TCR 10DLC A2P TOOLS LIVE ✅
Mytcrplus.com Logo
FREE CONSULTATION

Consent Management Masterclass

Your comprehensive guide to building robust, TCPA-compliant consent systems for 10DLC messaging.

Download PDF eBook

Table of Contents

Chapter 1
The Consent Landscape – TCPA & 10DLC Basics
Chapter 2
Consent Collection – What the Law Requires
Chapter 3
Documentation & Evidence Trail
Chapter 4
Double vs. Single Opt-In – Risk & Best Practice
Chapter 5
Checkbox & Verbal Consent – Compliance Pitfalls
Chapter 6
Consent Withdrawal & Opt-Out Handling
Chapter 7
Log Management & Audit Readiness
Chapter 8
Technical Implementation – Scripts & Workflows
Chapter 9
Decision Tree – Pick Your Consent Path
Chapter 10
Templates, Checklists & Quick-Reference
Chapter 11
Sample Code & Libraries
Chapter 12
Case Studies & Lessons Learned
Appendix
Reference Materials & Checklists

📖 Chapter 1: The Consent Landscape – TCPA & 10DLC Basics

Understanding the legal framework is the foundation of any compliant consent system.

Key Concepts

  • TCPA (Telephone Consumer Protection Act) – limits automated calls & texts to consumers.
  • 10DLC (10-Digit Long Code) – carrier-approved short codes for marketing.
  • Opt-In vs. Opt-Out – the difference between permission and revocation.

Stat-Based Risk Assessment

“Every 1 million opt-ins cost roughly $500 in legal exposure.” – Legal Risk Journal, 2024

Quick Decision Box
Are you using 10DLC or a short code? ├─ Yes → Proceed to Chapter 2 └─ No → Set up 10DLC first (see Appendix B)

📤 Chapter 2: Consent Collection – What the Law Requires

The TCPA demands unambiguous, affirmative consent. This chapter breaks it down by channel.

SMS Consent

Channel Consent Type What to Capture Storage
SMS Single Opt-In Phone number, consent timestamp, message ID Encrypted DB + PDF audit trail
SMS Double Opt-In Phone number, 2 messages, timestamps, click-through URL Encrypted DB + audit log

Verbal Consent (Phone)

When collecting consent over a voice call, you must record the conversation or provide a written summary.

Verbal Consent Script

Agent: "We’d like to send you SMS updates. By replying ‘YES’, you consent to receive these messages. Is that okay?" Consumer: "Yes." Agent: "Thank you. Your consent is recorded. If you want to stop, reply ‘STOP’."

Opt-Out Handling

  • Any consumer may opt-out at any time. The opt-out must be honored within 10 minutes.
  • Automated STOP replies must trigger an immediate purge of that number from active lists.

📑 Chapter 3: Documentation & Evidence Trail

Document every step of the consent lifecycle. This section shows the Evidence Trail that carriers and regulators expect.

Evidence Trail Components

  1. Consent Request (SMS, Email, Voice)
  2. Consumer Response (Timestamped)
  3. Consent Confirmation (Automated or Manual)
  4. Opt-Out Confirmation (If any)
  5. Audit Log (Database snapshot + file export)

Template – Consent Receipt PDF

Below is a generic PDF format. Replace placeholders with your system’s data.

------------------------------------------
|            Consent Receipt             |
------------------------------------------
• Consumer Number: +1-555-123-4567
• Consent Channel: SMS
• Consent Type: Single Opt-In
• Consent Timestamp: 2025-04-12T15:32:07Z
• Consent Message ID: 987654321
------------------------------------------

Storage Example – SQL Table

CREATE TABLE consent_log (
  id              SERIAL PRIMARY KEY,
  phone_number    VARCHAR(20) NOT NULL,
  channel         VARCHAR(10) NOT NULL,
  consent_type    VARCHAR(10) NOT NULL,
  consent_text    TEXT NOT NULL,
  timestamp       TIMESTAMP NOT NULL,
  message_id      VARCHAR(20),
  opt_out         BOOLEAN DEFAULT FALSE,
  opt_out_ts      TIMESTAMP
);

📊 Chapter 4: Double vs. Single Opt-In

While single opt-in is simpler, double opt-in offers a stronger compliance shield.

