Skip to main content
All CollectionsSMS MarketingTCPA Compliance Step by Step Guide
How does the TCPA affect your Shopify business?
How does the TCPA affect your Shopify business?

Make sure you understand the TCPA and how this federal law can affect your Shopify business - read this guide below to get started.

Tom avatar
Written by Tom
Updated over a week ago

The TCPA stands for the Telephone Consumer Protection Act. It’s a U.S. federal law that restricts how marketers and companies can legally contact their customers or prospects via Automatic Telephone Dialing Systems (ATDS), prerecorded voice messages (robocalls), SMS messages and by fax. 

Enacted by the Federal Communications Commission (FCC) in 1991, the TCPA is a strong statute, designed to protect consumers from text message and telemarketing spam. It means that companies can’t promote their products or services to anyone without getting that person’s prior express written consent, even if that person has already provided their contact details during the establishment of a business relationship. 

As a Shopify merchant, you’ll automatically collect customer details during the checkout process. So you need to be aware that you can’t just use go ahead and use those details for advertising your store and brand unless you’ve explicitly received your customer’s written or digital consent first.

What TCPA rules do you need to know about?

The key rules under the TCPA mean that unless the recipient has given their prior express written consent, in respect of advertising and marketing purposes, you must:

  • Not call a residence before 8 am or after 9 pm (local time).

  • Keep a Do Not Call (DNC) list of consumers who don’t wish to be contacted, and those requests must be honored for five years.

  • Not contact a wireless number using auto-dialed or prerecorded calls or texts.

  • Not contact a wired number (landline) using an autodialer or prerecorded voice system.

  • Not send unsolicited marketing faxes.

  • Provide an opt-out mechanism so recipients can easily withdraw their consent.

A detailed summary of the TCPA rules can be found here and if you fancy a lengthier read, here’s the statute in its entirety. 

What are the implications of violating TCPA rules?

It’s possible for someone to file a lawsuit against you if you’re in breach of the TCPA. You could receive a fine of $500 for each violation. In extreme cases, where the violation is particularly excessive, fines may be imposed of up to $1,500 for each violation (three times the damages). The recipient may also seek an injunction.

Such fines can significantly mount up, as Papa Johns found out a few years ago. The pizza giant settled a class action lawsuit for an alleged $16.5 million after sending 500,000 illegal text messages.

TCPA SMS compliance

If SMS campaigns are high up on your list of marketing activities, you might be wondering exactly what the TCPA SMS rules are, and how you can make sure your Shopify store is compliant.

When the TCPA was first established, text messages weren’t a thing, so they weren’t specifically mentioned in the legislation. Think back to 1991. Mobile phones were just emerging, in fact, the first mass-produced mobile (the Nokia 1011) wasn’t even released until 1992. 

Fast forward to today, and text messages are considered the same as phone calls, according to the FCC. The TCPA rules have since been revised and now extend to text messaging. 

Here’s what you need to know about TCPA SMS rules in general:

1. Automatic opt-ins are a no-no

First and foremost, in order to send your customers/subscribers marketing text messages, you must obtain their prior express written consent. This can be via digital methods, such as a contact form, an email or a text. But the point is, the subscriber must willingly opt-in to receive such communications.

2. Be clear about the messages you intend to send

When getting opt-ins, you must be specific about the type of text messages you’ll be sending including how often the subscriber is likely to receive them from you.

3. Keep an audit trail

TCPA rules state that you must keep records of consent from each subscriber.

4. Subscribers must be able to easily withdraw consent

You must provide subscribers with an opt-out mechanism that enables them to opt-out at any time, and provide instructions on how to do this. You must also provide a way for the subscriber to ask for help.

5. Send marketing messages only at appropriate times

Specifically that means not sending your subscribers any messages before 8 am in the morning and after 9 am at night (according to their local time zone).

What is the CTIA, and why should you care?

You may have heard of the Cellular Telecommunications and Internet Association (CTIA) before, particularly in relation to the TCPA. The CTIA is a trade association, run by wireless carrier companies like T-Mobile and AT&T. It aims to protect consumers from unwanted messaging traffic.

Unlike the TCPA, the CTIA isn’t law. But it provides a set of best practice messaging guidelines that you should adhere to when you carry out SMS marketing campaigns. Those guidelines include making sure you’re requesting written consent for marketing messages and that you provide an opportunity for subscribers to revoke consent using keywords like “STOP” and ask for help with a keyword like “HELP”. You should also ensure you provide disclosures such as message and data rates.

While you can get sued if you’re found in breach of the TCPA, you can’t if you violate CTIA messaging principles. However, wireless carriers can block unwanted messaging traffic as they see fit, which will stop your SMS marketing campaign in its tracks. 

How to ensure your marketing is TCPA compliant

The TCPA, with it being federal law, is the main issue to worry about when running SMS campaigns. Following the CTIA messaging principles will stand you in good stead for being TCPA compliant. It’s well worth taking some time to familiarize yourself with the TCPA rules and the CTIA messaging guidelines to make sure you fully understand them. 

Automated marketing apps like Firepush and Tobi can help you meet your compliance obligations. Both apps prompt you to put in place the required permissions, opt-out mechanism and transparent marketing language as you gather sign-ups and deliver your SMS campaigns.

Best practices to follow for being TCPA and CITA compliant

To make sure Shopify store is TCPA/CTIA compliant for when you send marketing messages, you should request consent from subscribers at the point where they hand over their phone number to you. 

You can ask customers to sign-up to your marketing messages in a TCPA-compliant way as they go through your checkout process. 

Example TCPA sms opt in message

Here’s an example of a TCPA SMS opt-in message. As you’ll see, you can request explicit digital consent from customers at the point they provide their phone number. 

Note how the checkout language used at the bottom of the form is clear and provides a way for the subscriber to opt-out or ask for help. Note also, how the content of that language provides details on messaging frequency, the fact that message rates may apply and provides a link to terms and conditions.

SMS marketing terms and conditions

Within your Shopify store’s full terms and conditions, you should have a section that’s dedicated to your SMS marketing practices. There you should set out exactly how you’ll be contacting your subscribers by text message in relation to promotional messages. We recommend you consult a legal professional who is familiar with the TCPA to help you put together the right legal wording for this.

Once you have consent, and you begin sending marketing campaigns, you should provide an opportunity to opt-out or ask for help, in every message that you send.


If you’re a Shopify merchant sending marketing-based text messages to people in the U.S. and Canada, you’re legally obliged to make sure you’re TCPA compliant. It makes sense to follow the messaging principles and best practice guidelines set out by CTIA, as these are designed to protect consumers from spam text messages.

If you have subscribers/customers that reside in the EU, you will also need to make sure your marketing messages are GDPR compliant. Read this article for more information.

The Shopify checkout page is the ideal place to attract subscribers who want to hear about great offers and deals running in your store. By making a few simple changes to the way you collect customer data and to the checkout language that you use, you can achieve the necessary compliance that’ll keep both a federal court and your subscribers happy.

Did this answer your question?