The TCPA and what it means for your Shopify store

The Telephone Consumer Protection Act (TCPA) is a federal law in the United States and Canada. It limits the ways in which marketers and companies can legally contact their target audience using Automatic Telephone Dialing Systems (ATDS), prerecorded voice messages, texts and fax messages.

The TCPA was established in 1991, by the Federal Communications Commission (FCC). Its purpose is to protect consumers from unwanted telemarketing calls and text message spam. The main rule under the TCPA is that companies are not allowed to contact anyone (customer/lead/subscriber) for the purpose of promoting their products or services without getting that person’s prior express written consent.

This is even the case if you’ve already established a relationship with the person that you want to contact. As a Shopify merchant, you’ll obtain customer data whenever someone makes a purchase. But you can’t simply go ahead and use those details for marketing purposes unless you obtain clear written or digital consent from that person first.

Which TCPA rules should you concern yourself with?

First and foremost, the TCPA states that your intended recipient must give their prior express written consent to receive marketing messages from you. In addition, you must:

  • Not call a residence before 8 am or after 9 pm (local time).
  • Not send unwanted marketing faxes.
  • Give recipients a way to opt-out of marketing messages at any time.
  • Maintain a Do Not Call (DNC) list of people who have requested removal from your marketing messages. You must also honor such requests for five years.
  • Not call a wireless number using prerecorded or auto-dialed calls or texts without consent.
  • Not call a landline using an autodialer/prerecorded voice system without consent.

To read the TCPA rules in more detail, check out this summary here. The actual statue can be found here.

What happens if you breach TCPA rules?

A recipient can sue you for damages or seek an injunction against you if you violate TCPA rules. You can receive a fine of between $500 to $1,500 for each violation. Some high profile cases have been featured in the press, such as the pizza giant, Papa Johns. They reportedly settled a class-action lawsuit a few years ago for $16.5 million. The company’s violation? Sending 500,000 unwanted/illegal text messages.

TCPA SMS compliance

SMS campaigns provide a great way to engage with your subscribers. But before you hit the “send” button, make sure you’re aware of the TCPA SMS rules and double-check your Shopify store is compliant.

Generally, in the eyes of the FCC, phone calls and text messages are one and the same. The TCPA rules have been revised over the years and now extend to text messaging. Below are the most important TCPA SMS rules to be aware of.

1. Avoid automatic signups

To send your customers/subscribers marketing SMS campaigns, you must obtain their prior express written consent. You’re not allowed to opt them in as a matter of course, and merely offer them an opt-out box. That sort of practice is seen as deceptive, because opt-out boxes often go unnoticed. Consent can be obtained either in writing or digitally.

2. Be transparent about your intended communications

Be upfront and clear at the point of subscriber signup about the types of marketing messages your subscribers are likely to receive from you. Also state how often you want to contact them.

3. Keep records of consent

You must be able to provide proof of each subscriber’s consent, in case you’re ever asked to provide such records to the TCPA or other relevant party.

4. Offer an opt-out mechanism

TCPA rules stipulate that subscribers should be able to opt-out of future marketing messages at any time. You must provide instructions on how to unsubscribe and explain how the subscriber can seek help.

5. Send messages only at appropriate times

That means not disturbing your subscribers with promotional messages before 8 am in the morning and after 9 am at night (according to their local time zone).

CTIA: what is it and why should you care?

CITA stands for the Cellular Telecommunications and Internet Association. It’s a trade association, put together by wireless carriers like AT&T and T-mobile. It’s main purpose is to protect consumers from spam text messages.

CITA is closely linked to the TCPA. But unlike the TCPA, CITA isn’t federal law. Instead, it sets out some best practice messaging guidelines and principles that you should consider when carrying out SMS marketing campaigns. Such principles include obtaining express written consent for marketing messages and providing a clear way for subscribers to revoke their consent, for example, by using a keyword like “STOP” in response to your message. CITA recommends that you provide relevant disclosures about message and data rates too.

You won’t get sued if you violate CTIA messaging principles. But be aware that wireless carriers can simply block unwanted messaging traffic if they get reports of violating activity. This, of course, will put a hold on your SMS marketing campaigns.

TCPA compliant marketing

By following the CTIA messaging guidelines, you’ll be in a good position for TCPA compliance. Do your homework: take some time to go through the TCPA rules and the CTIA messaging guidelines in detail so that you’re not caught off guard.

Shopify marketing apps such as Firepush and Tobi can help you with TCPA compliance. Both apps help you to obtain the required subscriber permissions, use transparent marketing language and put in place a straightforward opt-out mechanism as you collect sign-ups and send out your SMS marketing campaigns.

TCPA and CITA compliance - best practices to follow

The Shopify checkout is the ideal place to collect subscriber sign ups in a TCPA/CTIA compliant way. You can obtain the required consent from your customers at the point where they enter their contact details as part of their purchase.

Example TCPA sms opt in message

Here is an example of what your checkout page could look like - view this TCPA SMS opt-in message. Note how you can request explicit digital consent from customers next to the phone number field. Note also how the language at the bottom of the checkout page details more information, such as messaging frequency and data rates. It also provides an opt-out/help mechanism.

Adapting your store’s terms and conditions

If you’re planning to utilize SMS marketing, make sure there’s a section within your Shopify store’s full terms and conditions about your SMS marketing practices. You should outline exactly what your subscribers can expect to receive in relation to marketing messages. To ensure your terms and conditions are robust and legal, do consider running them past a legal professional who is familiar with the TCPA.

Understanding your compliance obligations

The TCPA applies to your Shopify business if you want to send marketing-based text messages to U.S. and Canada residents. While the TCPA might seem overwhelming, it really is a good thing. It protects consumers (yourself included) from unsolicited marketing text messages and phone calls.

Further reading: if you have subscribers/customers that reside in the EU, your marketing messages must be GDPR compliant. Learn more in this article.

Back to blog