This document includes answers to commonly asked compliance questions by Community Leaders about our services. The information may vary based on your contract terms, customization, and features used.
Are you compliant with the TCPA?
Yes. We take SMS compliance very seriously. We comply with applicable SMS laws, including the Telephone Consumer Protection Act (TCPA), Canadian Anti-Spam Legislation (CASL), and state versions of the TCPA.
Are you compliant with Do Not Call list requirements?
Yes. Our sign up flow relies on prior express consent and we maintain internal Do Not Call lists for each Community Leader that captures when Community Members opts out.
What is “TCR” and why am I being asked to register?
The TCR stands for The Campaign Registry and is a new requirement for businesses using 10 digit phone numbers. It is an anti-spam mechanism used by US mobile carriers that determines your throughput and rate limit. For more information, please read our TCR FAQ.
Can I send messages from multiple numbers?
You can create multiple Community Leader accounts for multiple campaigns. However, you should avoid making any misrepresentations about who is sending the text messages. You should also avoid using multiple phone numbers as an attempt to avoid rate limits set by the mobile carriers (a practice known as SMS snowshoeing). Snowshoeing is prohibited by some SMS carriers and may result in a fine
How do you prevent spam?
Community, our processors, and mobile carriers have a variety of measures in place to prevent members from receiving unwanted spam messages. This may include rate limits, detection of abnormally high opt out rates, and monitoring complaints. Attempting to bypass these measures may result in suspension or removal from Community or other entities in the SMS ecosystem.
Are you a data processor/vendor/service provider?
We are a data controller and data processor for different aspects of our service.
We act as a data controller (or a “business” in CCPA terms) for the information entered by members on registration. During this sign up process, Community Members enter personal information to create a Community account. Then, they must connect and agree to terms to share that data with each Community Leader that they want to text with. If we export Member registration data to you based on that permission, we require that you not sell the data and comply with other measures to prevent Community Leaders from sending spam calls or texts (see our Export Authorization Addendum and CCPA requirements below). We offer the option to add additional disclosures or consents to the sign up flow to enable a particular use of exported personal data (see below).
We otherwise act as a data processor (or a “service provider” in CCPA terms). This includes handling Community Leaders’ account information, such as employees’ names, emails, and logins. It also includes information associated with the Community phone number, such as uploaded logos or images, voicemails, templates, keyword responders, and similar account information. We also act as a data processor when Leaders import personal data into their account, including phone numbers or custom audience information.
For more information, please see our Data Protection Addendum (DPA).
Are you compliant with the CCPA?
Yes. We generally act as a business under the CCPA and don’t sell personal information. When Community Members fill out Community’s registration form, they create a Community account and intentionally select to disclose personal information with each Community Leader (CCPA section 1798.140(t)(2)(A)). To comply with that section of CCPA, we require that you agree to not sell any exported personal information.
Are you compliant with the GDPR?
We don’t currently operate in the UK or EU. Our product is compatible with US and Canadian phone numbers and our data is stored as described in our data subprocessor list. We offer a DPA that covers international data transfers if and to the extent such transfers may occur.
Are you compliant with COPPA?
Yes. Our terms prohibit anyone from becoming a Community Member if they are either “under the age of 13” or “a child for whom parental consent is required to fully use Community under applicable laws.” In addition, our standard registration form includes an age gate for which Community Leaders can set a minimum age.
What are Community's security practices?
Details about our security measures are posted publicly in Annex B of our DPA. While we use encryption on our internal systems, please note that SMS is itself not an encrypted channel. For additional information about our security practices, please reach out to Community.
Message Content Compliance
Community Leaders are responsible for the content of the messages, the timing of the messages, and selecting who receives their messages.
You are responsible for the content of your messages. This includes complying with content guidelines that apply to your messages, such as our own Acceptable Use Policy, our vendors' acceptable policies, and each carrier’s acceptable use policies. There may be fines associated with content that violates the acceptable use policies of our vendors and the carriers. For example, mobile carriers may impose fines for violation of their content guidelines and for grey routing or snowshoeing. For more information on what can and can’t be texted, please see our Acceptable Use Policy.
Timing of the messages
You’re in charge of the timing of your message. Campaigns can be sent immediately or you can schedule messages for a future time and filter by location or time zone. You can also set up autoresponders and automated messages. Different jurisdictions have different rules about when you’re allowed to send marketing or promotional text messages (aka, rules about “quiet hours”). For example, TCPA requires that such messages are sent between 8am and 9pm in the recipient’s timezone and some states limit texting to slightly more narrow hours (e.g., Florida’s quiet hours start at 8pm instead of 9pm). Some areas may restrict sending marketing messages on major holidays, Sundays, or during a natural disaster. SMS laws may also prohibit how many sales messages can be sent per day. For example, the Florida Telemarketing Act prohibits a “commercial telephone seller or salesperson” from sending more than three commercial solicitation messages in a 24 hour period about the same topic or issue.
