WhatsApps Business Rules in Salesforce

Have you ever scratched your head wondering what are the laws in the U.S. for SMS Opt-in and Opt-out when sending text messages as a business?

Since the U.S.’s CAN-SPAM Act. was accepted in 2003, many organizations have been trying to comply with the data privacy laws. This resulted in more businesses understanding the importance of being up to date as more privacy laws are passed on a global scale. However, we can consider that the percentage of scam reports is growing every year with 216 086 reports already for 2022, and 10.6% of them with financial losses. People more than ever are conscious of their privacy.

Trust is everything when it comes down to business, and a way for companies to build that trust is through a strong privacy policy. As a result, gaining consent and complying with the privacy laws is the biggest part of it. Firstly, how to do that? Secondly, what laws require SMS opt-in and opt-out? And Last, how to make sure that you are compliant with every rule and regulation?

The Basics of Getting a Consent

Before we dive deeper into it, it is crucial to understand the legal requirements. When people are giving their consent to a business, they must be informed about the information processing activities to which they consent. Any consent that has been obtained through ambiguous or coercion, vague terms would be considered Invalid.

What is SMS Opt-in?

Opt-in is a process describing a positive action taken by the website visitor or business’s customer, which they should take before the company is legally allowed to collect and process their data (giving consent).

What is an Opt-out from Receiving Text Messages?

Opt-out is when the consent is withdrawn from the user’s side. As we mentioned previously the CAN-SPAM specifically allows people to opt-out after they’ve opted-in.

The Top 3 U.S. Laws for SMS Opt-in and Opt-out


It protects customers from commercial marketing and advertisement text messages from companies that they haven’t set up a relationship with yet. For instance, it is okay for companies to send you transaction text messages. But it is illegal for companies to send you any commercial marketing or advertisement messages without your consent.

The CAN-SPAM Act’s requirements include:

  • Clear Header information – the header must be accurate and clearly identify the business that initiated the message
  • Accurate subject line
  • Identify the message as an add
  • The message should include your valid postal address
  • Clear description of how to opt-out

The Telephone Consumer Protection Act (TCPA)

As one of the primary law’s in the U.S. after 1991 as a reaction to the increase in unregulated and harassing telemarketing calls and faxes. Therefore, its purpose is to limit telephone solicitations and the use of automated mobile equipment. The Act restricts the use of automatic dialing, SMS, fax use, and pre-recorded voice messages without companies obtaining explicit written consent before sending text messages.

Even if there is a relationship between the company and the recipient, the company can only send text messages if the recipient has opted in. Recipients can sue a company that is not following the TCPA guidelines.

The California Consumer Privacy Act (CCPA)

As part of the U.S. laws for SMS Opt-in and Opt-out, the CCPA provides California residents with more control over the personal information that businesses are collecting. It also provides guidance on how to implement the law.

The privacy rights of the CCPA include:

  • The right to know what personal data is being collected and how it is used
  • The right to easily opt-out, as well as request a full list of 3rd party data users
  • They have the right to request their data to be deleted
  • The right to non-discrimination
  • If their guidelines are being violated they have the right to sue the company

To comply with CCPA, businesses should provide them with a “notice of collection” and a clear SMS opt-in and opt-out process for their customers. Your notice of collection should cover the type of personal information you are collecting and how you will use it.

If the business is selling personal data, then the notice must include a link to the business’s privacy policy and a “Do Not Sell” link. If a business is not compliant with the CCPA regulation, it can incur a fine of up to $7,500 per record.

Tips for SMS Opt-in and Opt-out

How to Obtain Consent for SMS Opt-in

You can include your consent wherever you collect your information. You would normally create a TCPA complaint form, email, or paper, and you can set up a keyword for your audience to text your organization over WhatsApp or SMS. For a consent form to be validated, your organization must disclose a few pieces of information:

  • The privacy policy details
  • How to opt-out (unsubscribe)
  • The number of messages a customer should expect
  • How to get help

For instance, a form could include a checkbox that reads “Subscribe to receive text messages from [name of the organization]” with a hyperlink to all necessary disclosures.

However, if you plan on selling personal data the CCPA regulation requires a separate opt-in checkbox that reads “Check to permit the sale of information”.

SMS Opt-in (Inbound Text Message)

For example, customers of ValueText, a Salesforce native messaging app, often prefer to use a keyword query form “START” to conduct a consent. What you can do is create a call to action on any digital and traditional channels (one of them being your website) inviting people to send a text message (keyword) to your organization’s address.

For instance, “Text [insert word] to [insert number] for more information about [insert product name]”.

We also recommend you to set up a double-opt-in by responding with “We would like to send you helpful information each month regarding “Y”. Is this okay with you? Please, respond with YES or NO”.

This type of active consent expires every 18 months. However, you can use apps like ValueText to automate this whole process of obtaining consent every 18 months.

How About Opt-outs?

If the person doesn’t respond to your opt-in and double-opt-in request, consider that an opt-out. It is important to make the opt-out process easy. Firstly, your customers should be able to opt-out by texting you “STOP”, “UNSUBSCRIBE”, “OPT-OUT”, or “CANCEL”.

To make it easier, ValueText provides opt-out backup automation in Salesforce. This automation includes a checkbox that can be found on any Record, effectively blocking any text messages in Salesforce from being sent to that specific Contact.

SMS Opt-in and Opt-out

If you are interested in more details regarding the topic, we have written a separate guide which you can access here.

WhatsApp Opt-in

What about if your company uses also other messaging channels like WhatsApp? Well, WhatsApp allows us to initiate text conversations only by sending messages using a pre-approved template.

WhatsApp Opt-in and Opt-out

When your customer replies, this is considered an opt-in and the session will be active for the next 24 hours. If your customer sends you a text message first, a 24-hour session will be activated without you having to gain consent.


We understand that this whole process of following the U.S. laws for SMS Opt-in and Opt-out might be scary. That is why we have prepared a checklist for you to follow, in order to build trust between you and your customers.

  1. Gain consent with opt-in using a keyword query
  2. Double-opt-in by sending SMS from Salesforce automatically using ValueText
  3. Set up an easy opt-out using ValueText opt-out process
  4. Consider a no response to a double-opt-in as an opt-out
  5. Make it easy for your customers to get help by creating automation using Chatbots which allow the conversation to be transferred to a live agent if the case is escalated (you can do that with ValueText)
  6. Add value by only sending campaign and promotion-specific text messages
  7. Use ValueText automation to renew the 18 months SMS opt-in consent
  8. Never sell or share your user’s information unless they have given their consent.

Once you’ve set up your processes for SMS Opt-in and Opt-out, we encourage you to get familiar with other best tips for sending SMS from Salesforce.

Key Takeaway about SMS Opt-in and Opt-out:

Do not send a text message to request an opt-in, it is Illegal. You can receive a fine between $500-$1500 for each interaction. This depends if the message was sent knowingly and if there was an abuse of information. An unsolicited text or call counts as a violation of the law, which can quickly end up costing you millions of dollars in penalty fines. For example, Amazon paid a fee of $877 million, Google paid out $56.6 million, the telecom company Wind paid a fee of $20 Million, and Domino’s Pizza paid nearly $10 Million all for consent violations.

Navigating through Salesforce and complying with all the laws and regulations might be stressful sometimes. At ValueText, we understand your pain and we would love to give you a hand in your endeavors. You can contact us at support@valutext.io or on our website here.

Other useful articles

Learn how to improve customer communication in Salesforce

Follow Us

Email: sales@valuetext.io ,
B103, Kalpataru, Erragadda, Hyderabad, 500018

© 2022 ValueText. All rights reserved