Skip to main content

TCPA and Messaging Compliance Addendum

Last Updated: January 22, 2026

1. Definitions

For purposes of this Addendum, the following terms have the meanings set forth below. Capitalized terms not defined herein have the meanings given in the Terms of Service.

"ATDS" or "Automatic Telephone Dialing System" means equipment which has the capacity to store or produce telephone numbers to be called using a random or sequential number generator and to dial such numbers. Under current FCC interpretation, equipment that dials numbers from a stored list may also qualify as an ATDS. You acknowledge the legal definition remains subject to ongoing litigation and regulatory interpretation.
"Do Not Call Registry" means the National Do Not Call Registry maintained by the Federal Trade Commission, state-level do-not-call registries, and any internal do-not-call list maintained by You.
"Established Business Relationship" or "EBR" means a relationship based on: (a) a transaction between You and the consumer within the preceding eighteen (18) months; or (b) an inquiry or application from the consumer regarding Your products or services within the preceding three (3) months.
"Marketing Message" means any message whose primary purpose is to advertise, promote, or market products or services, including messages that contain promotional content even if they also include transactional information.
"Prior Express Consent" means consent given by a person to receive calls or messages that is not in writing. This level of consent is sufficient only for non-marketing, transactional, or informational messages.
"Prior Express Written Consent" means an agreement, in writing, bearing the signature of the person called that clearly authorizes the caller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice. The written agreement must include a clear and conspicuous disclosure informing the person signing that by executing the agreement, they authorize the caller to deliver or cause to be delivered to the signatory telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice and that the signatory is not required to sign the agreement as a condition of purchasing any property, goods, or services.
"TCPA" means the Telephone Consumer Protection Act of 1991, as amended, codified at 47 U.S.C. § 227, together with any implementing rules and regulations adopted by the Federal Communications Commission ("FCC"), and any applicable state laws with similar or additional requirements.
"Telemarketing" means the initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services.
"Transactional Message" means a message whose primary purpose is to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender, or to provide warranty information, product recall information, safety information, or security alerts.

2. Consent Requirements by Message Type

The level of consent required depends on the type of message You send. You are solely responsible for determining the appropriate consent level for each message and for obtaining such consent before sending any message through the Platform.

2.1 Marketing and Promotional Messages

Required Consent Level: Prior Express Written Consent

Marketing messages require the highest level of consent. This includes but is not limited to:

  • Initial outreach to potential customers
  • Promotional offers, discounts, or special deals
  • Messages encouraging purchase of products or services
  • Open enrollment reminders with promotional content
  • Re-engagement campaigns to dormant leads or customers
  • Any message with a telemarketing purpose
CRITICAL: The Platform's AI-generated messages are, by their nature, designed to encourage appointment booking and facilitate sales conversations. These are considered marketing/telemarketing messages requiring Prior Express Written Consent.

2.2 Transactional Messages

Required Consent Level: Prior Express Consent (may be oral or implied)

Transactional messages relate to an existing transaction or relationship and include:

  • Appointment confirmations and reminders for scheduled calls
  • Policy enrollment status updates
  • Document request notifications
  • Service-related updates
  • Account or billing notifications

Important: If a transactional message contains any marketing content, promotional language, or call-to-action for additional services, the entire message is treated as a marketing message requiring Prior Express Written Consent.

2.3 Informational Messages

Required Consent Level: Prior Express Consent or Implied Consent (varies by context)

Purely informational messages may be permissible with implied consent in limited circumstances, such as:

  • Emergency notifications
  • Legally required disclosures
  • Responses to consumer-initiated inquiries

However, if You are uncertain whether a message qualifies as purely informational, You should obtain Prior Express Written Consent to avoid liability.

2.4 Consent Requirement Summary Table

Message Type Consent Required Can Be Verbal? Requires Signature?
Marketing / Telemarketing Prior Express Written Consent No Yes (electronic OK)
Initial Outbound (Cold/Warm Leads) Prior Express Written Consent No Yes (electronic OK)
Appointment Reminders (existing) Prior Express Consent Yes No
Transactional Updates Prior Express Consent Yes No
Response to Inquiry Implied from Inquiry N/A No

3. Consent Documentation Requirements

You must maintain comprehensive records of consent for every contact You message through the Platform. In the event of a TCPA claim or carrier audit, You bear the burden of proving valid consent existed at the time of messaging.

