We all expect that the messages we want to receive will reach us, unhindered by filtering or other blockers. An important step Twilio and our customers can take to make that expectation reality is to prevent and eliminate unwanted messages. Towards that end, we strive to work with our customers so that messages--whether SMS, MMS, or chat--are sent with the consent of the message recipient, and that those messages comply with local laws and measures of fairness and decency.
This principle is central to Twilio's Acceptable Use Policy.
Navigating the path to proper consent for message sending can be complex. We developed the Messaging Policy to help Twilio customers partner with us to map out that path.
What Is Proper Consent?
Consent can't be bought, sold, or exchanged. For example, you can't obtain the consent of message recipients by purchasing a phone list from another party.
Aside from two exceptions noted later in this section, we need to meet each of the consent requirements listed below. If you are a software or platform provider using Twilio for messaging within your application or service, you need to require that your customers adhere to these same requirements when dealing with their users and customers.
- Prior to sending the first message, you must obtain agreement from the message recipient to communicate with them - this is referred to as "consent", You must make clear to the individual they are agreeing to receive messages of the type you're going to send. You need to keep a record of the consent, such as a copy of the document or form that the message recipient signed, or a timestamp of when the customer completed a sign-up flow.
- If you do not send an initial message to that individual within 30 days of receiving consent, then you will need to reconfirm consent (see “Double Opt-in” below).
- The consent applies only to you, and to the specific use or campaign that the recipient has consented to. You can't treat it as blanket consent allowing you to send messages from other brands or companies you may have, or additional messages about other uses or campaigns.
Alternative Consent Requirements: The Two Exceptions
While consent is always required and the consent requirements noted above are generally the safest path, there are two scenarios where consent can be received differently.
- Contact initiated by an individual
If an individual sends a message to you, you are free to respond in an exchange with that individual. For example, if an individual texts your phone number asking for your hours of operation, you can respond directly to that individual, relaying your open hours. In such a case, the individual’s inbound message to you constitutes both consent and proof of consent.
Remember that the consent is limited only to that particular conversation. Unless you obtain additional consent, don't send messages that are outside that conversation.
- Contact initiated by you to send informational content to an individual based on having a prior relationship
You may send an outbound message that provides information requested by the individual, or that can be reasonably expected by the individual based on your relationship. An example of such a relationship and message is a dentist reminding a patient of an appointment.
In addition to appointment reminders, other examples include receipts, one-time passwords, order/shipping/reservation confirmations, drivers coordinating pick up locations with riders, and repair persons confirming service call times.
The message can't attempt to promote a product, convince someone to buy something, or advocate for a social cause.
The individual must have knowingly provided their phone number to you, and have taken some action to trigger the potential for communication. Actions can include a button press, setting up an alert, making an appointment, or placing an order.
NOTE: The alternative consent requirements cannot be used for promotional content such as marketing, coupons, advertisements, notifications regarding a job opportunity, and sweepstakes, independent of whether the individual initiates contact, or you have consent for informational content of the type noted above based on a prior relationship.
Double Opt-in Consent
We require double opt-in consent in some limited use cases. Many of these use cases listed below generate the majority of complaints about unwanted messages which is why the burden of consent is higher.
- Affiliate marketing including multi-level marketing - this is typically a marketing arrangement which an online retailer pays commission to an external website for traffic or sales generated from its referrals.
- Lead generation services
- Financial products, unless you are the financial institution directly offering the product. These include debt refinancing, short-term credit offers, and payday loans
- Job alerts
- Work-from-home offers
Double opt-in is a two step process:
- First, the message recipient must knowingly provide consent to you or your customer prior to receiving any text message. That consent must be provided through an electronic signature or some other online sign-up form that makes clear to the individual they are agreeing to receive messages of this type.
- Second, in your first text message to that individual, you must identify yourself and prompt the individual to confirm their consent.
For example, your first outbound message would be compliant if it included text similar to, “This is Company X. You recently signed up to receive text messages from us. Please reply YES to confirm or STOP to unsubscribe.” Only after you receive the confirmation “YES” may you send a follow-up message with information related to a topic listed above.
Identifying Yourself as the Sender
Every message you send must clearly identify you as the sender, except in follow-up messages of an ongoing conversation.
Message Recipient Opt-out
The initial message that you send to an individual needs to include the following language: “Reply STOP to unsubscribe,” or the equivalent using another standard opt-out keyword, such as STOPALL, UNSUBSCRIBE, CANCEL, END, and QUIT.
Individuals must also have the ability to revoke consent at any time by replying with a standard opt-out keyword. When an individual opts out, you may deliver one final message to confirm that the opt-out has been processed, but any subsequent messages are not allowed. An individual must once again provide consent before you can send any additional messages.
Periodic Messages and Ongoing Consent
In some cases, you may want to periodically send messages to an individual who earlier provided proper consent. This practice is allowed, provided that your message includes a reminder to the individual about how to unsubscribe. If you send more than one message in a given month, you need to include the reminder in just one of those messages--not in all of the messages that you send in that month.
You must respect the message recipient’s preferences in terms of frequency of contact. You also need to proactively ask individuals to reconfirm their consent no less often than once every 18 months.
Age and Geographic Gating
If you are sending messages in any way related to alcohol, firearms, gambling, tobacco, or other adult content, then more restrictions apply. In addition to obtaining consent from every message recipient, you must ensure that no message recipient is younger than the legal age of consent based on where the recipient is located. You also must ensure that the message content complies with all applicable laws of the jurisdiction in which the message recipient is located. Additionally, Twilio’s Acceptable Use Policy bans sending any content that is offensive, inappropriate, pornographic, obscene, illegal, or otherwise objectionable, even if the content is permissible by law and appropriate age restrictions are in place.
You need to be able to provide proof that you have in place measures to ensure compliance with these restrictions.
Content We Do Not Allow
The key to ensuring that messaging remains a great channel for communication and innovation is preventing abusive use of messaging platforms. That means we never allow some types of content on our platform, even if our customers get consent from recipients for that content. Those content types include:
- Anything that’s illegal in the jurisdiction where the message recipient lives. For example, we do not allow messages related to the sale of recreational or medicinal cannabis in the United States, because United States federal laws prohibit its sale.
- Hate speech or harassment, or any communications from groups whose primary purpose is deemed to be spreading hate. You can find a fuller description of hate and other prohibited types of speech in Twilio's Acceptable Use Policy (AUP).
- Fraudulent messages.
- Malicious content, such as malware or viruses.
- Any content that is designed to intentionally evade filters.
How We Handle Violations
When we identify a violation of these principles, we work with customers in good faith to get them back into compliance. To protect the continued ability of all our customers to freely use messaging for legitimate purposes, we reserve the right to remove access to the Twilio platform for customers that we determine are not complying with the Messaging Policy, or who are not following the law in any applicable area.