• Features
  • Pricing
  • Migration
  • Integrations
  • Resources

SMS privacy policy template: Free options for 2026

Quick sign up | No credit card required

Drive sales on autopilot with ecommerce-focused features

See Features

An SMS privacy policy template gives your ecommerce store a compliant, ready-to-publish starting point — so you can launch text marketing without guessing at the legal language.

This guide includes multiple ready-to-use templates that you can copy, customize, and publish for your store. You’ll find options for different ecommerce needs, along with practical guidance on choosing the right template for your business in 2026.

Having a proper SMS privacy policy template is important for more than legal compliance. It helps you meet carrier requirements and build trust with subscribers before they share their phone numbers. A clear policy can support successful SMS campaigns.

Beyond the templates, we cover the context that makes them work — what an SMS privacy policy is, the laws that govern it (TCPA, GDPR, CCPA, CASL, and 10DLC), and how to add one to a Shopify store.

Launch compliant SMS campaigns faster with Omnisend’s built-in consent, compliance, and automation tools

Quick sign up | No credit card required

SMS privacy policy templates (copy-paste ready)

An SMS privacy policy template helps ecommerce businesses explain how they collect, use, and protect customer information for text messaging programs. 

Below are customizable templates for general ecommerce stores, abandoned cart campaigns, Shopify stores, and SMS marketing programs.

Note — These templates are for informational purposes only and do not constitute legal advice. Consult qualified legal counsel to ensure your SMS privacy policy complies with all applicable laws in your jurisdiction.

General ecommerce SMS privacy policy template

Use this general ecommerce SMS privacy policy template if your store sends promotional or transactional SMS messages.

[BRAND NAME] SMS privacy policy

Last updated: [DATE]

1. Information we collect

When you opt-in to our SMS program, we collect your mobile phone number and the consent record (date, time, and the form or checkout where you opted in). We may also link your number to order history, browsing activity, and abandoned cart data from [WEBSITE URL].

2. How we use your information

We use your number to send the messages you signed up for: promotional offers, cart reminders, price drop alerts, restock notifications, and transactional updates such as order and shipping confirmations.

3. How we share your information

We do not sell, rent, or share your SMS opt-in consent or phone number with third parties or affiliates for their own marketing. We share data only with service providers (our SMS platform, analytics, and carriers) under data processing agreements, and only to deliver the service.

4. Opt-in and opt-out

Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe at any time, or HELP for help. You can also contact us at [EMAIL] to be removed.

5. Data retention

We retain your number and consent record while you’re subscribed and for [X] months after you opt out, to honor suppression and meet legal record-keeping requirements.

6. Data security

We protect your information with [ENCRYPTION/ACCESS CONTROLS] and limit access to staff who need it.

7. Updates to this policy

We may update this policy and will post the revised version at [POLICY URL] with a new “last updated” date.

8. Contact us

For questions, contact [BRAND NAME] at [EMAIL], [PHONE], or [MAILING ADDRESS]. We respond within [X] business days.

Copy text

SMS privacy policy template with abandoned cart clause

This variant builds on the general SMS privacy policy template for stores that run behavioral SMS — abandoned cart, browse abandonment, and price drop alerts.

Running automated behavioral SMS campaigns doesn’t have to increase your marketing costs. With Omnisend’s SMS price drop, ecommerce brands can send automated SMS messages at a lower cost, with pricing now starting at $0.007 per message.

Add the marked clauses to disclose the triggers you actually use, since carriers and The Campaign Registry expect this language to be explicit.

[ADD TO SECTION 1 — Information we collect]

We collect behavioral data to power triggered messages, including items added to your cart, products viewed, items left at checkout, and price changes on products you’ve shown interest in.

[ADD THIS CLAUSE for abandoned cart programs]

Abandoned cart and browse reminders: If you add items to your cart or browse products and don’t complete checkout, we may send reminder texts about those items. The STOP and HELP instructions above apply to them.

[ADD THIS CLAUSE for price drop programs]

Price drop and restock alerts: If you opt-in, we may text you when a product you viewed or saved drops in price or comes back in stock. We base these alerts on your browsing and purchase activity at [WEBSITE URL].