3.1 Required Data Elements

For each consent record, You must capture and retain at minimum:

  • Timestamp: Exact date and time consent was obtained (including timezone)
  • Phone Number: The specific phone number for which consent was given
  • Consent Language: The exact disclosure language presented to the consumer at the time of consent
  • Checkbox/Signature State: Evidence that the consumer affirmatively opted in (unchecked-to-checked state change, signature, etc.)
  • IP Address: For web form submissions, the IP address of the submitter
  • User Agent: Browser and device information (where available)
  • Referring URL: The page URL where consent was obtained
  • Lead Source: Whether consent was obtained directly by You or through a third-party lead vendor
  • Consumer Identity: Name and any other identifying information collected

3.2 Retention Period

RECOMMENDED RETENTION: Minimum Five (5) Years
The TCPA statute of limitations is four (4) years from the date of the alleged violation. We strongly recommend retaining consent records for a minimum of five (5) years from the date of the last message sent to that contact. Some state laws may require longer retention.

3.3 Format Requirements

Consent records must be:

  • Stored in a format that is easily producible in litigation or regulatory proceedings
  • Searchable by phone number
  • Capable of being exported with complete metadata
  • Protected against tampering or alteration
  • Backed up and recoverable in the event of data loss

3.4 OAK's Role in Consent Documentation

OAK does not collect, verify, or store Your consent records. You are solely responsible for maintaining Your own consent documentation. If a carrier, regulator, or plaintiff requests proof of consent for any message sent through the Platform, You must be able to produce such proof independently.

4. Online Lead Form Requirements

If You collect leads through web forms (including forms hosted on OAK subdomains), those forms must comply with the following requirements to establish valid Prior Express Written Consent.

4.1 Clear and Conspicuous Disclosure

The consent disclosure must be:

  • Visually Prominent: Displayed in a font size no smaller than the surrounding text, in a contrasting color, and positioned immediately adjacent to the consent checkbox
  • Readable: Written in plain language that an ordinary consumer can understand
  • Complete: Include all required elements (see Section 4.3 below)
  • Visible Without Scrolling: Not buried in a scrollable text box or behind a hyperlink alone

4.2 No Pre-Checked Boxes

PROHIBITION: Consent checkboxes must NOT be pre-checked. The consumer must take an affirmative action (checking an unchecked box) to provide consent. Pre-checked boxes do not establish valid consent under the TCPA.

4.3 Required Disclosure Elements

A compliant consent disclosure must include:

  1. Identification of the specific business(es) that will send messages
  2. Clear statement that by providing consent, the consumer agrees to receive marketing/telemarketing messages
  3. Statement that an automatic telephone dialing system and/or artificial or prerecorded voices may be used
  4. Statement that consent is not a condition of purchase
  5. Disclosure of message frequency (e.g., "Message frequency varies")
  6. Disclosure that message and data rates may apply
  7. Instructions for opting out (e.g., "Reply STOP to opt out")
  8. Instructions for obtaining help (e.g., "Reply HELP for help")

4.4 One-to-One Consent Principle

Consent must be specific to Your business. Under FCC rules and recent enforcement trends:

  • Consent obtained by one business cannot be transferred to or shared with another business without explicit authorization
  • Each business receiving leads must be specifically named in the consent disclosure, or the consumer must separately consent to each business
  • "Lead generation" consent that authorizes sharing with unlimited third parties is increasingly challenged and may not be valid

4.5 Separate Consent for Separate Purposes

If You collect consent for multiple purposes (e.g., marketing texts, transactional emails, phone calls), best practice is to use separate consent mechanisms for each. At minimum, the consent language must clearly identify all purposes and communication channels being authorized.

