Consent Flows: How Users Opt In
A consent flow is the mechanism by which someone explicitly agrees to receive text messages from you. Carriers and regulators require documented, explicit consent before you send marketing or promotional messages. Getting this right is the most common source of campaign rejection.
Why consent matters
Carriers treat undocumented consent as no consent. If a recipient flags your message as spam — or if a reviewer visits your website and can't find a clear opt-in mechanism — your campaign will be flagged. Beyond compliance, good consent practices reduce spam complaints, which directly affects your message deliverability.
Types of opt-in
| Method | Description | When to use |
|---|---|---|
| Web form | User enters phone number on a web page with a visible consent checkbox | Checkout, signup, contact forms |
| Keyword | User texts a keyword (e.g., JOIN) to your number | Physical signage, social media CTA |
| Paper form | User signs a physical form | In-person service businesses |
| Verbal | User provides consent verbally (with your documentation of it) | Call center, in-person interactions |
What makes a consent flow valid
A valid web form consent flow has three components:
- A phone number input — users enter the number they want messages sent to
- An explicit, unchecked checkbox — labeled something like "I agree to receive text messages from Acme Corp"
- Required disclosures shown near the checkbox (see Required Disclosures)
The critical point: SMS consent must be separate from general terms acceptance. You cannot use "I agree to the terms of service" as your consent mechanism for text messages. Carriers require an explicit, optional opt-in.
Writing your consent_flow description
The consent_flow field in your campaign registration is a plain-English description of your opt-in mechanism. It should be specific enough that a reviewer could find the opt-in on your website and verify it matches your description.
What to include:
- Where the opt-in happens (URL, form type)
- The exact wording of the checkbox or prompt
- Whether the checkbox is pre-checked or unchecked by default (must be unchecked)
- What disclosures are shown and where
A vague description like "users opt in on our website" will be rejected. A specific description like the example below passes review:
"Users enter their phone number during the account signup process at acme.com/signup. An unchecked checkbox labeled 'I agree to receive text messages from Acme Corp about my account' appears below the phone number field. The following disclosures appear immediately beneath the checkbox: 'Message frequency varies. Msg&data rates apply. Reply STOP to opt out. View our Privacy Policy at acme.com/privacy.'"
Keyword opt-in
For keyword-based opt-ins, the consent flow description should explain where the keyword appears (physical sign, website, etc.) and what the keyword is.
"Users text JOIN to +18015559876 after seeing our in-store signage. The sign reads: 'Text JOIN to +18015559876 to receive exclusive deals from Acme Corp. Message frequency varies. Msg&data rates apply. Reply STOP to opt out.'"
Double opt-in
Some high-stakes use cases (medical, financial) benefit from double opt-in, where after the user submits their number, they receive a confirmation text asking them to reply YES. This creates an additional record of consent. It's not required by TCR but can reduce disputes.
What happens when someone opts out
When a contact texts STOP, Surge records the opt-out and fires a contact.opted_out webhook event. Sending to an opted-out contact returns an opted_out error. You cannot legally re-subscribe someone who has opted out without their explicit new consent (typically by having them text START).
The HELP and START keywords are handled automatically by Surge. When a contact texts HELP, they receive a help message configured on the phone number. When they text START, they're re-subscribed.