[ADD THIS CLAUSE for behavioral-trigger programs]

How automated texts are triggered: Some messages are triggered automatically by your activity — for example, leaving items in your cart. You can stop all automated and promotional texts at any time by replying STOP, and that won’t affect your order or shipping updates.

Copy text

SMS privacy policy template for Shopify stores

Shopify stores collect a few data types worth naming directly — pixel and cookie tracking, Shopify customer account data, and purchase history tied to the Shopify checkout.

An SMS privacy policy template Shopify stores should list those details so your policy matches what your store actually does.

[BRAND NAME] SMS privacy policy — Shopify

Last updated: [DATE]

1. Information we collect

We collect your mobile number and consent record when you opt-in at checkout, in a pop-up, or on a signup form. Through our Shopify store and its tracking pixel and cookies, we also associate your number with Shopify customer account data, order history, and on-site browsing at [SHOPIFY STORE URL].

2. How we use it

We send the SMS you opted into — order and shipping updates, cart reminders, and promotions — and use Shopify purchase and browsing data to make those messages relevant.

3. Sharing

We don’t share your SMS consent or number with third parties or affiliates for their marketing. Data flows only to our SMS platform, Shopify, and service providers under data processing agreements.

4. Opt-in and opt-out

Message frequency varies. Message and data rates may apply. Reply STOP to opt out or HELP for help.

5. Data retention and security

We retain your number and consent record while you’re subscribed and for [X] months after opt-out, then delete or anonymize it. We protect your data with encryption and limited staff access, and rely on Shopify’s own security standards.

6. Updates and contact

We may update this policy and will post the current version at [POLICY URL] with a new “last updated” date. For questions, contact [BRAND NAME] at [EMAIL] or [MAILING ADDRESS].

Copy text

SMS terms and conditions template

Your SMS terms and conditions are a separate document from your privacy policy.

The privacy policy explains how you handle data. The terms and conditions set the program rules — frequency, rates, and liability. Publish both, and link to both at the point of opt-in.

[BRAND NAME] SMS terms and conditions

Program description: By opting in, you agree to receive recurring automated marketing and transactional text messages from [BRAND NAME] at the number provided. Consent is not a condition of purchase.

Message frequency: You’ll receive up to [X] messages per [week/month]. Frequency may vary.

Message and data rates: Message and data rates may apply, based on your mobile carrier plan.

Opt-out: Reply STOP at any time to cancel. You’ll get one confirmation message, then no further texts.

Help: Reply HELP for help, or contact [EMAIL] / [PHONE].

Liability: Carriers are not liable for delayed or undelivered messages. [BRAND NAME] provides this program “as is” and isn’t responsible for issues caused by your carrier or device.

Consent: You confirm that you’re the account holder for the provided number, or that you have permission to opt it in. Consent is not required to make a purchase.

Privacy: We handle the data associated with this program under our SMS privacy policy at [POLICY URL], including the data, sharing, and retention terms.

Changes: We may update these terms at any time and will post the current version at [TERMS URL] with a revised date.

Copy text

Real-world SMS privacy policy examples

A good SMS privacy policy template provides the right structure, but real published policies show how organizations explain their SMS practices in practice. 

Reviewing existing examples can help you understand how brands handle important details such as consent, opt-out instructions, data sharing, message frequency, and customer communication rules.

Here are three public SMS privacy notices worth studying — note how each handles opt-out, data sharing, and message-rate disclosure.

  • UNICEF USA: Its SMS privacy statement spells out opt-out by texting STOP or QUIT to its short code. It discloses that messages are routed through a third-party service provider and explains that some administrative messages may still be sent when necessary. The SMS privacy policy is straightforward for subscribers to understand before joining the program:
SMS privacy policy template: example of a published SMS privacy statement
Image via UNICEF USA
  • University of Nevada, Reno: The University of Nevada, Reno SMS privacy policy clearly states its commitment to subscriber data protection. It explains that opt-in information and consent records aren’t shared with third parties or affiliates for marketing, except as required by law.
  • Indiana University: Its SMS opt-in terms and conditions specify the types of messages users may receive, including admissions updates, event notifications, and important university information. It also explains message frequency, opt-in steps, and references the TCPA’s permitted sending window.

