TCPA Compliance Guide: Sending SMS Review Requests Legally

Published on February 1, 2025

The Telephone Consumer Protection Act (TCPA) governs text message communications in the United States. Non-compliance can result in fines of $500 to $1,500 per message, which adds up quickly when sent across hundreds of customers. For a business sending 100 SMS review requests per month without proper consent, potential liability reaches $60,000 annually. Understanding and following TCPA requirements is essential for any business using SMS for review requests. This guide walks through everything you need to know to stay compliant.

What Is the TCPA?

The Telephone Consumer Protection Act is federal law enacted in 1991 that regulates telemarketing, including text messages. The Federal Communications Commission (FCC) enforces TCPA regulations. The law was designed to protect consumers from unwanted calls, texts, and faxes.

For SMS specifically, the TCPA requires that text messages only be sent to numbers that have provided express written consent. This is stricter than email marketing, which falls under the CAN-SPAM Act with less stringent requirements. TCPA violations are serious—the FCC actively pursues complaints, and penalties accumulate per message.

Important note: TCPA applies to SMS messages sent to cell phones. Messages sent via other channels like email, automated phone calls, or fax have different rules. This guide focuses exclusively on SMS compliance.

Express Written Consent Requirements

The cornerstone of TCPA compliance is express written consent. You must obtain explicit, written permission from a customer before sending them SMS messages. This consent must:

Be in writing. Verbal permission doesn't suffice. The customer must affirmatively agree in a written format (online form, email response, text reply, paper signature, etc.).

Be express and clear. The customer must understand they're opting into text messages and what kind of messages they'll receive. Buried in terms and conditions doesn't work. The consent request must be clear and obvious.

Be specific to your business. A customer who opted into SMS from one business hasn't consented to receive messages from your business, even if your businesses are related. Each business must obtain its own consent.

Include clear notice of what they're consenting to. Tell the customer what types of messages they'll receive (review requests), how frequently, and that message and data rates may apply.

Here's an example of proper consent language: "I agree to receive text messages from Acme Salon regarding appointment reminders, customer service updates, and review requests. Message frequency varies. Message and data rates may apply. I understand I can reply STOP to opt out anytime."

When to Obtain Consent

The best time to obtain SMS consent is during customer onboarding. When customers first provide their phone number to schedule an appointment or make a purchase, include a checkbox or form asking them to opt into SMS. Make it clear and separate from other terms.

For existing customers without documented consent, you have two options: obtain consent going forward before sending any SMS, or stick with email for contacting them. You cannot assume prior implied consent simply because they gave you their phone number.

Keep records of consent. Document when the customer consented, what they consented to, and through which mechanism (checkbox, email opt-in form, etc.). This documentation is your proof of compliance if issues arise.

Opt-Out Requirements

Even with proper consent, customers must have an easy way to stop receiving messages. This is the second pillar of TCPA compliance. Every SMS message you send must include clear instructions for opting out, typically by replying "STOP" or visiting a link.

Your message should end with something like: "Reply STOP to unsubscribe." When a customer sends STOP, you must immediately add them to your do-not-contact list and stop sending them messages. Continuing to send messages after a STOP request is a serious violation.

This applies even to transactional messages. Some businesses mistakenly assume that SMS review requests are transactional and don't need opt-out language. This is incorrect. Review request messages are marketing messages and require opt-out mechanisms.

Implement systems that automatically process opt-out requests. When a customer replies STOP, your system should immediately flag their number as unsubscribed. Manual processes are error-prone and dangerous.

Timing and Frequency Limitations

TCPA doesn't specify maximum message frequency, but sending excessive messages to the same customer can expose you to harassment claims and customer complaints. Industry best practice is to send no more than 2-4 SMS per month to the same customer.

For review requests specifically, send only one request per customer per transaction or experience. Don't send multiple follow-ups unless the customer has engaged positively with the first request. Multiple unsolicited requests feel like harassment and increase opt-out rates.

Avoid sending messages outside normal business hours. Messages sent at 2 AM or on holidays violate no law, but they frustrate customers and increase complaints. Send messages between 9 AM and 8 PM in the recipient's time zone.

Penalties for Non-Compliance

TCPA violations carry serious financial consequences. The FCC can impose penalties of $500 to $1,500 per message. A business sending 100 review requests per month violates the act with each message sent without consent. This creates potential liability of $50,000 to $150,000 monthly.

Additionally, individual consumers have the right to sue for TCPA violations. A customer can file a private lawsuit claiming damages of $500 to $1,500 per message. A customer who received 50 SMS from your business without consent could claim damages of $25,000 to $75,000.

TCPA liability is strict. Intent doesn't matter. A business that genuinely didn't understand the rules is just as liable as one that intentionally violated the law. Ignorance provides no legal defense.

Class action lawsuits are common. A single customer complaint can trigger a broader investigation. If found liable, you might face class action exposure where multiple customers sue collectively, creating astronomical damages.

Compliance Best Practices for Review Requests

Obtain written consent during customer onboarding. Add a clear opt-in checkbox to your appointment booking, registration, or checkout form explicitly asking customers to opt into SMS review requests.

Use compliant platforms. If you're using SMS automation software, verify that it's built to handle TCPA compliance. The platform should maintain consent records, automatically handle opt-outs, and provide audit trails.

Include opt-out language in every message. Every SMS should include "Reply STOP to unsubscribe" or similar language. Make it easy for customers to opt out.

Process opt-outs immediately. When a customer replies STOP, remove them from your contact list immediately. Don't send another message after receiving STOP, even to confirm the opt-out.

Keep detailed records. Document consent dates, opt-out requests, and all communication. If issues arise, your records are your defense.

Train your team. Ensure anyone handling customer communications understands TCPA compliance. A team member accidentally sending SMS to non-consenting customers puts your business at risk.

Audit your practices regularly. Periodically review your SMS processes to ensure compliance. Check that you're maintaining consent records, honoring opt-outs, and following all requirements.

The Bottom Line

TCPA compliance isn't optional or negotiable. SMS review requests without proper consent expose your business to massive financial liability. The cost of compliance—implementing consent collection and opt-out management—is trivial compared to potential penalties.

The good news is that compliance is straightforward. Obtain clear, written consent before sending SMS. Include opt-out language in every message. Respect opt-outs immediately. Maintain records. These practices protect your business and keep your customers happy.