Privacy Policy
Bob Tyler Toyota does not share/buy/sell opt-in consent with third parties
## **A2P 10DLC Privacy Policy Requirements (Summary)**
For A2P 10DLC campaign approval, your privacy policy must:
– Be easily accessible via a direct link from your opt-in page or call-to-action.
– Clearly state how you collect, use, and share consumer information.
– **Explicitly state that mobile numbers and opt-in consent data will not be shared, sold, or transferred to third parties or affiliates for marketing/promotional purposes.**
– Include a “message and data rates may apply” disclosure.
– Be up-to-date and match the business/brand name used in your campaign registration.
## **What Your Policy Does Well**
– **Comprehensive Coverage:** Your policy covers data collection, use, sharing, and security in detail.
– **Opt-Out/Opt-In Mechanisms:** You provide clear instructions for opting out of SMS and other communications.
– **SMS-Specific Section:** You include a dedicated SMS Privacy Policy Script and SMS Terms and Conditions, which is excellent.
– **Contact Information:** You provide clear contact details for privacy questions or complaints.
## **Required/Recommended Changes for A2P 10DLC Approval**
### 1. **Explicit Non-Sharing Statement for Mobile Data**
– **What’s Required:** The privacy policy must clearly state that mobile numbers and opt-in consent data will **never be shared or sold to third parties or affiliates for marketing/promotional purposes**.
– **Your Policy:** You have this language in the “SMS Privacy Policy Script,” but it should also be present in the main privacy policy section, not just the SMS-specific section.
– **Recommended Edit:**
Add a statement such as:
> “Mobile information (phone numbers, opt-in data, and consent) collected for SMS communications will not be shared, sold, or transferred to third parties or affiliates for marketing or promotional purposes.”
### 2. **Placement and Accessibility**
– **What’s Required:** The privacy policy must be easily accessible from the opt-in page (where users provide their phone number and consent).
– **Your Policy:** Ensure that the privacy policy link is clearly labeled and directly accessible from the opt-in form or call-to-action.
### 3. **Message Frequency Disclosure**
– **What’s Required:** Disclose message frequency (e.g., “Message frequency varies” or a specific number of messages per month) in both the opt-in flow and the privacy policy.
– **Your Policy:** The SMS Terms and Conditions mention “Message frequency varies,” which is good. Make sure this is also referenced in the privacy policy or linked terms.
### 4. **“Message and Data Rates May Apply” Disclosure**
– **What’s Required:** This must be present in the opt-in flow and ideally referenced in the privacy policy.
– **Your Policy:** This is present in the SMS Terms and Conditions. Consider referencing it in the main privacy policy as well.
### 5. **Consistency in Brand Name**
– **What’s Required:** The privacy policy must reference the same brand name as used in your A2P registration and opt-in flow.
– **Your Policy:** Ensure the brand name is consistent throughout the policy and matches your campaign registration.
### 6. **Opt-Out Instructions**
– **What’s Required:** Clear opt-out instructions (e.g., “Reply STOP to unsubscribe”) must be present in the opt-in flow, sample messages, and referenced in the privacy policy.
– **Your Policy:** This is present in the SMS Terms and Conditions. Consider referencing it in the main privacy policy as well.
## **Sample Language for Compliance**
You can add the following to your main privacy policy section (not just the SMS-specific section):
> **Mobile Information Privacy**
> We do not share, sell, rent, or otherwise disclose mobile numbers or opt-in consent data to third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe or HELP for assistance.
## **Summary Table of Key Requirements**
| Requirement | In Your Policy? | Recommendation |
| Non-sharing of mobile/opt-in data (main policy) | Partially | Add to main policy section |
| “Message and data rates may apply” disclosure | Yes (SMS T&C) | Reference in main policy |
| Message frequency disclosure | Yes (SMS T&C) | Reference in main policy |
| Opt-out instructions | Yes (SMS T&C) | Reference in main policy |
| Policy accessible from opt-in page | N/A | Ensure direct link is present |
| Consistent brand name | Yes | Double-check for consistency |
## **Next Steps**
- **Update your main privacy policy** to include the explicit non-sharing statement for mobile/opt-in data.
- **Ensure the privacy policy is directly linked** from your SMS opt-in page or call-to-action.
- **Double-check for consistency** in brand name and disclosures across all documents and web pages.
- **Reference message frequency and “message and data rates may apply”** in the main privacy policy, not just the SMS section.