5. Third-Party Lead Requirements

If You purchase, receive, or otherwise obtain leads from third-party vendors, You assume significant legal risk. You are fully responsible for ensuring valid consent exists for every lead You message, regardless of what a lead vendor represents.

5.1 Vendor Due Diligence Obligations

Before purchasing or messaging third-party leads, You must:

  • Review the lead vendor's consent collection practices
  • Obtain a copy of the exact consent language shown to consumers
  • Verify Your business name appears in the consent disclosure or that consent is properly transferable
  • Confirm the vendor maintains adequate consent records
  • Assess the vendor's compliance history and reputation
  • Obtain contractual representations and indemnification from the vendor

5.2 Consent Transfer Validity

Consent may be transferable only if:

  • Your specific business name was disclosed at the time of consent, OR
  • The consumer authorized sharing with identified categories of businesses and You fit within that category, AND
  • The consent language clearly informed the consumer that their information would be shared

Generic consent to receive calls from "marketing partners" or "third parties" without specific identification is increasingly insufficient under current FCC guidance and court decisions.

5.3 Proof of Consent Demands

You should contractually require lead vendors to:

  • Provide proof of consent within twenty-four (24) hours upon request
  • Maintain consent records for at least five (5) years
  • Certify that consent was obtained in compliance with all applicable laws
  • Indemnify You for any TCPA claims arising from invalid consent

5.4 Lead Age Limitations

RECOMMENDATION: 90-Day Maximum Lead Age
Consent degrades over time. Consumers forget they opted in, circumstances change, and phone numbers are reassigned. We strongly recommend against messaging any lead older than ninety (90) days from the date of consent. Messaging older leads significantly increases opt-out rates, complaint rates, and litigation risk.

5.5 Liability Acknowledgment

By using the Platform to message third-party leads, You acknowledge and agree that:

  • OAK has no knowledge of, and makes no representations regarding, the validity of consent for any third-party leads
  • OAK is not responsible for the practices of any lead vendor
  • You bear sole responsibility for any TCPA or carrier violations arising from third-party leads
  • Your indemnification obligations under the Terms of Service expressly cover claims arising from third-party leads

6. Opt-Out Handling

Proper handling of opt-out requests is both a legal requirement and critical to maintaining carrier compliance. Failure to honor opt-outs can result in carrier penalties, account suspension, and TCPA liability.

6.1 Universal Opt-Out Keywords

You must honor opt-out requests received via any of the following keywords (case-insensitive):

  • STOP
  • END
  • CANCEL
  • UNSUBSCRIBE
  • QUIT

Additionally, any clear expression of desire to stop receiving messages should be treated as an opt-out, including but not limited to: "stop texting me," "remove me from your list," "don't contact me again," or similar phrases.

6.2 Processing Timeframe

REQUIREMENT: Immediate Processing
Opt-out requests must be processed immediately. No further messages may be sent after an opt-out is received, except for a single confirmation message (see Section 6.3). The regulatory maximum is ten (10) business days, but best practice and carrier expectations require immediate processing.

6.3 Confirmation Message Requirements

Upon receiving an opt-out, You may send one (1) final confirmation message that:

  • Confirms the opt-out has been processed
  • Contains no marketing or promotional content whatsoever
  • Does not attempt to retain the customer or change their mind
  • Does not include any links (except legally required disclosures)

Example: "You have been unsubscribed and will not receive further messages from [Business Name]."

6.4 Internal Do-Not-Contact List Maintenance

You must maintain an internal do-not-contact ("DNC") list containing all phone numbers that have opted out. This list must be:

  • Checked before sending any message
  • Updated in real-time upon opt-out receipt
  • Retained indefinitely (opt-outs never expire)
  • Scrubbed against before any bulk upload or campaign

6.5 Re-Consent Requirements

Once a consumer has opted out, You may not message them again unless and until:

  • The consumer provides new, affirmative consent to receive messages
  • The new consent is documented in compliance with Section 3
  • The consumer's previous opt-out is noted in Your records

A consumer cannot be "re-added" to a list simply because time has passed or because they appear on a new lead list.

7. Do Not Call Compliance

In addition to opt-out requirements specific to text messaging, You must comply with Do Not Call regulations for any voice calls made through the Platform.

