Skip to content

Add SMS consent and A2P messaging disclosures to privacy and terms#53

Merged
TeoSlayer merged 1 commit into
mainfrom
alex/sms-consent-disclosures
Jun 26, 2026
Merged

Add SMS consent and A2P messaging disclosures to privacy and terms#53
TeoSlayer merged 1 commit into
mainfrom
alex/sms-consent-disclosures

Conversation

@Alexgodoroja

@Alexgodoroja Alexgodoroja commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Adds the SMS/A2P 10DLC compliance language carriers require before a messaging campaign can be approved. Phone numbers and SMS consent are now disclosed in the Privacy Policy, and the Terms carry the standard CTIA program disclosures.

Privacy Policy (/privacy)

  • New §4 "Phone Numbers & SMS Messaging" — discloses collection of mobile phone numbers, SMS opt-in/consent records, and message metadata; states messaging is transactional only.
  • Carrier-required clause — mobile information and SMS opt-in/consent data are never sold or shared with third parties or affiliates for their own marketing purposes.
  • Integrated for consistency with the existing document:
    • GDPR legal basis: consent now covers SMS, with STOP as the withdrawal path.
    • Data Retention: new line for phone number & SMS consent records.
    • Sub-Processors: generic "SMS delivery provider" entry (no provider named — none is verifiable in the repo yet; bound by an Art. 28 DPA).
  • Subsequent sections renumbered (5–15); Last updated set to June 26, 2026.

Terms of Service (/terms)

  • New §11 "SMS / Text Messaging Program" with the required disclosures:
    • Program is transactional only (verification codes, security alerts, service notifications).
    • Message frequency varies.
    • Message and data rates may apply.
    • Reply STOP to opt out (with one-time confirmation).
    • Reply HELP for help.
    • Carriers are not liable for delayed or undelivered messages.
    • Eligibility + link back to the Privacy Policy.
  • Changes/Contact renumbered (12/13); Last updated set to June 26, 2026.

Notes for review

  • Scope confirmed as transactional only (no marketing). If marketing messages are ever sent, the consent language must be upgraded to express written consent.
  • SMS provider left unnamed in the sub-processor list — the only key in the repo is a SendGrid (email) key, so no SMS vendor is verifiable. Swap in the real provider name once confirmed.

Verification

  • astro build succeeds; both pages render.
  • check:plain coverage guard passes (privacy/terms intentionally have no plain twin).
  • Confirmed all required phrases render in dist/terms.html and dist/privacy.html.
  • Section numbering is sequential and gap-free on both pages.

Add SMS consent and A2P messaging disclosures to privacy and terms
8a280c0 
Privacy Policy:
- New "Phone Numbers & SMS Messaging" section covering mobile phone
  number collection, SMS opt-in/consent records, and message metadata
- Carrier-required clause: opt-in and consent data are never shared with
  third parties or affiliates for marketing purposes
- Integrated touch-ups: SMS consent in the GDPR legal basis, a retention
  line for phone/consent records, and a generic SMS delivery sub-processor
- Renumbered subsequent sections; updated Last updated date

Terms of Service:
- New "SMS / Text Messaging Program" section with the required CTIA
  disclosures: program is transactional only, message frequency varies,
  message and data rates may apply, reply STOP to opt out, reply HELP for
  help, and carriers are not liable for delayed or undelivered messages
- Renumbered Changes/Contact; updated Last updated date
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

🚀 Preview deployed to Cloudflare Pages

  • Commit deploy URL: https://b0347192.pilotprotocol.pages.dev
  • Branch alias: https://alex/sms-consent-disclosures.pilotprotocol.pages.dev (may take ~30s to propagate)
  • Commit: 8a280c0206138619e11a5fd258321d5aec79d3fa

@Alexgodoroja Alexgodoroja requested a review from TeoSlayer June 26, 2026 19:38
@TeoSlayer TeoSlayer merged commit 0d146dc into main Jun 26, 2026
2 checks passed
@matthew-pilot matthew-pilot deleted the alex/sms-consent-disclosures branch June 27, 2026 23:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TeoSlayer TeoSlayer Awaiting requested review from TeoSlayer

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alexgodoroja @TeoSlayer