SMS Addendum
SMS Addendum to Terms of Service
1. INTRODUCTION AND PURPOSE
This SMS Addendum ("Addendum") supplements and forms part of the Terms of Service between Peaberry Software, Inc. d/b/a Customer.io (http://Customer.io) ("Customer.io (http://Customer.io)," "we," "us," or "our") and you, the customer ("Customer," "you," or "your"). This Addendum governs your use of Customer.io (http://Customer.io)'s SMS messaging services ("SMS Services").
By using Customer.io (http://Customer.io)'s SMS Services, you acknowledge that you have read, understood, and agree to be bound by this Addendum in addition to our Terms of Service. If there is any conflict between this Addendum and the Terms of Service, the terms of this Addendum shall prevail with respect to the SMS Services.
2. DEFINITIONS
For the purposes of this Addendum, the following terms shall have the meanings set forth below:
"A2P" means Application-to-Person messaging, which refers to SMS messages sent from an application, platform, or system to an individual's mobile device.
"CTIA" means the Cellular Telecommunications Industry Association, a trade association representing the wireless communications industry that establishes guidelines for SMS messaging.
"End User" means any individual who receives SMS messages sent by you through Customer.io (http://Customer.io)'s SMS Services.
"Mobile Carrier" means any wireless telecommunications provider that enables the transmission of SMS messages to mobile devices.
"MMS" means Multimedia Messaging Service, a messaging service that allows the transmission of multimedia content such as images, videos, or audio through mobile networks.
"Short Code" means a 5 or 6-digit number used for high-volume SMS messaging.
"SMS" means Short Message Service, a text messaging service component of most telephone, internet, and mobile device systems.
"SHAFT" refers to prohibited content categories of Sex, Hate, Alcohol, Firearms, and Tobacco, which are restricted or prohibited by Mobile Carriers and governing regulations.
"TCPA" means the Telephone Consumer Protection Act of 1991, a United States federal law that restricts telephone solicitations and the use of automated telephone equipment.
"10DLC" means 10-Digit Long Code, a standard 10-digit phone number registered with Mobile Carriers for A2P messaging.
3. COMPLIANCE REQUIREMENTS
3.1 General Compliance
You shall comply with all applicable laws, regulations, and industry guidelines related to SMS messaging, including but not limited to:
(a) The Telephone Consumer Protection Act (TCPA) and its implementing regulations;
(b) The Cellular Telecommunications Industry Association (CTIA) Messaging Principles and Best Practices;
(c) Mobile carrier requirements and acceptable use policies;
(d) Federal Trade Commission (FTC) regulations regarding unfair or deceptive acts or practices, including the Telemarketing Sales Rule;
(e) The CAN-SPAM Act or similar regulations, to the extent applicable to commercial SMS messages;
(f) State-specific laws and regulations governing SMS messaging; and
(g) Any other applicable laws or regulations.
3.2 Express Written Consent
(a) You must obtain express written consent from each End User prior to sending any SMS message through the SMS Services. Such consent must be documented and stored in a manner that complies with applicable laws and regulations.
(b) Express written consent must be obtained through a clear and conspicuous disclosure that specifically states: (i) The End User is authorizing you to send SMS messages using an automatic telephone dialing system; (ii) The specific types of messages the End User will receive (e.g., marketing, transactional, informational); (iii) The approximate frequency of messages (e.g., "up to 4 messages per month"); (iv) That message and data rates may apply; (v) That consent is not required as a condition of purchasing any property, goods, or services; and (vi) Instructions on how to opt out of receiving future messages.
(c) You shall not rely on express written consent obtained by a third party unless that consent specifically identified you by name as a sender of SMS messages and otherwise complies with the requirements of this Addendum and applicable law.
Sample Consent Language
When collecting consent via a form with a checkbox (must be unchecked by default):
"By checking this box, you agree to receive recurring automated promotional and personalized marketing text messages (e.g., cart reminders) from [Your Company Name] at the cell number used when signing up. Consent is not a condition of any purchase. Reply HELP for help and STOP to cancel. Msg frequency varies. Msg & data rates may apply. View [Terms] & [Privacy]."
