ManyChat
Submit a ticket

SMS and Email Compliance Laws

With great power comes great responsibility.

We want our users and recipients of their mailings to know the following as the back of their own hand:

  1. Which content is safe to send;
  2. Which contact methods are safe to use and which are prohibited by law;
  3. Rules, principles, and consequences of text messaging;
  4. How to create lawful and interesting messages.

And we're ready to help! This article will be useful for anyone who sends SMS and emails in ManyChat, especially those who are just starting to engage in text marketing. Below you'll find a detailed description of how to successfully use ManyChat for your SMS and email campaigns and ensure compliance with applicable laws.

Note: we cannot offer legal service and our resources should not be interpreted or replaced by legal consulting).

Recommendations by country

US and Canada

ManyChat prioritizes compliance with laws in the design and offering of its products. As a user, you are responsible for your use of ManyChat’s products and your compliance with the laws and regulations applicable to your business and ManyChat’s Terms of Service  https://manychat.com/tos.html.

The information provided here does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this article are for general informational purposes only.

To avoid sending spam you should obtain consent from your customer before sending SMS and/or email.

1. For the US. Under the TCPA, a business must collect and retain the affirmative consent of the customer to send SMS messages for a commercial purpose and provide a method for opting out. To do this, you must disclose that the consent is for commercial messages, and the consumer must affirmatively respond.  

2. For Canada. Under the CASL, a business must also obtain consent to send any electronic message, provide certain disclosures about the business and provide a method for opting out.

The necessary disclosures include:

  1. Purpose of the consent;
  2. Name of the entity seeking consent;
  3. Mailing address for the entity seeking consent;
  4. Email address,
  5. Web address or telephone for the entity seeking consent;
  6. A statement that the consent can be withdrawn.

Tips for obtaining consent: 

  • Always get written consent to send SMS/Email via opt-in. Even if the user registered on your site and left their phone number/email in the registration form, you still need to ensure that appropriate disclosures were made and the consent form complies with the law.
  • Always provide an opportunity to unsubscribe in the easiest and most understandable way and tell your subscribers about it. For example, a subscriber can click UNSUBSCRIBE or send STOP.
  • Always include the name of your business in a message.
  • Only provide content that is valuable to subscribers: discount coupons, shipping/delivery statuses, booking information, useful tips, and tricks.
  • Do not use a misleading title or text. Be specific and correct.
  • Provide recipients with your email address or phone number, website or physical store address, and zip code.
  • Keep track of what mailings are being sent on your behalf, for example, if you have a marketing agency working for you. Both parties are legally responsible for all content sent to users. 
  • Enumerate on your site all the terms and conditions about your mailings and what exactly your business does. 

Remember, it is entirely your responsibility to get the users’ consent to mailings.

Please note: you confirm that you have obtained appropriate consent every time when you create/ import new contacts in ManyChat.

If you add a new contact to ManyChat, make sure that all your customers have agreed to receive SMS/Email from you.

If you add a list of numbers to ManyChat using import, make sure that all of your customers agreed to receive SMS/Emails from you.

How to get consent in ManyChat?

  • For US and Canada use the opt-in flow in Messenger.
    If you are gathering contacts for mailings in Facebook you may use our flow to get phone numbers with consent:
    https://manychat.com/flowPlayerPage?share_hash=104737397559805_dcd6e717cd211ecacd5738826582c9e808cc052f
  • Use a mobile growth tool for your website.

  • Remember, your customers should be able to easily unsubscribe from your texts in the most obvious way: for example, by sending the word STOP in response to SMS and, if you are sending emails, by clicking the Unsubscribe button in the email.
    If a customer has made an opt-out, you should unsubscribe the customer Immediately from mailings. In ManyChat, if someone writes STOP, they will automatically unsubscribe from SMS/email mailings. You should maintain the individual on your permanent "do not contact" list unless they later provide consent again.
  • What type of content can/cannot be sent in messages?
    You can send the status of sending and delivery of goods, verification code for the site/service/application as well as discount coupons, gift certificates, and booking confirmation.
    If you are going to send messages related to alcohol and tobacco or other restricted products, it is your responsibility to ensure that you are in compliance with regulations regarding the legal age and other requirements for marketing such products in compliance with the law.
  • What are the Terms of Service?
    You should use terms of service or some other contractual mechanism governing the relationship with your customer. You can include information in your terms and service regarding the use of SMS and emails, however, you must obtain affirmative consent with the appropriate disclosures for SMS and emails, so burying it in your terms and conditions would not satisfy your compliance obligations.

