Verbal Script Missing Privacy Instructions
Why This Rejection Happens
The verbal script you provided for collecting consent does not explicitly tell the consumer where they can find your Privacy Policy. Carriers require that consumers be informed about how their data (phone number) will be used and protected, even in a verbal interaction.
Common Triggers: Providing a script that asks for consent but fails to mention "Privacy Policy available at [URL]" or "Terms available at our front desk."
Root Cause Analysis
Primary Triggers
- Omission of URL: The agent reads a script asking for the number but never mentions where the legal terms live.
- "It's on the website": Simply saying "Check our website" is too vague. The script must provide a specific location or offer a printed copy if in-store.
- No Access: The consumer is agreeing verbally (e.g., over the phone), so they cannot "click" a link. You must verbally instruct them on how to access the policy.
Required Elements
| Element | Required Language (Verbal) | Rationale |
|---|---|---|
| Privacy Access | "Our Privacy Policy is available at..." | Directs the consumer to the legal document governing data use. |
| Location | Specific URL or Physical Location | "At brand.com/privacy" or "At the front desk." |
| Context | Spoken before or during consent | Consumer must know terms exist before saying "Yes." |
Step-by-Step Remediation
Locate Your Privacy Policy URL
Ensure you have a live, accessible Privacy Policy on your website. Copy the exact URL (e.g., https://brand.com/privacy-policy).
Update the Verbal Script
Modify the script you paste into the registration form to include the privacy instruction sentence.
✓ Compliant Script
"Would you like to receive SMS alerts? Message frequency varies. Std rates apply. You can view our Privacy Policy at brand.com/privacy."
✗ Non-Compliant Script
"Can we text you updates? Great, thanks."
(Missing all mandatory disclosures including Privacy.)
Alternative for In-Person (POS)
If the interaction is face-to-face, the script can reference physical signage.
"Our Privacy Policy is posted on the counter signage here. Do you agree to receive texts?"
Carrier-Specific Requirements
T-Mobile
- Strictly enforces the "Data Privacy" clause. Even for verbal opt-in, the consumer must be given a way to read the privacy policy.
AT&T
- Requires the script to be "comprehensive." Breaking the script into two parts (asking for number first, then mentioning privacy later) is often rejected. It should be one cohesive block.
MyTCRPlus Tools That Can Help
Privacy Policy Generator
Create a compliant privacy policy URL if you don't have one, specifically tailored for SMS compliance.
Use This Tool →Audit Documentation Generator
Generate a "Verbal Script Card" PDF for your employees that includes the required Privacy Policy language.
Use This Tool →Pre-Resubmission Checklist
- The script explicitly mentions "Privacy Policy".
- The script provides a location (URL or physical) to find it.
- The Privacy Policy URL is live and accessible.
- The script is pasted in the "Call-to-Action" description field.
- The Privacy Policy itself mentions SMS data handling (Code 805 prevention).
Common Mistakes to Avoid
❌ "Terms & Conditions" ≠ Privacy Policy
Don't just say "See Terms." You must specifically mention the Privacy Policy, as that is the document that governs data sharing (and prohibits selling phone numbers).
❌ Assuming Awareness
Do not assume the customer knows where to find your policy. You must tell them. "It's on Google" is not a valid instruction.
Expected Timeline
This guidance provides general information about 10DLC compliance requirements. Verbal consent scripts act as a binding contract and privacy notice. Organizations should ensure their scripts accurately reflect their data practices and comply with all applicable privacy laws. MyTCRPlus does not provide legal advisory services or regulatory representation.