Question 1

How does TextConvo handle TCPA compliance?

Accepted Answer

TextConvo is built to help senders meet their obligations under the Telephone Consumer Protection Act (TCPA). The platform captures and timestamps express consent, stores the source and language of the consent record, suppresses messages to numbers that have not opted in or have opted out, and enforces quiet hours and frequency caps. Final TCPA compliance always depends on how a business uses the platform — TextConvo provides the tooling and audit trail to help, but each sender is responsible for their consent practices and disclosures.

Question 2

Does TextConvo follow the CTIA Messaging Principles and Best Practices?

Accepted Answer

Yes. TextConvo's defaults are aligned with the CTIA Messaging Principles and Best Practices, including required HELP and STOP keyword handling, opt-out confirmation, prohibitions on certain content categories (SHAFT — sex, hate, alcohol, firearms, tobacco — gated by carrier policy), and restrictions on URL shorteners that obscure destination domains. These are enforced at the platform level rather than left to operator memory.

Question 3

What is 10DLC and how does TextConvo support it?

Accepted Answer

10DLC (10-Digit Long Code) is the US carrier framework for sanctioned application-to-person SMS sent from 10-digit phone numbers. Brands and campaigns must be registered with The Campaign Registry (TCR) to qualify for production throughput and avoid filtering. TextConvo guides customers through brand registration, campaign use-case selection, sample message review, and ongoing maintenance, and provisions numbers within registered campaigns so traffic remains compliant with carrier policy.

Question 4

Is TextConvo compliant with HIPAA, GDPR, or SOC 2?

Accepted Answer

By default, do not claim certifications that are not actively in place. TextConvo is designed with privacy and access controls that can support enterprise security reviews; specific framework attestations are handled as part of customer onboarding and security review processes.

Question 5

How does TextConvo capture and prove express written consent?

Accepted Answer

Every consent event is stored as an immutable record that includes the contact identifier, the disclosure language presented, the source (web form, point of sale, API import, etc.), the timestamp, and the IP address or originating system where applicable. Records can be exported on demand for legal review, regulator inquiries, or platform migration.

Question 6

What happens when someone replies STOP, UNSUBSCRIBE, or another opt-out keyword?

Accepted Answer

STOP, END, QUIT, CANCEL, UNSUBSCRIBE and equivalent keywords are processed automatically and at the platform level — there is no way for a campaign or operator to override them. The contact is added to a universal suppression list, a confirmation message is sent in line with carrier requirements, and any in-flight messages targeting that contact are cancelled. HELP and INFO keywords trigger a configurable response with sender identity and support contact information.

Question 7

Does TextConvo enforce quiet hours and message-frequency limits?

Accepted Answer

Yes. Sending windows are enforced per recipient time zone, with safe defaults aligned to TCPA's 8 AM–9 PM local-time guidance. Daily and weekly frequency caps can be set globally or per audience segment to prevent fatigue and reduce spam complaints. These guardrails sit in the sending pipeline, so they apply uniformly to every channel and every campaign.

Question 8

How does TextConvo encrypt customer data?

Accepted Answer

Data in transit is encrypted using industry-standard TLS for every API call, webhook delivery, and user-facing connection. Data at rest is encrypted in our managed database and object storage layers using provider-managed encryption keys.

Question 9

Where is TextConvo customer data stored?

Accepted Answer

Customer data is stored in cloud infrastructure operated in the United States by default.

Question 10

Who at TextConvo can access my customer data?

Accepted Answer

Production data access is restricted to a limited set of TextConvo personnel with a documented operational need, governed by role-based access controls and least-privilege principles. Administrative actions on customer data are logged. Customers control who in their own organization has access through roles inside the TextConvo dashboard.

Question 11

How does TextConvo respond to security incidents?

Accepted Answer

TextConvo follows a documented incident-response process: detect, contain, investigate, remediate, and notify. Customers affected by a confirmed security incident impacting their data are notified without undue delay, with the information needed to meet their own regulatory obligations.

Question 12

How long does TextConvo retain conversation and consent data?

Accepted Answer

Conversation logs and consent records are retained for the lifetime of the customer's account by default so they remain available for audit and dispute resolution. Customers can configure shorter retention windows or request deletion of specific records. Suppression entries (opt-outs) are retained indefinitely so previously-opted-out contacts cannot be re-messaged after data deletion.

Question 13

How does TextConvo align with carrier policies?

Accepted Answer

TextConvo provisions numbers and routes traffic through registered, brand-vetted campaigns that match each customer's actual messaging use case. Sample messages are reviewed against carrier content policies, and new use cases are routed through the right registration path before sending. When carriers update their rules, the platform's defaults are updated centrally so customers do not need to hand-patch every campaign.

Question 14

How does TextConvo handle audit logs and compliance reporting?

Accepted Answer

Every consent capture, opt-out, send, delivery receipt, inbound reply, and AI-driven decision is logged with a timestamp and stored in an exportable audit trail. Customers can pull reports for internal compliance reviews, regulator requests, or carrier escalations. Audit data is preserved with the same retention guarantees as conversation history.

Built for Trust. Designed for Compliance.

Compliance capabilities, built-in

Consent & Opt-In Management

STOP / HELP Handling

Quiet Hours & Frequency Controls

Audit Logs

Data Protection

TCPA Support

Built for trust. Aligned with industry standards.

Compliance, in plain English