Strategy November 24, 2025 · Gary Vogt · Updated June 10, 2026
How to Write a Review-Ready SMS Privacy Policy
The exact non-sharing clause TCR requires in your Privacy Policy to pass carrier vetting and avoid instant rejection.
The Non-Sharing Clause Requirement
One of the most misunderstood aspects of A2P 10DLC registration is the Privacy Policy requirement. It's not enough to simply have a privacy policy. It must contain specific language regarding SMS data.
What TCR Looks For
The Campaign Registry (TCR) reviewers are trained to look for a "non-sharing" clause. This clause must explicitly state that mobile phone numbers and SMS consent will not be shared with third parties or affiliates for marketing purposes. GHL documents the SMS section requirements in their opt-in form Privacy Policy and Terms guidelines.
The Exact Language You Need
While you don't have to use this exact wording verbatim, using something very close to it is the safest path to approval:
"No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties."
This canonical wording is documented in GHL Article 26 and is the version TCR reviewers expect to find.
Where to Put It
This clause should be clearly visible in your Privacy Policy. Don't hide it in a massive wall of text. Create a specific section titled "SMS Privacy" or "Text Messaging Policy" so reviewers can find it instantly.
What Else Your Privacy Policy SMS Section Needs
A complete A2P 10DLC-ready Privacy Policy SMS section should include:
- SMS program description (what messages you send and to whom)
- Opt-out instructions (Reply STOP to any message)
- HELP support instructions (Reply HELP for help)
- Message frequency disclosure ("Message frequency varies" or a specific frequency)
- "Msg & data rates may apply" disclosure
- Data collection disclosure (where you collect phone numbers — booking forms, checkout, account creation, etc.)
- Contact information (email and phone) matching what you submitted to TCR during brand registration
A common mistake: some agencies put the message frequency and "Msg & data rates may apply" disclosures only in their opt-in checkboxes and confirmation messages, then leave them out of the Privacy Policy. They belong in BOTH places — they're required Privacy Policy elements. Copy-paste templates for the full section are in our Privacy Policy & ToS templates guide.
Get Your Privacy Policy Pre-Checked Before TCR Sees It
Easy A2P scans your Privacy Policy for the non-sharing clause, frequency disclosures, opt-out instructions, and 100+ other checks. You get a pass/warn/fail score for each section before you submit to TCR, not days after. The first 3 reviews are free. No card required.
Audit your Privacy PolicyWritten by Gary Vogt
Builder of Easy A2P — a registration toolkit built for GoHighLevel agency owners