An opt-in is when you ask a customer if you can message them, and they say yes. You need to be clear about what the customer can expect: What type of message do you intend to send, and for what purpose?
It’s also important to note that you can’t repurpose an opt-in for one kind of communication for other kinds of communications. For example, a user who gives you consent to receive a one-time password (OTP) via text message is not consenting to marketing texts.
Under TCPA rules, there are also certain types of opt-ins – including for automated SMS marketing messages – which must be documented in writing. If you plan on sending promotional messages to customers, make sure you’re properly logging all opt-ins. So, what are you expected to keep in your records? Here’s a quick guide to what you should document for your opt-ins. Please refer to the latest CTIA Messaging Principles and Best Practices for the full text.
That’s why many companies use double opt-ins: sending a customer a welcome or initial message after the initial opt-in reminding them that they signed up, and asking them to respond and positively confirm their consent with a keyword (Y, Yes, OK, Begin etc.) This isn’t an industry rule, but it is a best practice, and it is encouraged.
Even if a customer agrees to let you message them with an opt-in, they can always change their mind – and you need to make it easy for them to do so.
The most common opt-out method is to let consumers respond to the SMS with the text “STOP” – but there are other ways to handle opt-outs as well. The Federal Communications Commission (FCC) states that customers must be able to opt-out through “any reasonable means.” This could be a phone call, a text message, a web form, etc. – as long as it's not too complicated for the user.
Make it clear – preferably in each message - how a customer can opt-out, and when they send an opt-out request, make sure you acknowledge it. Failing to do so can get you into trouble.