Aircall Help Center | A2P 10DLC: Compliant privacy policy

A common reason for A2P 10DLC campaign rejections is a missing or non compliant privacy policy on your company website. This article explains what carriers expect, how to verify your policy, and what language you may need to add before submitting your registration.

Why a compliant privacy policy is required

Carriers require businesses that send A2P messages to be transparent about how customer data is handled. Your website must include an easily accessible privacy policy that clearly states how customer information is used and shared.

If the policy is missing, hard to locate, or contains language that conflicts with A2P requirements, your campaign may be rejected. Any wording that suggests mobile opt in data may be shared with third parties for marketing purposes, even with consent, is considered non compliant.

Problematic examples include:

"We may share your mobile information with partners with your consent"
"Opt in data may be shared for marketing purposes if you agree"
Any suggestion that SMS opt in data can be sold, rented, or shared even with consumer permission

Your privacy policy must explicitly state that mobile opt in data will never be shared with third parties for marketing purposes. The policy should describe how consumer data is used and shared, and it must include contact information for the message sender.

A non compliant privacy policy is a common cause of campaign rejection, so review your policy carefully. An example of acceptable language appears later in this article.

Check whether your website has an accessible privacy policy

Before submitting your A2P 10DLC registration, confirm that your website includes a privacy policy link that is easy to find. This link typically appears in the footer or main navigation.

Steps

Visit your company website.
Look for a Privacy Policy link in the footer or another prominent location.
Open the page and confirm it loads correctly and is publicly accessible.

Important: Carriers will reject your campaign if the privacy policy cannot be easily located or accessed from your main website.

Review your privacy policy for third party sharing language

Even if your website already includes a privacy policy, it must meet A2P 10DLC requirements. Carriers review the document for any statements indicating that customer information may be shared with third parties.

A compliant policy must clearly explain how consumer data is collected, used, and shared, and it must provide a way for consumers to contact the message sender.

The policy must state that mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Sharing data with subcontractors for support services, such as customer service, is permitted. Text messaging opt in data and consent must not be shared with any third parties under any circumstances.

Steps:

Determine whether your organization shares information with third parties for any purpose.
If your organization shares customer data with third parties, you must explicitly state that text messaging opt in data is excluded from any sharing.

Add a disclaimer if you share information with third parties

If your privacy policy includes information sharing practices, you need to add a statement clarifying that text messaging opt in data and consent will not be shared. This ensures compliance with A2P 10DLC requirements.

Note: If you do not share information with a third party, you may not need to update your policy, but it is considered best practice to add the statement below to ensure compliance.

Recommended wording:

"We do not share mobile contact information with third parties or affiliates for marketing or promotional purposes. Information may be shared with subcontractors in support services, such as customer service. All other categories exclude text messaging originator opt in data and consent; this information will not be shared with any third parties."

Steps:

Add the above language to your privacy policy.
Check that the page is accessible and that the link still works.

Tip: To avoid A2P 10DLC registration delays or rejections, ensure that:
• Your website has an easily accessible privacy policy.
• The policy clearly explains data sharing practices.
• Any sharing with third parties explicitly excludes text messaging opt in data and consent.

Following these steps helps ensure that your A2P 10DLC registration meets carrier requirements and can be approved without unnecessary delays.

Why a compliant privacy policy is required

Problematic examples include:

"We may share your mobile information with partners with your consent"
"Opt in data may be shared for marketing purposes if you agree"
Any suggestion that SMS opt in data can be sold, rented, or shared even with consumer permission

A non compliant privacy policy is a common cause of campaign rejection, so review your policy carefully. An example of acceptable language appears later in this article.

Check whether your website has an accessible privacy policy

Before submitting your A2P 10DLC registration, confirm that your website includes a privacy policy link that is easy to find. This link typically appears in the footer or main navigation.

Steps

Visit your company website.
Look for a Privacy Policy link in the footer or another prominent location.
Open the page and confirm it loads correctly and is publicly accessible.

Important: Carriers will reject your campaign if the privacy policy cannot be easily located or accessed from your main website.

Review your privacy policy for third party sharing language

A compliant policy must clearly explain how consumer data is collected, used, and shared, and it must provide a way for consumers to contact the message sender.

Steps:

Determine whether your organization shares information with third parties for any purpose.
If your organization shares customer data with third parties, you must explicitly state that text messaging opt in data is excluded from any sharing.

Add a disclaimer if you share information with third parties

Note: If you do not share information with a third party, you may not need to update your policy, but it is considered best practice to add the statement below to ensure compliance.

Recommended wording:

Steps:

Add the above language to your privacy policy.
Check that the page is accessible and that the link still works.

Tip: To avoid A2P 10DLC registration delays or rejections, ensure that:
• Your website has an easily accessible privacy policy.
• The policy clearly explains data sharing practices.
• Any sharing with third parties explicitly excludes text messaging opt in data and consent.

Following these steps helps ensure that your A2P 10DLC registration meets carrier requirements and can be approved without unnecessary delays.