SMS privacy policy best practices
You will learn
Learn best practices for SMS compliance in your privacy policy. Note that unlike with terms of service, Klaviyo cannot host privacy policies.
This information is intended solely for educational and informational purposes and should not be construed as legal advice. The content provided is general in nature and may not reflect the most up-to-date information. Klaviyo strongly advises consulting with a qualified legal counsel to ensure your compliance with applicable laws and regulations in connection with your use of our services.
Why do I need a privacy policy for SMS?
Before beginning with SMS marketing, you must update your privacy policy to include key information on SMS sending. In particular, if you ever want to apply for a short code, you need to include certain information in your privacy policy in order to be considered for approval.
SMS privacy policy best practices
As a best practice, your privacy policy should include an accurate description of your program and how you will handle data in connection with that program. We also recommend including information regarding what you do with the phone numbers you collect, how you use them, who you share them with, etc. The privacy policy should be accessible from the opt-in method (e.g., sign-up form).
We also recommend including disclosures if any of the following apply to your business:
The sections below provide examples; however, Klaviyo cannot provide legal advice, so please check with your legal counsel before making changes to your privacy policy.
SMS abandoned cart disclosure
Privacy policies must explicitly state how information is captured by the website to determine when a customer’s cart has been abandoned (e.g., website cookies, plugins, etc). If you are using SMS in an abandoned cart, include a disclosure about this in your privacy policy.
Example language
"The website uses cookies to help keep track of items you put into your shopping cart including when you have abandoned your cart and this information is used to determine when to send cart reminder messages via SMS."
Third-party data sharing
Many wireless carriers have specific requirements about how you describe data-sharing provisions in your privacy policy. While the carriers may differ in what specific language they approve or deny, their overall objective is to assure consumers that their opt-in data and SMS consent status will not be shared in an impermissible or unlawful way. To be clear, these carrier guidelines function independently of any restrictions on data “sharing” or “selling” as defined by the various data privacy laws (such as the GDPR, CCPA, or other similar legislation) that may apply to your business.
If your privacy policy already provides for data sharing or selling to nonaffiliated third parties, you need to clarify that such data sharing or selling will not include a user’s SMS opt-in data or consent status (because explicit, one-to-one consent is required for SMS). If your privacy policy does not currently mention data sharing, you need to insert a similar clarification that you will not share SMS opt-in or consent status for non-service-related purposes.
Example language
"We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages."
Location tracking and location-based services
If your privacy policy mentions location tracking or location-based services, it must fully describe how that data is collected and for what purpose.
Additional resources
- How to create a mobile terms of service in Klaviyo
Learn how to automatically generate your own mobile terms of service (TOS) in Klaviyo. In addition to generating a mobile TOS that you can customize to fit your needs, Klaviyo can also host the TOS for you, and you can add a link to your TOS anywhere (like forms where you collect SMS consent). Alternatively, you can copy the text in the TOS and paste into another page, like your existing TOS page.
- How to collect SMS consent at checkout on BigCommerce
Learn how to start collecting SMS consent at checkout for BigCommerce. This should take about 5–10 minutes total. To make it easier, we recommend logging in to your BigCommerce and Klaviyo accounts and keeping both open.
- How to collect SMS consent at checkout on Magento 2
Learn how to collect SMS consent at checkout for Magento 2.
- How to collect SMS marketing consent at checkout on Shopify
Learn how to collect SMS marketing consent at checkout on Shopify by updating your Shopify integration settings and then adding a consent checkbox in Shopify. One of the quickest and easiest ways to grow your SMS list is by collecting consent at checkout. With Klaviyo’s integration with Shopify, you can reach a wider audience with your SMS marketing.
- How to collect SMS consent at checkout on WooCommerce
Learn how to start collecting SMS consent at checkout with your WooCommerce store.
- SMS marketing strategies for all levels [+12 Pro tips]