What is an SMS privacy policy?

An SMS privacy policy is a document that explains how your business collects, uses, stores, and shares the data associated with your text messaging program — primarily phone numbers and the consent associated with them.

It’s specific to SMS, which is what sets it apart from your general website privacy policy. It’s also different from your SMS terms and conditions. The privacy policy is about data handling. The terms and conditions cover program rules such as frequency, rates, and how to opt out.

A typical SMS privacy policy covers:

  • What data do you collect (phone number, consent record, behavioral data)
  • How you use it (which message types you send)
  • Who you share it with (and the promise not to sell it)
  • How subscribers opt-in and opt out
  • How long do you keep data, and how do you secure it

For SMS marketing, this is the document that carriers, regulators, and customers consult when they want to know what you do with a phone number.

SMS privacy policy vs. SMS terms and conditions: What’s the difference?

An SMS privacy policy and SMS terms and conditions serve different purposes, but both help create a compliant text messaging program. 

A privacy policy explains how you collect and use subscriber data. Terms and conditions explain the rules customers agree to when joining your SMS program. Here’s a breakdown of how the two documents differ.

SMS privacy policySMS terms and conditions
PurposeExplains how you handle subscriber dataSets the rules of the messaging program
What it coversData collected, usage, sharing, retention, securityFrequency, message, and data rates, opt-out, liability
Regulatory driverPrivacy law (GDPR, CCPA, and more)Consent and carrier rules (TCPA, 10DLC)
Where it's displayedLinked at opt-in and in your site footerLinked at opt-in, next to the consent checkbox

In essence, SMS privacy policy answers “what happens to my data,” the terms and conditions answer “what am I signing up for.” When creating an SMS privacy policy template, you should also prepare matching terms that explain the messaging experience.

You can publish these documents separately or combine them into one page with clearly labeled sections. For ecommerce stores, the best approach is to make both easy to find before customers subscribe, as this follows SMS compliance requirements.

Why your ecommerce store needs an SMS privacy policy

For an ecommerce store, a detailed SMS privacy policy template can help you create a policy explaining how subscriber data is collected and used. This is important when managing SMS marketing for ecommerce, as it helps meet legal compliance, carrier requirements, and earn subscriber trust.

The two major reasons every store needs an SMS privacy policy are explained below.

Legal requirements: TCPA, GDPR, CCPA, and CASL

The personal text message privacy laws that apply to your SMS marketing depend on where your subscribers live. Here’s the quick map.

RegulationJurisdictionKey SMS requirement
TCPAUnited StatesPrior express written consent before marketing texts, plus a clear opt-out in every message
GDPREuropean UnionA lawful basis (usually explicit consent) for SMS marketing, and allows subscribers to withdraw consent at any time
CCPA/CPRACaliforniaNotice of the data you collect, and you honor consumer rights related to personal information
CASLCanadaExpress consent, sender identification, and a working unsubscribe in every message
PECRUnited KingdomSpecific prior consent for marketing texts, with limited exceptions under soft opt-in rules

The FCC One-to-One Consent Rule proposed in 2023 under TCPA would have required businesses to obtain separate, blanket consent for different brands or shared third-party leads. 

However, the U.S. Court of Appeals for the Eleventh Circuit vacated it in January 2025, and it’s not in effect as of June 2026.

Nonetheless, businesses must still comply with existing FCC-enforced TCPA consent requirements. Buying shared or third-party lead lists can create compliance issues and block message delivery.

Evolving state laws: State-level SMS regulations and rules are changing fast in 2026, and the details vary. Always check your state’s current statutes and consult legal counsel. Here are two recent examples:

  • Texas SB 140: Expanded the definition of “telephone solicitation” to include text messages. Violations may be subject to the Texas Deceptive Trade Practices Act (DTPA), which can result in treble (triple) damages. Effective September 1, 2025.
  • Virginia SB 1339: Requires businesses to honor consumer SMS opt-out requests for up to 10 years. Effective January 1, 2026. 