When collecting consent via form submission:
"By submitting this form, you agree to receive recurring automated promotional and personalized marketing text messages (e.g., cart reminders) from [Your Company Name] at the cell number used when signing up. Consent is not a condition of purchase. Reply HELP for help and STOP to cancel. Msg frequency varies. Msg & data rates may apply. View [Terms] & [Privacy]."
3.3 Opt-Out Mechanisms
(a) Every SMS message you send must include clear and simple opt-out instructions, such as "Reply STOP to unsubscribe."
(b) You must honor all opt-out requests immediately and send a confirmation message acknowledging the opt-out request.
(c) You must maintain a list of all phone numbers that have opted out and ensure that no further messages are sent to those numbers.
(d) You must recognize and process the following opt-out keywords: "STOP," "CANCEL," "END," "QUIT," "UNSUBSCRIBE," "OPT-OUT" and "REVOKE".
(e) Opt-out requests must be processed free of charge to the End User without requiring additional steps beyond sending the opt-out keyword and should provide a final message confirming opt-out.
3.4 Message Content and Timing
(a) All SMS messages must clearly identify you as the sender in the message body.
(b) To avoid subscriber fatigue and potential compliance issues, you should adhere to these frequency best practices: (i) No more than one (1) marketing message per day to a single End User; (ii) No more than four (4) marketing messages per week to a single End User; (iii) No more than ten (10) marketing messages per month to a single End User; and (iv) No more than three (3) SMS messages about the same subject within a 24-hour timeframe.
(c) SMS messages may only be sent between 8:00 AM and 9:00 PM in the recipient's local time zone. Note that some states may have more restrictive hours, such as Florida, Oklahoma, and Washington: 8:00 AM to 8:00 PM in the local time zone.
(d) In some instances, Customer.io (http://Customer.io)'s platform will may automatically enforce these restrictions based on the recipient's area code or indicated time zone, but it is ultimately your responsibility to comply with these requirements.
4. CUSTOMER RESPONSIBILITIES
4.1 10DLC Registration
(a) If you use 10DLC numbers for your SMS messaging, you must complete all required registration processes with The Campaign Registry and provide Customer.io (http://Customer.io) with all necessary information to facilitate this registration.
(b) You must provide accurate and truthful information during the 10DLC registration process, including but not limited to: (i) Legal company name; (ii) Physical business address; (iii) Business website; (iv) Business tax ID or EIN; (v) Authorized point of contact; and (vi) Detailed use case information.
(c) You are responsible for maintaining the accuracy of your 10DLC registration information and must promptly notify Customer.io (http://Customer.io) of any changes.
(d) You acknowledge that failure to properly register your 10DLC campaigns may result in message filtering, blocking, or other delivery issues.
4.2 Record Keeping
(a) You shall maintain accurate and complete records of all SMS messaging activities for a minimum of four (4) years after the last message is sent to the End User, including but not limited to: (i) Opt-in records with timestamps, the specific method of consent, and Express Written Consent; (ii) The content of all messages sent; (iii) Delivery receipts; (iv) Opt-out requests; and (v) Any customer complaints or inquiries related to your SMS messages.
(b) You shall make these records available to Customer.io (http://Customer.io) upon request, particularly in the event of an audit by Mobile Carriers or regulatory authorities.
4.3 Testing and Validation
(a) You shall validate all destination phone numbers before sending SMS messages to ensure they are valid mobile numbers.
(b) You shall test all message templates, links, and call-to-action mechanisms before deploying them to your full audience.
