Privacy Policy SSL Failed
Why This Rejection Happens
The URL you provided for your Privacy Policy is not secure. Carriers require all compliance documentation, including privacy policies, to be hosted on an HTTPS-secured page. Your link was either `http://` or had an expired/invalid SSL certificate.
- Link submitted as `http://example.com/privacy`.
- Self-signed SSL certificate triggering a browser warning ("Not Secure").
- SSL certificate expired before the vetting agent checked the link.
- Mixed content (secure page loading insecure images/scripts).
Root Cause Analysis
Primary Triggers
- Consumer Trust: A privacy policy hosted on an insecure site contradicts the very premise of data security. Carriers view this as a red flag for data handling practices.
- Automated Scanning: Vetting bots automatically check the HTTP status code. If it doesn't return 200 OK on port 443 (HTTPS), it fails instantly.
SSL Requirements
| Component | Requirement | Check |
|---|---|---|
| Protocol | https:// |
Padlock icon in browser. |
| Certificate | Valid Authority (e.g., Let's Encrypt). | No browser warnings. |
| Redirection | Force HTTP -> HTTPS. | Type http:// and see if it flips. |
Step-by-Step Remediation
Install SSL
Contact your hosting provider to enable SSL for your domain. This is often free. Ensure the certificate covers the exact subdomain (e.g., `www.` or `shop.`) used in the link.
Update TCR Link
Edit your campaign's "Privacy Policy URL" field. Change the prefix from `http` to `https`. Test the link in an Incognito window to ensure it loads without warnings.
Pre-Resubmission Checklist
- The Privacy Policy URL starts with `https://`.
- The page loads without any "Not Secure" warnings.
- I have updated the URL field in the TCR portal.
Related Rejections
Need a Secure Link?
We host secure privacy policy pages for 10DLC compliance.
Legal Disclaimer: Code 7013 is a security requirement. Encrypting legal disclosures builds consumer trust and protects data integrity.
© 2025 MyTCRPlus. All rights reserved.