SMS Consent Framework

Documentation for SMS compliance review · Last updated April 30, 2026

Overview

TrustOtter is a B2B2C review management platform serving local businesses in the United States. Local businesses (“Clients”) use TrustOtter to request Google reviews from their own customers (“End Customers”) via SMS. TrustOtter does not collect End Customer phone numbers directly — all End Customer contact information is collected by the Client and uploaded to TrustOtter for the purpose of sending review request communications on the Client’s behalf.

This document describes the four-layer consent framework that ensures every End Customer who receives a TrustOtter-delivered SMS has provided express written consent to the Client business, in compliance with the Telephone Consumer Protection Act (TCPA).

Layer 1 — Contractual Obligation in Terms of Service

Every TrustOtter Client agrees to the Terms of Service at signup. The ToS contains enforceable obligations on the Client to obtain TCPA-compliant express written consent from every End Customer prior to upload, including:

Section 4 — Client Responsibilities & Consent: requires express written consent, consent documentation, opt-out handling, and lawful data use.
Section 13 — Indemnification: makes the Client solely responsible for any consent failures and requires the Client to indemnify TrustOtter for any TCPA, CAN-SPAM, or similar regulatory claims arising from non-consented communications.

Layer 2 — Explicit Attestation at Client Onboarding

Before any Client can upload contacts or send their first SMS through TrustOtter, they must complete a consent attestation step in the onboarding flow. This is a hard gate — no upload functionality is enabled until the attestation is complete. TrustOtter stores a timestamped record of every attestation.

The attestation step appears as follows:

ONBOARDING — STEP 3 OF 4

Confirm SMS Consent for Your Customers

Before TrustOtter sends SMS messages on your behalf, U.S. law (TCPA) requires that each recipient has provided express written consent to receive text messages from your business. Please confirm the following:

I confirm that every phone number I upload to TrustOtter belongs to an End Customer who has provided express written consent to my business to receive SMS messages, including review requests.
REQUIRED

I will not upload phone numbers obtained solely from email-only opt-ins, purchased lists, or any source where the End Customer did not specifically agree to receive SMS messages from my business.
REQUIRED

I will maintain records of consent for each End Customer (date, method, and language of opt-in) and will provide them to TrustOtter promptly upon request, including in connection with any complaint, regulatory inquiry, or carrier audit.
REQUIRED

I have read and agree to the TrustOtter Terms of Service, including Section 4 (Client Responsibilities) and Section 13 (Indemnification), and I accept sole responsibility for TCPA compliance for all communications sent on my behalf through TrustOtter.
REQUIRED

Confirm & Continue

What TrustOtter stores: the Client’s account ID, IP address, timestamp, version of ToS accepted, and a record of each checkbox confirmation. This record is retained indefinitely as evidence of the Client’s representation.

Layer 3 — Consent Capture Templates Provided to Clients

To make compliant consent collection easy, TrustOtter provides Clients with copy-paste consent language and template forms suitable for the Client’s collection method. The following capture methods are documented in TrustOtter’s onboarding materials as acceptable:

Capture Method	How Clients Use It
Point-of-sale intake form (paper)	Client adds the SMS consent checkbox to their existing customer intake form. Customer signs and dates. Client retains the signed form as consent record.
Online booking / checkout form (digital)	Client adds the SMS consent checkbox to their booking, scheduling, or checkout flow. The customer’s opt-in is logged with timestamp in the Client’s booking system.
Post-service confirmation	For service businesses (auto repair, home services), Client presents the consent checkbox at service completion alongside the invoice or receipt signature.
Email re-permission campaign	For Clients with existing email-only lists, TrustOtter recommends sending a re-permission email asking subscribers to confirm SMS opt-in via a confirmation link, before any number from those lists is uploaded.

The standard consent language TrustOtter provides to Clients reads as follows (Client substitutes their business name where indicated):

TrustOtter Standard SMS Consent Language

Name:

Phone Number:

The template includes all five elements required for TCPA-compliant express written consent:

The identity of the business sending the messages.
The type and purpose of messages (review request, post-service).
Message frequency disclosure.
“Msg & data rates may apply” disclosure.
Clear opt-out (STOP) and help (HELP) instructions, plus a link to full SMS terms.

The checkbox is unchecked by default; affirmative action is required to opt in.

Layer 4 — Platform-Level Opt-Out and Complaint Monitoring

TrustOtter operates several platform-level safeguards independent of Client behavior:

Automatic STOP suppression

When any End Customer replies STOP to a TrustOtter-delivered message, that phone number is immediately and permanently suppressed across the entire TrustOtter platform. The number cannot be re-contacted by any Client, even if a different Client subsequently uploads it. This suppression list is global to TrustOtter, not per-Client.

Standard reply handling

TrustOtter recognizes and honors the standard opt-out keywords (STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) and the standard help keyword (HELP), per CTIA short-code monitoring guidelines.

Complaint-rate monitoring

TrustOtter monitors per-Client metrics including STOP rate, spam-flag rate, and undeliverable rate. Clients whose metrics exceed industry thresholds are flagged for review and may be paused or terminated. Repeated indications that a Client is uploading non-consented contacts will result in account termination per Section 10 of the Terms of Service.

Single review request per transaction

By default, TrustOtter sends one review request per End Customer per transaction, with a 30-day cooldown before any follow-up is sent. This minimizes message volume and reduces the risk of complaint escalation.

Sample Outbound Message

Every SMS delivered through TrustOtter clearly identifies the sending business by name and includes opt-out instructions. A representative message reads:

Hi [NAME], it’s [BUSINESS NAME]. Thanks for stopping by! If you have a minute, we’d love a quick Google review: [LINK]. Msg & data rates may apply. Reply STOP to opt out, HELP for help.

Summary

TrustOtter’s SMS consent framework rests on four reinforcing layers: contractual obligations in the ToS, explicit and recorded Client attestation at onboarding, copy-paste consent templates that make compliant collection easy for Clients, and platform-level safeguards including automatic STOP suppression and complaint-rate monitoring. Together, these layers provide reasonable assurance that End Customers receiving SMS messages through TrustOtter have provided the express written consent required by the TCPA.