# Opt-in, privacy policy, and terms of service
<a name="rcs-compliance-optin"></a>

Your call-to-action (CTA) or web opt-in URL must demonstrate how users consent to receive RCS messages from your agent. Your privacy policy and terms of service URLs are also checked during the review process.

## Required elements on your CTA page
<a name="rcs-compliance-optin-elements"></a>

Your opt-in page or call-to-action screenshot must include ALL of the following:

1. **Your registered/DBA brand name** — The brand name on the CTA must match the brand name in your registration.

1. **HELP instructions** — Tell users how to get help (for example, "Reply HELP for assistance").

1. **STOP instructions** — Tell users how to opt out (for example, "Reply STOP to unsubscribe").

1. **Message frequency disclosure** — State how often users will receive messages (for example, "Up to 4 messages per month").

1. **Message and data rates disclosure** — Include "Message and data rates may apply" or equivalent.

1. **Link to Terms and Conditions** — A working link to your terms of service.

1. **Link to Privacy Policy** — A working link to your privacy policy.

## Opt-in confirmation message
<a name="rcs-compliance-optin-confirmation"></a>

When a user opts in, the confirmation message (first message sent to the user) must contain your registered/DBA brand name. Generic confirmation messages without the brand name are denied.

**Compliant:** "Welcome to ExampleBrand alerts\! You'll receive order updates and promotions. Reply HELP for help, STOP to cancel."

**Non-compliant:** "You are now subscribed. Reply STOP to unsubscribe." — Missing brand name.

## CTA URL requirements
<a name="rcs-compliance-optin-url"></a>
+ The URL must be publicly accessible (no login required to view).
+ The URL must be on your brand's website (not a third-party form builder with no brand association).
+ The page must be live and functional at the time of review.

## Privacy policy and terms of service requirements
<a name="rcs-compliance-privacy"></a>
+ Both URLs must be publicly accessible (no authentication, no paywall).
+ The privacy policy must cover how user data is collected, used, and shared in the context of messaging.
+ The terms of service must include messaging-specific terms (opt-out rights, message frequency, data rates).
+ URLs must be functional at the time of review. Inaccessible URLs result in immediate denial.