10DLC registration and carrier compliance

10DLC (10-digit long code) is the messaging standard used by USA mobile carriers for application-to-person (A2P) business texting. Ecommerce brands must register their SMS campaigns before sending messages at scale. Registration happens through The Campaign Registry (TCR). 

A privacy policy is an important part of this process. Carriers review it during campaign approval. Without one, your campaign can be rejected and your messages blocked.

During 10DLC registration, carriers and TCR typically check that:

  • Your privacy policy is hosted on your own website domain and mentions SMS specifically
  • Your opt-in SMS flow shows clear, unchecked consent with links to your policy and terms
  • Your opt-out (STOP) and HELP responses are in place
  • Your policy states that SMS consent and numbers aren’t shared with third parties for marketing

Common TCR rejection codes and how to prevent them

The Campaign Registry rejects many first-time submissions, and most rejections stem from the opt-in experience and the privacy policy. Here are common reasons for rejection:

1. Error 806/861 (unclear consent CTA): The opt-in call to action is ambiguous or missing active links to your privacy policy and terms.

Fix: Place clear, unchecked opt-in text next to the phone field, with full, active URLs.

2. Error 9112 (pre-checked consent boxes): The consent box is pre-checked or required. 

Fix: Make sure it’s unchecked by default and freely given.

3. Error 9103/9105 (missing or inaccessible opt-in URL): TCR can’t locate your live opt-in form, or it’s missing the required language. 

Fix: Provide the exact live URL where the signup form and its consent text are visible.

4. Third-party data sharing: Your policy suggests that SMS details could be shared with third parties for marketing purposes. 

Fix: Add an explicit non-sharing clause.

What to include in your SMS privacy policy

A compliant SMS privacy policy should explain how your store collects, uses, and protects customer phone numbers. 

Every clause in the SMS privacy policy templates above serves a purpose. For ecommerce brands, these clauses support SMS campaign approval. Here’s what each required element involves.

Data collection and usage

Ecommerce brands collect customer details to send relevant messages, manage orders, and improve shopping experiences. Explaining these uses to subscribers can build trust and support compliance.

Common data types include:

  • Phone number and consent records: Used to send SMS messages that customers have agreed to receive
  • Purchase history: Used for order updates, personalized offers, and replenishment reminders
  • Browsing behavior and product views: Used for product recommendations, price alerts, and restock notifications
  • Abandoned cart and checkout data: Used to send cart recovery messages and complete purchases

Data sharing and third-party disclosure

State plainly that you don’t sell or share SMS subscriber data with third parties for their own marketing.

You can note that data is shared with service providers — your SMS platform, analytics tools, and carriers — under data processing agreements, strictly for the purpose of running the program.

This non-sharing clause also keeps you clear of the most common 10DLC rejection. Word it explicitly: “SMS opt-in consent and phone numbers will not be shared with third parties or affiliates for marketing purposes.”

Opt-in and opt-out procedures

Explain how customers give consent and how they withdraw it. Use clear and simple language. 

Customers usually opt-in at checkout, through popups, or by texting a keyword. They can opt out at any time by replying STOP or using an unsubscribe link.

Updating your website footer is no longer enough on its own to satisfy carriers. Your privacy policy and terms of service links must appear where customers give SMS consent.

Place the links directly below the checkbox on popups, landing pages, and checkout forms.

A clear opt-in message might read: “Text JOIN to [SHORT CODE] for [X] offers per month. Message and data rates may apply. Reply STOP to cancel, HELP for help.” Pair it with an unchecked checkbox and links to your policy and terms.

Data retention and security

Your privacy policy SMS template should explain how long you keep subscriber data.

Many stores keep phone numbers while subscribers remain active. They may also keep opt-out records for compliance.

Security measures should protect customer information from unauthorized access. Use safeguards such as encryption for stored and transmitted data.

For example, a store may keep customer numbers for SMS updates while limiting access to approved staff.