7.1 National Do Not Call Registry

Before making telemarketing calls, You must:

  • Access and scrub against the National Do Not Call Registry
  • Update Your scrub files at least every thirty-one (31) days
  • Maintain records of Your scrub dates and procedures

7.2 State Do Not Call Registries

Many states maintain their own do-not-call registries with separate registration and scrub requirements. You are responsible for identifying and complying with all applicable state registries for the states in which Your contacts reside.

7.3 Internal Do Not Call List

You must maintain Your own internal do-not-call list of consumers who have requested not to be called. This list must be honored regardless of whether the number appears on the National Registry.

7.4 Established Business Relationship Exemption

The National DNC Registry rules include an exemption for Established Business Relationships. You may call a consumer with whom You have an EBR without checking the Registry, subject to the following limitations:

  • Transaction-Based EBR: Expires eighteen (18) months from the date of the last transaction
  • Inquiry-Based EBR: Expires three (3) months from the date of the inquiry

The EBR exemption does not override a consumer's specific request not to be called (internal DNC list).

7.5 State Law Variations

Several states have stricter DNC rules, including shorter EBR periods, additional registration requirements, or narrower exemptions. You are responsible for compliance with all applicable state laws.

8. Time Restrictions

8.1 Federal Time Restrictions

Under federal law, telemarketing calls and messages may not be made:

  • Before 8:00 AM in the recipient's local time zone
  • After 9:00 PM in the recipient's local time zone

Important: Time restrictions are based on the recipient's local time, not Your local time. You must track recipient time zones and schedule messages accordingly.

8.2 State Time Restrictions

Some states have stricter time restrictions:

State Permitted Hours
Florida 8:00 AM - 8:00 PM (stricter PM limit)
Oklahoma 8:00 AM - 8:00 PM (stricter PM limit)
Other States May have additional restrictions - verify before messaging

8.3 User Responsibility

You are solely responsible for configuring and monitoring message timing to comply with all applicable time restrictions. OAK does not automatically enforce time restrictions on Your behalf.

9. Carrier Compliance and Sev-0 Violations

Wireless carriers (including but not limited to T-Mobile, AT&T, and Verizon) enforce their own messaging policies through the 10DLC (10-Digit Long Code) ecosystem. Violations of carrier policies can result in significant fines, message filtering, and campaign suspension.

9.1 T-Mobile Sev-0 Violation Categories

T-Mobile classifies certain messaging behaviors as "Sev-0" (Severity-Zero) violations, which are the most serious category. Sev-0 violations include but are not limited to:

  • Phishing or Smishing: Messages designed to fraudulently obtain personal information
  • SHAFT Violations: Sex, Hate, Alcohol, Firearms, Tobacco content
  • Illegal Content: Messages promoting illegal activities
  • Failure to Honor Opt-Outs: Continuing to message after opt-out
  • Misleading Content: Deceptive sender identification or content
  • Consent Violations: Messaging without proper consent

9.2 Carrier Fine Structure

Carriers may impose fines for messaging policy violations. The following represents T-Mobile's published fine structure as of the date of this Addendum (subject to change):

Tier Fine Amount Violation Types
Tier 1 (Most Severe) $2,000 per violation Phishing, SHAFT content, illegal content
Tier 2 $1,000 per violation Opt-out failures, consent violations
Tier 3 $500 per violation Content violations, disclosure failures

Important: Fines are assessed per violation, which may mean per-message in bulk messaging scenarios. A single non-compliant campaign could result in thousands of dollars in fines if multiple messages violate carrier policies. For example, sending 100 messages with prohibited content could result in $50,000 in Tier 3 fines ($500 × 100 messages).

FINE PASS-THROUGH: Pursuant to the Terms of Service, all carrier fines assessed against OAK as a result of Your messaging activities will be passed through to You in full, plus any associated administrative costs. You authorize OAK to charge such fines to Your payment method on file.