United Kingdom

A company requires consent from an individual to send them marketing messages (this is a broad definition, including any promotional materials and newsletters).
Consent must be freely given, specific, informed, and unambiguous. The individual must be able to withdraw their consent at any time.
For SMS marketing this means consent must be given at the time the individual provides their phone number, and must be independent of the acceptance of any terms and conditions.
It is best practice at this point to tell the individual how they can withdraw their consent.
We suggest that at the bottom of each marketing SMS, the following language is used:
To opt-out reply STOP

Australia

The Spam Act applies where a business sends a ‘commercial electronic message’ with an ‘Australian link’.
‘Commercial electronic message’ is defined broadly to include SMSs and instant messages that offer, advertise or promote the supply of goods, services, land or business or investment opportunities (or a supplier of those things).
A message has an ‘Australian link’ if it is sent to an Australian recipient, or originates or was commissioned in Australia.

Under the Spam Act, you can send marketing message with an Australian link via ManyChat where the following requirements are satisfied.

  1. The individual has given express consent to receiving the messages. This consent should be obtained before sending the SMS marketing message.
    Express consent requires a deliberate and intentional opt-in to receiving the messages.
  2. Each SMS message contains clear and accurate identification of the individual or organisation who authorised the sending of the message (that is, the company which authorises ManyChat to send the message), and information on how the individual can contact that individual or organisation.
  3. All SMS messages contain a functional unsubscribe facility. Requests to unsubscribe must be honoured within five working days.

We suggest that at the bottom of each marketing SMS, the following language is used:

To opt-out reply STOP

Brazil

In 2018, the General Data Protection Law (Law No. 13,709 – LGPD) was enacted, and despite some ongoing initiatives of the Executive and Legislative branches for its postponement, it is currently set to come into force in August 2020.
Similarly to the GDPR, the LGPD provides for consent as a lawful basis for personal data treatment, and defines it as “a free, informed, and unambiguous expression through which the data subject agrees with the processing of personal data for a determined purpose”. Consent shall be provided in writing or by any other expressive action by the data subject that demonstrates their will, and may be revoked at any time.

We suggest that at the bottom of each marketing SMS, the following language is used:

To opt-out reply STOP

Germany and Netherlands

A company requires consent from an individual to send them marketing messages (this is a broad definition, including any promotional materials and newsletters). Consent must be freely given, specific, informed, and unambiguous. The individual must be able to withdraw their consent at any time. Best practice in Germany and Netherlands also requires a “double opt in” where such consent is subsequently confirmed by the individual.

For SMS marketing this means consent must be given at the time the individual provides their phone number, and ideally confirmed by the individual through a follow-up message prior to sending any marketing messages. Such consent must be independent of the acceptance of any terms and conditions. Individuals should be informed of the specific goods and services the marketing materials would refer to, and how they can withdraw their consent at the point their phone numbers are collected. They should continue to be informed of how they can withdraw their consent in any subsequent marketing messages.

We suggest that at the bottom of each marketing SMS, the following language is used:

To opt-out reply STOP

Once consent is withdrawn, a confirmation message should be sent.
It is best practice for marketing communications not to be sent outside daytime hours.

Mexico

Marketing messages are mainly regulated by two laws: (i) the Federal Law on Consumers’ Protection and (ii) The Federal Law on the Protection of Personal Data Held by Private Parties (the Data Protection Law). Also, one Mexican Standard (Norma Mexicana) shall be observed by e-commerce companies: NMX-COE-001-SCFI-2018 (E-commerce Provisions).

A company requires consent from an individual to send them marketing messages (namely “Marketing, Advertising, or Commercial Exploration” messages). Consent must be freely given, specific, informed and explicit.
When marketing messages are not the main data processing purpose between a data controller and a data subject (e.g. they are not necessary to execute or enforce a legal relationship), Mexican law requires companies (data controllers) to provide individuals an opt-out mechanism to indicate if they do not want to receive marketing messages. Individuals shall be able to opt-out before providing their data to companies. For SMS marketing this means consent must be given at the time the individual provides their phone number and must be independent of the acceptance of any terms and conditions.

When collecting their data, companies must make available a Privacy Notice to individuals. This Privacy Notice shall inform individuals how they can withdraw their consent. The individual must be able to withdraw their consent at any time.

The message seeking consent should only be sent to individuals who are already receiving marketing communications via Facebook, as it may otherwise be seen as a marketing message itself.

References to laws intended to protect the privacy and personal data of consumers in Canada:

1. Name of the law regulating spam in the U. S – TCPA:
https://en.wikipedia.org/wiki/Telephone_Consumer_Protection_Act_of_1991

2. The Canadian anti-spam act – CASL:
https://fightspam.gc.ca/eic/site/030.nsf/eng/home

3. Personal data and document protection act – PIPEDA:
https://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act