Privacy Policy Missing or Non-compliant

This rejection stems from TCPA compliance requirements and CTIA Messaging Principles Section 5.2.1, which mandates consumer privacy protection for mobile messaging programs. Carriers verify privacy policies during manual vetting to ensure businesses will not sell or share subscriber phone numbers with third parties.

Common Triggers

• Privacy policy page does not exist or returns 404 error
• Policy states "We share information with marketing partners and affiliates" without excluding mobile data
• No link to privacy policy in website footer (must be globally accessible)
• Policy language is vague about mobile information handling
• Third-party consent management platform policies override site policy

1. Verify Privacy Policy Accessibility

   Confirm privacy policy URL is live, secure (HTTPS), and accessible from website footer on all pages. Test the link in an incognito browser window to simulate vetter experience.

   ✓ Correct Footer Placement

   <footer>
     <nav>
       <a href="/privacy-policy">Privacy Policy</a>
       <a href="/terms-of-service">Terms of Service</a>
       <a href="/contact">Contact</a>
     </nav>
   </footer>

2. Add Required Mobile Information Clause

   Insert the following compliant language into your privacy policy. This clause must appear verbatim to pass carrier vetting.

   Mobile Information Sharing Policy
   
   No mobile information will be shared with third parties or affiliates 
   for marketing or promotional purposes. All other categories exclude 
   text messaging originator opt-in data and consent; this information 
   will not be shared with any third parties.
   
   Text messaging opt-in data includes phone numbers, consent records, 
   message frequency preferences, and opt-out status. This data is used 
   solely for message delivery and program administration.

   Critical: Exact Language Required

   Carriers reject paraphrased versions. Use the exact clause above or reference MyTCRPlus Privacy Policy Generator for pre-approved language.

3. Update Existing Data Sharing Sections

   If your policy contains general data sharing language, add explicit carve-outs for mobile messaging data.

   ✗ Non-Compliant Example

   "We share customer information with our marketing partners and affiliated companies to provide you with relevant offers."

   ✓ Compliant Revision

   "We share customer information with our marketing partners and affiliated companies to provide you with relevant offers, excluding mobile messaging opt-in data, which is never shared with third parties for marketing purposes."

4. Reference Policy in Campaign Submission

   In your TCR campaign registration, populate the Privacy Policy URL field with the direct link to your updated policy page. Ensure the URL matches exactly between your submission and website footer.

   TCR Privacy Policy URL Field:

   https://yourdomain.com/privacy-policy

   Common Mistake: Submitting homepage URL instead of direct privacy policy URL

5. Include Policy Reference in Opt-in Flow

   Your call-to-action and opt-in confirmation message must reference the privacy policy. This creates compliance traceability.

   Opt-in Confirmation Message Example:
   
   Welcome to [BRAND] alerts! Msg frequency varies. Msg & data 
   rates may apply. Reply HELP for help, STOP to cancel. 
   Privacy: yourdomain.com/privacy

Before resubmitting your campaign, confirm all items below:

• Privacy policy page loads without errors (test in incognito mode)
• Policy includes exact "No mobile information will be shared" clause
• Privacy policy link present in website footer on all pages
• TCR Privacy Policy URL field matches footer link exactly
• Policy addresses SMS/text messaging explicitly
• Any data sharing sections exclude mobile messaging data
• Opt-in confirmation message references privacy policy
• Call-to-action includes privacy policy link or statement