9.3 Root Cause Analysis (RCA) Requirement

When a Sev-0 violation is identified, carriers typically require a Root Cause Analysis within twenty-four (24) hours. You must:

  • Respond promptly to any RCA request from OAK
  • Provide detailed information about the message, campaign, and consent
  • Identify corrective actions taken to prevent recurrence
  • Cooperate fully with the investigation

Failure to provide a timely and adequate RCA may result in immediate account suspension.

9.4 Opt-In Proof Requirement

Upon carrier request, You must provide proof of consent within two (2) business days. This proof must include all elements specified in Section 3.1. Failure to provide adequate proof of consent may result in immediate account suspension and campaign termination.

9.5 Account Suspension Consequences

If Your account or campaign is suspended due to carrier action:

  • All messaging will immediately cease
  • No refunds will be provided for any prepaid fees or unused credits
  • Restoration of service is not guaranteed and is subject to carrier approval
  • You remain liable for all fees incurred prior to suspension
  • Additional fees may apply for investigation and remediation

10. 10DLC Registration Requirements

Messaging through the Platform requires registration with The Campaign Registry (TCR) under the 10DLC framework. This section outlines Your obligations related to registration.

10.1 Brand Registration

You must provide accurate and complete information for Brand registration, including:

  • Legal business name (must match IRS records exactly)
  • Employer Identification Number (EIN)
  • Business address
  • Business type and industry
  • Authorized representative information
  • Website URL

Providing false or misleading information in Brand registration is a serious violation that may result in immediate termination and carrier blacklisting.

10.2 Campaign Registration

Each Campaign (use case) must be accurately registered with:

  • Accurate description of message content and purpose
  • Sample messages that represent actual messages to be sent
  • Accurate consent flow description
  • Appropriate use case classification

10.3 Use Case Restrictions

Your registered use case limits the types of messages You may send. Sending messages outside Your registered use case is a violation that may result in:

  • Campaign suspension or termination
  • Carrier fines
  • Throughput reduction
  • Account termination

10.4 Throughput Limitations

10DLC registration includes throughput (message volume) limitations based on Your Brand trust score and Campaign type. You acknowledge that:

  • Throughput limitations are set by carriers and TCR, not OAK
  • Exceeding throughput limits may result in message filtering or delays
  • New campaigns require a ramp-up period before reaching full throughput
  • Throughput may be reduced in response to compliance issues

10.5 Registration Maintenance

You are responsible for keeping Your registration information current. You must notify OAK within seven (7) days of any changes to:

  • Legal business name or structure
  • EIN
  • Business address
  • Website URL
  • Authorized representative

11. State Mini-TCPA Acknowledgment

In addition to the federal TCPA, many states have enacted their own telemarketing and text messaging regulations ("Mini-TCPAs") that may impose additional requirements. You are responsible for compliance with all applicable state laws.

11.1 Florida Telephone Solicitation Act

Florida law (Fla. Stat. § 501.059) includes provisions that:

  • Require registration for telephonic solicitation
  • Impose stricter calling hours (8:00 AM - 8:00 PM)
  • Require specific disclosures
  • Provide for private right of action with statutory damages

11.2 California Restrictions

California law includes:

  • The California Consumer Privacy Act (CCPA) data rights
  • Restrictions on automatic dialing systems
  • Enhanced opt-out requirements
  • Disclosure requirements for automated messages

11.3 Washington Automatic Dialing Restrictions

Washington law (RCW 80.36.400) restricts the use of automatic dialing and announcing devices and requires prior consent.

11.4 Other State Requirements

States including but not limited to Connecticut, Georgia, Illinois, Indiana, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, and Virginia have their own telemarketing regulations. You must independently research and comply with all applicable state laws for the states in which Your contacts reside.

NOTICE: OAK does not provide legal advice regarding state-specific compliance. You should consult with qualified legal counsel to understand Your obligations under applicable state laws.

