Consumer Privacy Act (CCPA). 

In order for Shopify merchants to send text messages to customers based in the USA and Canada, they need to abide by all TCPA rules, and know how to create a text message that respects and protects customer data according to CTIA guidelines. As for store owners who do business with California - since the beginning of the new year they need to also comply with the CCPA in regards to how they handle any type of personal information. 

This article contains the steps needed to ensure you are compliant with TCPA and CTIA rules and regulations when using SMSBump, and additional information on CCPA. 


What is TCPA? 

TCPA stands for the “Telephone Consumer Protection Act” and was passed by the United States Congress and then ratified in 1991. The TCPA limits the use of auto-dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines to make calls without the recipient’s prior consent.

Look at all TCPA regulations here


What is the CTIA? 

The CTIA, or Cellular Telecommunications and Internet Association, represents the United States’ wireless communications industry and the companies throughout the mobile ecosystem in the United States, such as carriers and suppliers. The CTIA promotes the industry’s voluntary best practices.

You can get yourself familiar with their guide which includes best practices on how to send both SMS and MMS securely here.  

What is the CCPA? 

The California Consumer Privacy Act (CCPA), understandably, considers all California users and all businesses that do business with them and in any way collect personal information. The only companies exempt from the CCPA are “insurance institutions, agents, and support organizations”, as they already are subject to a similar regulation. 

The CCPA takes a wider view than the GDPR of what constitutes private data, and discusses the matter of "selling" personal information in much broader terms. According to CCPA, it’s every California user’s right to demand a report of all the personal information a company has collected on them, and a list of all third parties this data is shared with (if any). Customers can also revoke their consent to have their personal data collected. The CCPA also specifies stricter requirements companies must meet to be able to share information with third parties. 

For further information and a more in-depth look at the CCPA regulations, check out this text


How to Comply with TCPA and CTIA in Shopify? 

There are a few steps you as a Shopify store owner need to complete so you can start collecting SMS subscribers and sending marketing text messages.


Prior Written Consent

First and foremost, Shopify store owners should know that in order to send text marketing and automation messages, they need to have legally gathered customers’ phone numbers. Every customer must give you their explicit Prior Written Consent.

SMSBump offers three options for store owners to legally obtain a customer’s prior written consent to subscribe to text marketing services. 

Shopify Checkout SMS Marketing Compliance

The checkout page is a great spot to invite your customers to subscribe for text message marketing deals and updates without being pushy.

You can easily set up an opt in checkbox. From your Shopify Settings go to Checkout


Afterwards scroll down to Email Marketing and select Show a sign-up option at checkout. Make sure to always leave the Preselect the sign-up option DISABLED

Don’t forget to hit Save to save all the changes you made.

Next, you want to configure what your opt-in option message will say to your customers. To do that, scroll further down to Checkout language and hit the Manage checkout language button.

With your Find function (Ctrl + F; CMD + F) search for Accept marketing checkbox label. In the designated field type in the message you want your customers to see. It should be inspirational enough for them to decide to subscribe to your store. Here is an example: 

Sign up for exclusive offers and news via text messages & email.

Again, don’t forget to click Save before you continue.

Next up, let’s see how to enable phone fields where customers can leave their phone numbers to get exclusive deals and offers from your Shopify store.

With your Find function (Ctrl + F; CMD + F) search for Phone label and Optional Phone Label. Go ahead and write your message. Make it informative, but intriguing enough for the customer to want to leave their phone number. It can be something like this:

Phone number for updates and exclusive offers.

Save your changes and let’s move on to configuring the checkout footer language. Click on Online Store in your Shopify menu and select Themes

From the Actions drop down menu choose Edit languages


From the tab header menu click on Checkout & system.


Use the Find function (Ctrl+F) to search for Checkout shop policies. When you have located it, paste the following text in the Privacy Policy text box:

I consent to receive recurring automated marketing by text message through an automatic telephone dialing system. Consent is not a condition to purchase. STOP to cancel, HELP for help. Message and Data rates apply. View Privacy Policy & ToS.



Confirm your changes and you will be all set to start gathering subscriptions on checkout in accordance with all TCPA, CTIA and GDPR  rules!

This is what your checkout page should look like if you have completed all steps successfully:




Shopify Plus Checkout Page 

The setup and appearance of the checkout page in Shopify Plus accounts will differ from the one we just went over. Users on the Shopify Plus plan can choose between two options to customise their checkout opt-in box - with or without a discount code.

Refer to this knowledge base article for more detailed guidelines on how to configure your Shopify Plus checkout page. 


Phone Number Subscription Form 

Another way to invite customers and site-visitors to subscribe to your deals and news is through subscription forms. These could be popups, embed forms and floating buttons.

Regardless of which type they decide to use, Shopify store owners can choose between setting up a single, double opt-in method or enabling mobile phone quick subscribe - our newest addition.

  • Single opt-in method (Recommended) - customers will be subscribed after entering their phone number in the subscription form.

  • Double opt-in method - customers will receive a confirmation SMS after entering their phone number in the subscription form. In order to subscribe, they have to click on the link in the SMS. Otherwise they will be placed in the Not confirmed contacts section of your Subscriber Lists. 

  • NEW: Mobile phone quick subscribe - with our newest update, available for all U.S. and Canada based mobile phone users, you can allow visitors to subscribe to your text marketing without entering their phone number, but by simply double-clicking on the pop-up. Note that this feature is only applicable to the mobile version of the pop-up


More on how to configure your opt-out method, read here.