5. PROHIBITED CONTENT AND ACTIVITIES
5.1 Prohibited Content (SHAFT)
You shall not send SMS messages that contain any SHAFT content (Sex, Hate, Alcohol, Firearms, Tobacco) or other prohibited content as detailed below and in Attachment A:
(a) Content related to illegal activities or products;
(b) Content that promotes or references illegal drugs, including cannabis or CBD products (even where legal under state law);
(c) Content related to tobacco, vaping, or e-cigarette products;
(d) Content related to alcohol, except where permitted by law and with proper age verification mechanisms in place;
(e) Content related to weapons, ammunition, or firearms;
(f) Content of a sexually explicit or pornographic nature;
(g) Content that promotes gambling or lottery services, except where permitted by law;
(h) Content that contains hate speech, harassment, or content that discriminates against protected classes;
(i) Content that is deceptive, misleading, or fraudulent;
(j) Content that impersonates another individual or entity; or
(k) Content that violates any intellectual property rights.
5.2 Prohibited Activities
You shall not engage in any of the following activities:
(a) Sending unsolicited messages to individuals who have not provided Express Written Consent;
(b) Purchasing, renting, or using third-party lists of phone numbers;
(c) Harvesting or scraping phone numbers from websites or other public sources;
(d) Sending messages to End Users who have opted out;
(e) Sending messages outside of permitted hours (8:00 AM to 9:00 PM in the recipient's local time zone);
(f) Using URL shorteners from free public services (e.g., bit.ly (http://bit.ly), tinyurl.com (http://tinyurl.com)) that may trigger spam filters;
(g) Sending messages with excessive use of capital letters, special characters, or multiple exclamation points that may trigger spam filters;
(h) Sending messages that do not identify you as the sender;
(i) Sending messages that do not include opt-out instructions; or
(j) Attempting to circumvent carrier filters or other compliance mechanisms.
6. DATA SECURITY AND PRIVACY
6.1 Shared Responsibility
(a) Data protection in SMS messaging follows a shared responsibility model. Customer.io (http://Customer.io) is responsible for securing data within our systems and infrastructure, while you are responsible for the content you send and ensuring compliance with privacy laws applicable to your End Users.
(b) You acknowledge that SMS messages are not encrypted when transmitted over mobile carrier networks outside the Customer.io (http://Customer.io) infrastructure. When messages leave the Customer.io (http://Customer.io) systems, they enter the mobile carrier network where they may be subject to the technical limitations of the SMS protocol.
(c) Due to inherent limitations of the SMS protocol, you should not include sensitive personal information, financial data, or protected health information in the content of SMS messages.
(d) From time to time, telecommunication providers may change or modify their rules, requirements, and policies (collectively "Carrier Policies"). We will make reasonable efforts to notify you of changes to Carrier Policies through, for example, email, in-app notifications, or technical documentation. You are responsible for complying with all Carrier Policies that apply to your use of the SMS Services.
6.2 Data Handling
(a) Customer.io (http://Customer.io) encrypts SMS-related data at rest and in transit within our systems using industry-standard encryption technologies.
(b) You acknowledge that by using this service, an additional subprocessor is added to the Customer.io (http://Customer.io) subprocessor list (https://customer.io/legal/sub-processors (https://customer.io/legal/sub-processors)) as follows:
Twilio, Inc. A2P messaging USA (https://www.twilio.com/)https://www.twilio.com (https://www.twilio.com)
(c) You are responsible for implementing appropriate safeguards to protect End User data in your systems before transferring it to Customer.io (http://Customer.io).
(d) You shall maintain appropriate technical and organizational measures to protect personal data of End Users and to comply with applicable data protection laws.
6.3 International Messaging
(a) If you send messages to End Users outside the United States, you must comply with the applicable laws and regulations of both the United States and the recipient's country.
(b) Different countries have specific regulations governing commercial SMS messages. You are responsible for ensuring compliance with these country-specific requirements.
(c) Customer.io (http://Customer.io) may block messages to certain countries or impose additional requirements for international messaging due to regulatory constraints.
7. REPRESENTATIONS AND WARRANTIES
7.1 Customer Representations and Warranties
You represent and warrant that:
(a) You have all necessary rights, licenses, and permissions to use any content included in your SMS messages;
(b) You will not resell, sublicense, or timeshare the SMS Services, or use them on behalf of anonymous or other third parties;
(c) You will implement appropriate security measures to protect End User data; and
(d) You will comply with all provisions of this Addendum.