12. Record-Keeping Requirements

Comprehensive record-keeping is essential for legal defense and carrier compliance. You must maintain the following records:

12.1 Consent Records

Retention: Minimum five (5) years from last message sent

  • All elements specified in Section 3.1
  • Evidence of affirmative consent action
  • Complete consent language shown at time of opt-in

12.2 Opt-Out Records

Retention: Indefinite (opt-outs never expire)

  • Phone number that opted out
  • Date and time of opt-out
  • Method of opt-out (keyword, verbal, etc.)
  • Confirmation that opt-out was processed

12.3 Message Logs

Retention: Minimum four (4) years

  • Content of each message sent
  • Date and time of each message
  • Recipient phone number
  • Delivery status
  • Campaign or sequence identifier

12.4 Do Not Call List Maintenance Records

Retention: Five (5) years

  • Dates of National DNC Registry scrubs
  • Procedures used for scrubbing
  • Records of internal DNC list updates

12.5 Third-Party Lead Documentation

Retention: Five (5) years

  • Lead vendor contracts
  • Vendor consent certifications
  • Copies of consent language used by vendors
  • Proofs of consent obtained from vendors

13. User Representations and Warranties

By using the Platform to send messages, You represent and warrant that:

  1. Valid Consent: You have obtained valid Prior Express Written Consent from each recipient before sending any marketing message, and such consent complies with all requirements of the TCPA and applicable state laws.
  2. Consent Documentation: You have documented all consents in accordance with Section 3 and can produce proof of consent for any recipient within two (2) business days upon request.
  3. Opt-Out Compliance: You will honor all opt-out requests immediately and maintain accurate do-not-contact lists.
  4. Time Restrictions: You will comply with all federal and state time restrictions for the states in which Your recipients reside.
  5. DNC Compliance: You have scrubbed Your contact lists against the National Do Not Call Registry (where applicable) and all applicable state registries, and You maintain an internal do-not-call list.
  6. Message Content: All messages sent through the Platform comply with carrier content policies, include required disclosures, and do not contain prohibited content.
  7. 10DLC Accuracy: All information provided for Brand and Campaign registration is accurate and complete, and Your messaging activities fall within Your registered use case.
  8. Third-Party Leads: For any third-party leads, You have conducted appropriate due diligence and have adequate documentation of consent validity.
  9. Record-Keeping: You maintain all records required by Section 12 and will produce such records upon request.
  10. Insurance Industry Compliance: If You are a licensed insurance professional, Your use of the Platform complies with all applicable insurance regulations, including disclosure requirements.

14. Indemnification

READ CAREFULLY: This section creates significant legal obligations that survive termination of Your account.

14.1 TCPA Indemnification

You agree to indemnify, defend, and hold harmless OAK, its affiliates, officers, directors, employees, agents, licensors, and suppliers from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees and costs) arising out of or related to:

  • Any claim that You sent messages without valid consent
  • Any TCPA or state mini-TCPA claim related to Your messaging activities
  • Any claim arising from third-party leads You messaged
  • Any class action, mass action, or consolidated claim related to Your messaging
  • Any FCC, FTC, or state attorney general investigation or enforcement action related to Your messaging

14.2 Carrier Fine Indemnification

You agree to indemnify OAK for all carrier fines, penalties, fees, and associated costs arising from Your messaging activities, including but not limited to:

  • T-Mobile Sev-0 violation fines
  • AT&T, Verizon, or other carrier fines
  • TCR registration fees or penalties
  • Costs associated with RCA preparation and submission
  • Costs associated with reinstatement attempts

14.3 Defense and Settlement

OAK may, in its sole discretion, assume exclusive control of the defense and settlement of any claim subject to indemnification. You agree to cooperate fully with OAK in the defense of any such claim. You may not settle any claim without OAK's prior written consent if such settlement would impose any liability or obligation on OAK.

14.4 Survival

Your indemnification obligations under this Section 14 survive termination of Your account and this Addendum indefinitely, as claims may be asserted years after the messaging activity occurred.

15. Contact Information

For questions regarding this Addendum or to report compliance concerns:

Oasis Auto Konnect LLC
Attn: Legal Department
27524 Cashford Circle Suite 102
Wesley Chapel, Florida 33544

Legal Address:
30 N Gould Street Suite R
Sheridan, WY 82801

Email: Legal Email
Support: Support Email
Phone: (813) 515-3550