Policy updates and contact information

Explain how and when you update the policy. Add a “last updated” date whenever you revise the policy. Notify subscribers about major changes through your usual communication channels. Committing to an annual review is good practice that also signals diligence.

Your policy should also include clear contact details:

  • Business name and mailing address
  • Support email
  • Support phone number

Make these details easy to find. Subscribers should know who to contact about their personal data.

How to add your SMS privacy policy to your Shopify store

Adding an SMS privacy policy to Shopify requires creating a policy page and linking it to your SMS consent points.

The steps below cover creating the page and wiring it into your opt-in points:

1. Go to Settings > Policies in Shopify to add your privacy policy. Use Shopify’s built-in SMS privacy policy template free option or create a custom policy under Online Store > Pages

SMS privacy policy template: A computer screen shows a settings page with sections for privacy policy and terms of service. A large green arrow points to a Create from template button below the privacy policy text box.
Image via Shopify 

2. Add your privacy policy link to SMS signup forms, popups, and landing pages. Place the link near the consent checkbox so customers can review it before subscribing.

3. If you send automated abandoned checkout messages, state this clearly beside the checkout consent checkbox. Carriers expect this disclosure during SMS campaign reviews.

To update the checkout message:

4. Go to Settings > Checkout in your Shopify admin.

5. Find the Marketing opt-in section.

6. Use the Theme Language Editor to customize the opt-in text next to the checkbox, so it explicitly mentions checkout reminders or abandoned cart alerts.

How Omnisend helps you stay SMS-compliant

Built for ecommerce, Omnisend gives your store the compliance scaffolding it needs to run SMS the right way — without bolting on extra tools.

It handles the parts of compliance that stores most often get wrong:

  • Consent collection built into signup forms, popups, and checkout, with the policy and terms links right at the point of opt-in
SMS privacy policy template: A website editor displays a form for Limited time Spring deals, prompting users for their phone number. The sidebar shows form elements, and the right panel highlights a dropdown set to Collect SMS consent (TCPA). Blossoms decorate the form.
Image via Omnisend
  • Automatic STOP and opt-out handling, so unsubscribes are honored without manual work
  • Native Shopify integration (plus WooCommerce, Wix, and BigCommerce) that keeps customer and consent data in sync
  • SMS automation flows, including abandoned cart and price drop alerts, that respect your consent rules
  • Global SMS support (unlike competitors such as Klaviyo, GetResponse, and ActiveCampaign that limit SMS to the USA/Canada/UK/Australia) and built-in compliance workflows that help you stay on track

Omnisend’s free plan opens up its ecommerce features. Merchants on paid plans see an average return of $79 for every $1 spent, based on Omnisend’s 2025 Ecommerce Marketing.

Here’s a real example of these results in action.

Online hair product retailer Divatress switched from Mailchimp to Omnisend for SMS marketing and seamless Shopify integration.

The results show what a compliant, well-run SMS program can do: the store grew its SMS list to nearly 70,000 subscribers in eight months, and 54% of its Omnisend-driven revenue now comes from automated workflows.

Its abandoned cart series averages a 29% conversion rate, and by the store’s own account, three months of SMS sales paid for a full year of Omnisend. See full success story here.

Conclusion

A compliant SMS privacy policy template does three things for your store — it protects you legally, helps you through carrier and 10DLC registration, and builds subscriber trust that keeps your list healthy.

The templates here are a practical starting point you can publish quickly. Just adapt the placeholders and have legal counsel confirm the details for your jurisdiction.

SMS compliance isn’t a one-time task. Laws shift, carrier rules tighten, and your program grows. Treat your policy as an adaptable document you review at least once a year.

Get the foundation right now, and your store can keep sending text messages that reach customers and stay on the right side of the rules.

Grow ecommerce revenue with Omnisend by building compliant SMS campaigns and automations quickly

Quick sign up | No credit card required

Vytautas Palubeckas
Article by

Vytautas is a Content Project Manager at Omnisend. An old soul in a strange body, trying to decipher the meaning behind the cryptic messages the unknown is sending us every minute of the day.


Subscribe and don’t miss any updates!

No fluff, no spam, no corporate filler. Just a friendly letter, twice a month.