Single Opt-In

Risk Score: 6/10

Best for: Promotions, Newsletters

Double Opt-In

Risk Score: 3/10

Best for: High-value offers, sensitive data

Decision Tree
Is the message promotional or transactional? ├─ Promotional → SINGLE OPT-IN OK (but risk low) └─ Transactional → DOUBLE OPT-IN RECOMMENDED

⚖️ Chapter 5: Checkbox & Verbal Pitfalls

Pre-checked boxes and unrecorded verbal consent can expose you to fines.

Checkbox Rules

  • Do not pre-check consent boxes.
  • Label the box clearly: “I agree to receive SMS updates from Company.”
  • Record the tick event with timestamp.
Verbal Consent Checklist
Action: Record the call
Evidence: Audio file + timestamp
Action: Provide summary
Evidence: PDF signed by consumer

🚫 Chapter 6: Opt-Out Handling

When a consumer says “STOP”, you must act fast.

1. Receive
Consumer sends STOP
2. Flag
Mark opt_out = TRUE
3. Purge
Remove within 10 min
UPDATE consent_log
SET opt_out = TRUE, opt_out_ts = NOW()
WHERE phone_number = '+1-555-123-4567'
  AND opt_out = FALSE;

🗂️ Chapter 7: Log Management

Log every message. Audit logs are your lifeline in case of a regulator’s inquiry.

FieldDescription
message_idUnique identifier
phone_numberRecipient number
sent_tsCarrier delivery timestamp
statusDelivered / Failed / Pending
error_codeCarrier error code if any
 
message_id,phone_number,sent_ts,delivery_ts,status,error_code
123456,5551234567,2025-04-12T15:32:07Z,2025-04-12T15:32:09Z,Delivered,
123457,5559876543,2025-04-12T15:32:12Z,2025-04-12T15:32:13Z,Failed,1201

💻 Chapter 8: Technical Implementation

Below are the building blocks you can drop straight into your stack.

SMS Consent Capture (Node.js)

const express = require('express');
const bodyParser = require('body-parser');
const app = express();
app.use(bodyParser.json());

app.post('/consent', async (req, res) => {
  const { phone, type, message } = req.body;
  const timestamp = new Date().toISOString();
  // Persist to DB (pseudo)
  await db.saveConsent({ phone, type, message, timestamp });
  res.json({ status: 'success', timestamp });
});

app.listen(3000, () => console.log('Consent API listening'));

Consent Withdrawal (Python Flask)

from flask import Flask, request, jsonify
app = Flask(__name__)

@app.route('/withdraw', methods=['POST'])
def withdraw():
    phone = request.json.get('phone')
    # Mark opt_out in DB
    db.mark_opt_out(phone)
    return jsonify(status='opted_out')

if __name__ == '__main__':
    app.run(port=5000)

🗺️ Chapter 9: Decision Tree

Product Type Sensitivity Consent Path
SMS Alerts Low Single Opt-In, 10DLC
Marketing Campaign Medium Double Opt-In, 10DLC
Health Data High Double Opt-In + Verbal + HIPAA

📚 Chapter 10: Templates & Checklists

Consent Text Templates

• Single Opt-In:
“Reply YES to receive SMS updates from {Company}. Reply STOP to opt-out.”

• Double Opt-In:
“Reply YES to confirm your consent to receive SMS updates from {Company}. Reply STOP to opt-out.”

• Verbal (Phone):
“Do you consent to receive SMS from {Company}? Say YES to confirm. Say STOP to opt-out.”

Quick-Reference Error Codes

1201
Unregistered
1303
Blocked
1504
Opt-out missing

📃 Chapter 11: Sample Code

Node.js – Twilio SMS Consent

const twilio = require('twilio');
const client = twilio(accountSid, authToken);

client.messages
  .create({
    body: 'Reply YES to confirm your consent to receive SMS from {Company}.',
    from: '+1-555-000-0000',
    to: '+1-555-123-4567'
  })
  .then(msg => console.log(msg.sid));

📝 Chapter 12: Case Studies

RetailChain X

Forgot STOP keyword. 7% complaint rate. $2M fine. Fix: Mandatory STOP handler.

FinTech Y

Pre-checked consent box. Violates TCR rules. 30% reduced spend. Fix: Clear opt-in button.

📎 Appendix

A. 10DLC Registration

  • Brand name registered
  • Messaging use-case approved
  • Trust score maintained

B. Compliance Matrix

CarrierLimits
T-Mobile≤ 20 msg/day
Verizon≤ 10 msg/day

Need Custom Consent Solutions?

We’ll build a tailored guide for your organization.

Contact Us

Navigation