7.2 No Emergency Services
You acknowledge that:
(a) The SMS Services are not Integrated Public Alert and Warning System (IPAWS) eligible systems.
(b) The SMS Services are not intended for use in, or in association with, the operation of any hazardous environments or critical systems. You are solely responsible for liability that may arise in association with such use.
(c) The SMS Services do not support or carry emergency calling or messaging to any emergency services personnel or public safety answering points ("Emergency Services"), such as calls or texts to 911, and may not determine the physical location of your devices or your End Users, which may be required when contacting Emergency Services. You understand and agree that it is your responsibility to: (i) contact and access Emergency Services independently of Customer.io (http://Customer.io); and (ii) inform all End Users of these limitations.
(d) The SMS Services are not replacements for traditional telephone or mobile phone services, including but not limited to calling, texting, or contacting Emergency Services, and do not function as such.
(e) You may not offer or purport to offer any Emergency Services using the SMS Services. "Emergency Services" means services that allow a user to connect with emergency services personnel or public safety answering points, such as 911 or E911 services.
8. INDEMNIFICATION
8.1 Customer Indemnification Obligations
In addition to any indemnification obligations in the Terms of Service, you agree to defend, indemnify, and hold harmless Customer.io (http://Customer.io) and its affiliates, officers, directors, employees, and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including but not limited to attorney's fees) arising from or relating to:
(a) Your breach of any provision of this Addendum;
(b) Your failure to obtain proper Express Written Consent from End Users;
(c) Your failure to honor opt-out requests;
(d) Your violation of any laws, regulations, or industry guidelines related to SMS messaging;
(e) Any content included in your SMS messages; or
(f) Any allegation that your SMS messages constitute spam, contain prohibited content, or otherwise violate any third-party rights.
9. TERM AND TERMINATION
9.1 Suspension of Service
In addition to any termination rights in the Terms of Service, Customer.io (http://Customer.io) reserves the right to immediately suspend your access to the SMS Services, without notice, if:
(a) Customer.io (http://Customer.io) receives complaints from End Users, Mobile Carriers, or regulatory authorities regarding your SMS messages;
(b) Your SMS messages generate abnormally high opt-out rates;
(c) Your SMS messages contain prohibited content or appear to be spam;
(d) You fail to maintain proper 10DLC registration, to the extent applicable; or
(e) Customer.io (http://Customer.io) reasonably believes that your continued use of the SMS Services may result in harm to Customer.io (http://Customer.io), its systems, other customers, or End Users.
9.2 Effect of Termination
Upon termination or expiration of this Addendum or the Terms of Service:
(a) You shall immediately cease sending SMS messages through the SMS Services;
(b) You shall continue to honor opt-out requests received prior to termination;
(c) You shall continue to maintain all required records for the period specified in this Addendum; and
(d) Your indemnification obligations shall survive.
10. CARRIER INFORMATION
10.1 Carrier Fees
Message and data rates may apply to messages sent through our platform. These rates are determined by the recipient's wireless carrier, not by Customer.io (http://Customer.io).
10.2 Supported Carriers
Our SMS Services are supported by major U.S. wireless carriers, including but not limited to AT&T, T-Mobile, Verizon, Sprint, and their affiliates. Delivery to other carriers cannot be guaranteed.
10.3 Carrier Requirements
Wireless carriers may impose additional requirements or restrictions on messages sent through our platform. Customer.io (http://Customer.io) will make reasonable efforts to inform you of any such requirements.
11. GENERAL PROVISIONS
11.1 Modifications
Customer.io (http://Customer.io) reserves the right to modify this Addendum at any time by posting a revised version on its website or by otherwise notifying you. Your continued use of the SMS Services after such notification constitutes your acceptance of the modified Addendum.
11.2 No Legal Advice
Nothing in this Addendum constitutes legal advice. You are responsible for consulting with your own legal counsel to ensure compliance with all applicable laws, regulations, and industry guidelines.
11.3 Severability
If any provision of this Addendum is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Addendum shall otherwise remain in full force and effect.
