TCPA & A2P 10DLC Compliance

1. Who is responsible for what

The customer is the message sender and is responsible for collecting valid prior consent, honoring opt-outs, staying within disclosed campaign content, and maintaining consent records. SiWorks provides the platform controls, documentation, and audit log that make it practical to do so.

2. Brand and campaign registration

Before sending production traffic, every customer tenant must register a Brand and at least one Campaign with The Campaign Registry (TCR) via SiWorks. The platform collects required Brand information (legal name, EIN, address, vertical, website), submits Campaign use cases to carriers, and stores the resulting Campaign ID alongside the customer's sending numbers.

3. Consent capture

• Web opt-in:consent forms must include the brand name, message frequency, “Msg & data rates may apply”, and links to Privacy and Terms.
• In-store opt-in: SiWorks stores a per-record consent timestamp, source store, and capture method.
• Keyword opt-in: reply-to-join keywords trigger an automated confirmation message and update the consent record.
• Imported lists: require customer attestation of prior express written consent. SiWorks does not auto-import numbers without an attestation step.

4. Mandatory message disclosures

The first message in every conversation must include the brand name and an opt-out instruction. SiWorks automatically appends “Reply STOP to opt out” to outbound messages and inserts the brand name from the Campaign registration.

5. Opt-out handling

• SiWorks honors STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, and QUIT keywords automatically across all numbers within the customer tenant.
• Opt-out is recorded as an immutable consent change in the audit log. Subsequent send attempts are blocked at the API layer before reaching Twilio.
• HELP keyword auto-replies with the brand name and contact information.

6. Quiet hours and frequency

SiWorks enforces a default quiet-hours window of 9:00 pm to 8:00 am in the recipient's local time, configurable downward but not upward, in line with TCPA guidance and state-level rules (Florida, Oklahoma, Washington and others).

7. Content controls

• SHAFT-prohibited content (Sex, Hate, Alcohol, Firearms, Tobacco) is blocked by carrier policy and rejected by SiWorks at the campaign-validation layer.
• Outbound traffic must remain within the Campaign use case the customer registered. Drift is flagged for admin review.

8. Throughput and deliverability

SiWorks routes through Twilio's 10DLC throughput tiers assigned by the carriers based on Campaign trust score. Customers see real-time delivery, throttle, and failure metrics in SiMessages. Carrier filtering decisions are surfaced at the individual message level.

9. Audit and recordkeeping

Every consent capture, opt-out, and outbound message is recorded in the customer's audit log and retained for at least four years. Consent records are exportable on request to support TCPA litigation defense.

10. Customer obligations

• Maintain accurate Brand and Campaign registration. Update promptly when business information changes.
• Send only the categories of message disclosed in the Campaign use case.
• Do not transmit numbers obtained from third-party lists without demonstrable prior express written consent.
• Honor opt-outs across every channel — SMS, voice, and marketing email.

11. Reporting concerns

Recipients who believe they received an unsolicited message from a SiWorks-powered sender may email hello@siworks.us with the message body, sending number, and approximate timestamp. We will investigate and route the complaint to the responsible customer.

12. Changes

Carrier rules and TCPA case law evolve. We update this page when material changes occur and notify customer admins by email.