Who receives messages
You’re in charge of selecting and choosing who receives messages, as well as promoting your Community number. If you’re promoting age-restricted goods (like alcohol or cigarettes) or want to send racy content, ensure your selected audience's age is appropriate. We offer two main methods for enforcing age restrictions when texting Community Members: 1) targeting certain ages for your messaging and 2) restricting the minimum age of people signing up. If you are using a sign up flow that doesn’t collect the member’s age, you should assume that any member could be your selected minimum age and adjust your content accordingly. Please see our Acceptable Use Policy for more information. Additionally, certain regulated areas like housing and loans have anti-discrimination laws that prohibit favoring certain groups of people over others. For example, targeting a message about apartment rentals only to certain genders or age groups could result in regulatory issues. Please consult your attorney about the regulations for your industry.
Adding Custom Legal Language
Can I insert my own legal language into the sign up process?
We offer enterprise customers the ability to add custom legal language to the users’ sign up flow.
What are my options?
There are two main options to add your custom legal language:
1) Additional terms - Your additional legal language appears below our own terms so users will be required to accept your legal language as part of the registration process.
2) Custom checkbox - You can insert a checkbox below our own terms that users can optionally select during the registration process.
We can enable both options at the same time. For mockups, please talk to your account manager or customer support.
What’s the maximum length of the legal language?
Your custom legal language can be a maximum of 400 characters (including spaces and punctuation) and may include links (which are not counted against your character count). By enabling both additional terms and a custom checkbox, that means you have a total 800 characters.
Do you review the legal language?
We review your legal language to ensure it doesn’t contradict our own terms or otherwise conflict with our practice and policies. However, we do not review the language for your legal compliance. Please work with your attorney in drafting language that works for your use case.
Can I make the custom checkbox prechecked by default in the US and unchecked elsewhere?
Yes, we offer this as an option.
Importing Phone Numbers
Phone number imports are an optional feature for certain pricing plans and is subject to our Data Import Addendum. It’s important that you ensure that you have any necessary consents required to send messages to numbers that you import into Community.
What opt-in disclosures do I need to have when collecting phone numbers on my forms?
When importing phone numbers, our import addendum requires that you collect any legally required consent(s) to text Community Members and follow any other applicable laws. This generally means collecting “prior express consent” under the TCPA and similar state laws. SMS laws require users to consent to a number of things, which may include:
- How to consent (e.g,. “Click Accept to consent to receive…”)
- Clear authorization to send automated texts (e.g., “texts”)
- The use case for the message (e.g., “marketing texts”)
- Whether the texts are recurring (e.g., “recurring marketing texts”)
- Which phone number will receive messages (e.g., “to the phone number submitted above…”)
- Who is sending the messages (e.g., “from <company name>”)
- The frequency of the messages (e.g., “daily messages”, “message frequency varies”)
- Any fees that may apply (e.g,. “message and data rates apply”)
- How the user can opt out (e.g., “text STOP to cancel.”)
- Whether a user consent is required as a condition of a purchase (e.g., “consent is not a condition of purchase.”)
- As a best practice, how the user can learn more (e.g., “text HELP for help”)
As always, talk to your attorney about specific language and to learn about your legal obligations. The disclosures required to comply with applicable laws and regulations vary and the specific requirements for your use case may be different. This is not to be taken as legal advice.
What do I need to track when I collect consent?
As a best practice, we recommend that you keep records of the exact language that people agreed to (e.g., a screenshot), the timestamp for each person’s consent, and where the consent was collected (e.g, which page on your website). SMS laws may require you to keep certain records of collected consents and Community may require proof in order to conduct the import, such as the timestamp of the consent and/or your source of the numbers. We may flag or block import files that appear to be purchased lists without consent to receive from you.
Do you scrub imported phone numbers against DNC lists?
We require customers to comply with applicable laws when importing phone numbers. This typically means customers obtain consent to send texts through the language on the forms where they collect their phone numbers. If your business has not obtained prior express consent when collecting numbers for a text campaign, your business may be required to check and comply with public Do Not Call (DNC) lists before importing them into SMS services, as well as comply with any restrictions of the service regarding the importing of such phone numbers.