11.4 Governing Law
This Addendum shall be governed by and construed in accordance with the laws specified in the Terms of Service.
11.5 Entire Agreement
This Addendum, together with the Terms of Service, constitutes the entire agreement between you and Customer.io (http://Customer.io) with respect to the SMS Services and supersedes all prior or contemporaneous communications and proposals, whether oral or written, between you and Customer.io (http://Customer.io) regarding the SMS Services.
Attachment A: Forbidden Use Cases
Forbidden Use Cases
Certain types of messages are not allowed, and we take these restrictions seriously to maintain a safe and reliable messaging environment for all users. It is essential to refrain from engaging in the following activities listed in the table below. Please note that these forbidden use cases are not only related to the content of the message but the business type itself.
Additional Restrictions
Even if your specific use case is not listed as prohibited, certain message content may still be subject to restrictions. For instance, the use of shared or free public URL shorteners is not permitted and will lead to filtering. Ensure that when using a shortened URL it is company branded.
Category | Examples | Notes |
|---|---|---|
High-risk financial services |
| "Third-party" means originating from any party other than the one which will service the loan. Examples of third-party loans could include: auto, mortgage, personal, etc. First party loan content is acceptable if it is not promotional messaging, unless it is on an approved Short Code. Businesses that solely operate in stocks, investing, or cryptocurrency are only permitted to send SMS traffic that is 2FA and/or transactional messaging. If there is a mixed use case where that is a partial aspect of the business it may be approved based on the other use case content |
Third-party lead generation services and marketing |
| Any third-party use cases are strictly forbidden. Consent must be obtained directly from end-users. Political use case customers sending SMS messages are not able to use voter registration databases to collect consent and outreach end-users. Any business with a terms of service or privacy policy that mentions sharing or selling consumer data/opt-in information is considered noncompliant. |
Debt collection or forgiveness |
| "Third-party" means originating from any party other than the one who is owed the debt. For example, a hospital could send messages regarding bills for its own patients, assuming they provided opt-in to receive that messaging. While third party debt collection is not permitted, a debt collection business that has direct consent from end-users to send related content may do so. Debt consolidation, debt reduction and credit repair programs are prohibited regardless if there is first-party consent. |
“Get rich quick” schemes |
| Use cases in this category pertain to minimal effort for maximum and/or guaranteed financial gains. These categories in the telecoms industry produce high consumer complaints and are not permissible on carrier routes. |
Illegal substances/articles |
| Cannabis, CBD, Kratom, or drug paraphernalia product businesses are prohibited from utilizing SMS/MMS messaging on Customer.io in the US and Canada, regardless of content. These restrictions apply regardless of the federal or state legality. All use cases for these are disallowed from sending SMS whether it contains cannabis content or not, even for 2FA purposes it is not permissible for such entities. |
Prescription drugs | Drugs that require a prescription | Offers for drugs that cannot be sold over-the-counter in the US/Canada are forbidden regardless if the business is a licensed professional. |
Gambling |
| Gambling traffic is prohibited in the US and Canada on all number types (Toll Free, Short Code, Long Code). Bingo related messages are allowed on an approved Short Code. Community or local based Bingo related messaging are also permissible on carrier networks. |
"S.H.A.F.T." use cases and electronic smoking devices |
| Alcohol traffic is allowed on Toll Free, Short Code, and Long Code in the US, as long as proper age gating procedures are in place. Age gating means that website users must input their date of birth. It cannot be a yes or no question. Firearms, Vape, and E-cigarettes are not allowed on Short Code, Toll Free, or Long Code regardless of age gating. Tobacco is allowed on Short Code with proper age gating procedures in place, but isn’t allowed on Long Code or Toll Free. Gun advocacy groups/messaging does not fall under Firearms. All age-gated content into Canada must be blocked across Toll Free, Short Code, and Long Code. The only way to send age-gated traffic into Canada (even with proper age-gating) is to receive a special carrier exemption. Allowed age gated content in Canada include: pocket knives, lighters, and non-alcoholic beverages |