To set up and enable the subscription form consent field according to TCPA, CTIA and GDPR rules, you need to go to the Additional fields section in your Subscription form builder and switch the Enable the TCPA/CTIA checkbox toggle button on.

Next, type in the text that will indicate your visitors that you are asking them to agree with your Privacy Policy & ToS. It should be something like this: I agree to Privacy Policy & ToS.

Finally, paste the link to your Privacy Policy & ToS in the required field and hit Save

Note: If you can’t find your Privacy Policy, make sure to generate it first by going to Settings > Legal > Privacy Policy and pasting the compliant text as above.


Important: SMSBump will not allow you to message contacts who haven't explicitly confirmed consent to receive your SMS marketing subscription service.

Same goes for subscribers you have obtained using our newest tool - the Email subscribers converter, which allows Shopify merchants to double their marketing effectiveness by sending an email campaign to their email subscribers. The email will lead them to a signup page where they can choose to subscribe for SMS marketing, as well. Only after your customers have given you explicit consent, will you be able to send them text marketing. 


Opting in via an SMS keyword 

In the world of SMS, a keyword is a word that can be texted from a user’s mobile device to an SMS short code. Keywords send a signal to the short code about the SMS marketing campaign your users are trying to interact with.

Pick a catchy keyword that is relevant to your brand, is easy to remember, and doesn’t contain any special symbols.


For complete guidelines on how to pick out the best and most relevant keyword for your brand refer to How To Grow Your Subscribers In Shopify With SMS Keywords.

Important: Consent is not a condition to purchase. Customers cannot be forced to subscribe to your text marketing service when they make a purchase. Make sure to always include the following text:

By signing up via text you agree to receive recurring automated marketing messages at the phone number provided. Consent is not a condition of purchase. Reply STOP to unsubscribe. HELP for help. Msg & Data rates may apply.


Look at how Subway crafted an effective, yet non-intrusive, clear and compliant key-word strategy.


Refer to our blog post for more great tips on how to increase subscribers by implementing SMS keywords.


Unsubscribe Options are a Must

SMSBump requires Shopify store owners to always leave a way out for their customers. It is necessary that customers be given the option to revoke consent and opt-out at any time, complemented by useful information and opt-out instructions.

The way SMSBump has implemented this is by designing an Add "STOP" to opt out text box in the Text Marketing settings panel, which is always pre-checked.


If the Add “STOP#####” to opt out box isn’t checked SMSBump will reject sending your message.


“Clear and Conspicuous” Agreement Forms 

All agreement forms must be made "clear and conspicuous" prior to customers giving consent.

Try to be as clear as possible, e.g. if you are asking people to subscribe to a recurring SMS marketing campaign (such as a weekly or monthly updates), then clearly explain the regularity (i.e. “sign up for monthly updates”).

Be specific. Messaging “Text YES to ### to subscribe to {SiteName}’s weekly update and receive deals” is more likely to increase your opt-in rate than a message like “Text YES to subscribe.”

Carefully Scheduled Text Messages

Message thoughtfully and carefully. SMSBump takes compliance, privacy and proper text messaging practices seriously. We always advise Shopify merchants to configure quiet hours, especially when sending text message campaigns to customers in the USA and Canada. This ensures that they won’t accidentally be woken up by a message at 2 am. 


Don’t Overwhelm Your Subscribers 

Next, make sure you don’t overdo it with your text marketing. Did you just send them a text message not 4 hours ago? Avoid sending them another one at least in the next 16 hours.

With SMSBump you can set up a Smart sending period, during which you will not be sending out text messages. We advise you to leave a gap of at least 16 hours in between text messages so you are not reported for spam.  If we suspect a campaign is violating our anti-spam policy, we will terminate the campaign immediately and block the user's account.


Check out our How to Use Smart Sending to Ensure You Don't SPAM Customers article for step-by-step instructions.

SMSBump automatically takes care of all unsubscribed customers (customers who reply to messages with STOP or STOP#####, where ##### is a digit). We have also developed a system where you can manually unsubscribe customers in case they don't wish to reply back to messages but get in touch with you via phone/email or elsewhere. SMSBump also considers the national DNC (Do Not Call) register when sending a text message.

If a customer has opted out but decides to join again all they need to do is respond to the text message with JOIN.

How to Comply with the CCPA

Since most of CCPA's regulations coincide with GDPR, we advise our clients (even those based in and only working with the US) to simply copy the GDPR compliance text, available on our website.

The CCPA gives complete guidelines on what businesses can do to respect the CCPA and all users it affects under Section 8.

Among them are to give customers an explicit opt-out option on the company website and in your Privacy Policy, where they can revoke data sharing. This should not, however, require users to create an account.

In the event where companies use third parties for text marketing purposes (or any other marketing reasons), they should explicitly say so in their privacy policy, and give complete information on who their vendor is. This again, coincides with the requirements of GDPR so you can refer to our proposed GDPR texts.

If a customer does choose to opt out, according to the CCPA companies should refrain for at least 12 months from requesting that they authorise the sale of the consumer’s personal information. 


One Last Reminder… 

Remember that customers are giving you access to their personal phone number. Use this privilege wisely, respect people’s privacy, and treat others as you wish to be treated. Get started today!

Refer to SMSBump’s TCPA and CTIA Compliance for step-by-step guidelines. 

Start growing today

Sign up today and join 90,000+ eCommerce businesses making it big with Yotpo SMSBump