TCPA & A2P 10DLC: What Restaurants Need to Know Before Sending One SMS

Before you send a single text from your restaurant, two regulatory frameworks decide whether your message reaches a guest’s phone or lands you in a class-action lawsuit. The TCPA has been around since 1991, and A2P 10DLC has been mandatory for U.S. carrier routing since 2023. Most independent operators have no idea either one exists until they get a $997-per-message demand letter.

This post is the operator’s version of the rules — the practical “what do I actually need to do” — not legal advice. Run the specifics by counsel before you launch. But ignore the framework and you are inviting trouble that will cost you more than a year of marketing budget.

The Two Frameworks, Plainly

The TCPA (Telephone Consumer Protection Act): A federal law that requires “prior express written consent” before sending marketing texts to a consumer’s mobile phone. Statutory damages are $500 to $997 per text — and class-action plaintiffs’ attorneys treat restaurant SMS lists as a target-rich environment.

A2P 10DLC (Application-to-Person, 10-Digit Long Code): A carrier-side registration program run by the major U.S. wireless carriers. Any business sending SMS from a 10-digit number to a consumer in the U.S. has to register the brand and the campaign with the carriers, or messages get filtered, throttled, or blocked entirely.

The two interact: TCPA governs whether you are allowed to send. 10DLC governs whether the message actually reaches the phone. You need both.

Prior Express Written Consent: What That Actually Means

The TCPA requires that before any marketing SMS goes out, the consumer has affirmatively opted in, in writing, with a clear disclosure of what they are signing up for.

For a restaurant, “in writing” is satisfied by:

• A checkbox on your reservation widget
• A QR-code-based opt-in flow (“Text JOIN to 555-0100”)
• A web form sign-up for the birthday club, loyalty program, or newsletter
• A keyword-based opt-in (the guest texts “JOIN” or “YES” to your number)

What “prior express written consent” requires inside that opt-in:

1. The opt-in must be unbundled from other agreements. A buried checkbox under terms of service does not count.
2. The disclosure must say, in plain language, that the guest is consenting to receive marketing SMS.
3. The disclosure must say message frequency, that message and data rates may apply, and that the consumer can opt out at any time by replying STOP.

The Opt-In Language to Use

Here is the language that goes on your reservation widget, your loyalty signup, and any other opt-in surface. Run it by your attorney, then use it everywhere.

”☐ Yes, I’d like to receive text messages from [Restaurant] about reservations, specials, and events. Up to 4 messages per month. Msg & data rates may apply. Reply STOP to unsubscribe, HELP for help. Consent is not a condition of purchase. [Privacy Policy] [Terms]”

Required elements, all of them:

• An unchecked checkbox or affirmative action
• The brand name
• The categories of messages (“reservations, specials, and events”)
• A message frequency disclosure (“up to 4 per month”)
• The rate disclaimer
• STOP and HELP instructions
• “Consent is not a condition of purchase” — required by the FCC rules
• Links to your privacy policy and SMS terms

Miss any of those and you weaken your defense if you ever get sued.

STOP and HELP: Non-Negotiable

Every SMS platform must respond automatically to STOP and HELP keywords. This is a carrier requirement, not optional.

• STOP, UNSUBSCRIBE, CANCEL, END, QUIT: All have to trigger an immediate opt-out. The platform should send one confirmation message (“You are unsubscribed. Reply START to opt back in.”) and then never message the number again.
• HELP: Triggers an auto-reply with the brand name, the support contact, and the opt-out reminder.

If a guest opts out and you message them again — even by accident, even because your team manually exported the list to a different platform — that is the textbook scenario for a TCPA class action. The platform-side automation has to be the source of truth.

A2P 10DLC: Brand and Campaign Registration

This is the piece every restaurant misses on day one. To send SMS from a 10-digit phone number (which is what your reservation system uses), you have to register:

1. The Brand: Your restaurant entity — legal name, EIN, address, website, vertical. Run through The Campaign Registry (TCR).
2. The Campaign: Each “use case” — marketing, customer care, two-factor — gets its own campaign registration. For restaurants, the relevant use cases are typically “Marketing” (specials, birthday club) and “Customer Care” (reservation confirmations).

Without registration:

• Messages get filtered at the carrier level (most go to spam, many never deliver).
• Your throughput is throttled to roughly 1 message per second, making any blast slow and unreliable.
• Carriers can permanently block your sending number.

With registration, you get higher throughput (typically 10-100+ messages per second depending on your trust score), better deliverability, and proper attribution.

The registration takes 7–14 business days and costs roughly $4–15 per month per brand plus a small per-campaign fee. Any decent SMS platform (including GHL) handles the mechanics — but you have to provide the brand information accurately. Lying on the registration form is its own can of worms.

What Not to Put in Restaurant SMS

Beyond the legal requirements, the carriers themselves apply content filtering. Certain phrases, formats, and patterns will get your messages filtered even with full TCPA and 10DLC compliance.

Do not:

• Use all-caps for entire messages (“FREE DESSERT TONIGHT”).
• Include link shorteners like bit.ly or tinyurl. Use your own branded short domain instead.
• Mention prohibited industries by name — gambling, cannabis, firearms, prescription drugs. Even if you are a restaurant making a joke, the keyword filter does not have a sense of humor.
• Include words like “free,” “winner,” or “claim” alongside payment-related calls to action. They trigger carrier spam filters.
• Send marketing messages between 9 PM and 8 AM in the recipient’s time zone. This is a TCPA rule and carriers also enforce it.

Do:

• Use a consistent sender identity (“From [Restaurant]”) at the start of every marketing message.
• Include STOP language in at least the first message of any new sequence.
• Keep messages under 160 characters where possible to avoid concatenation issues.
• Use proper sentence case and natural language.

The Quiet Hours Rule

The TCPA prohibits marketing calls and texts to a consumer between 9 PM and 8 AM in the consumer’s local time. For restaurants, this is the rule that bites most often — a Sunday-night specials blast at 6 PM Pacific is 9 PM Eastern, which means your East Coast contacts cannot receive it.

The fix is straightforward: segment your contact list by time zone and send accordingly. GHL handles this if you tag contacts with their timezone or if you use the recipient’s area code as a proxy.

What to Do If You Get a Demand Letter

It happens. Someone gets a marketing SMS, decides they did not consent, and forwards it to a TCPA plaintiff’s firm. The firm sends a demand letter for $5,000–$50,000 per recipient on a class basis.

What to do:

1. Do not respond directly. Forward to counsel immediately.
2. Pull every record showing how the recipient opted in — timestamp, IP, the opt-in form they used, the language they consented to.
3. Pull the platform-side records of every message sent to that number, including any STOP requests they may have sent that got logged.
4. Let counsel handle the response.

A clean opt-in trail is usually enough to make a TCPA claim go away. A messy one is what generates settlements.

The Practical Checklist

Before you send your first marketing SMS:

• Brand registered with The Campaign Registry
• At least one campaign use case registered
• Opt-in checkbox on every collection surface, unchecked by default
• Full disclosure language including frequency, STOP, HELP, and rate disclaimer
• STOP and HELP automation tested end to end
• Time-zone tagging on every contact
• Quiet-hours filter active in your sending platform
• Backup of opt-in records taken monthly
• Privacy policy and SMS terms published on your website

Run this checklist before campaign one. Run it again every quarter.

Compliance is not the exciting part of restaurant marketing. But the operators who skip it spend the savings — and a lot more — on legal fees inside the first year. The operators who do it once, properly, never think about it again.

This is one of those parts of the business where the cheap shortcut is the most expensive option you can pick.