TCPA & A2P 10DLC for Restaurants — The Practical Guide

The fastest way for a restaurant to lose its SMS channel is to send a $5-off margarita blast to a list that opted in for reservation reminders. The carrier filters do not call you. They do not warn the GM. They just stop delivering your messages, sometimes for ninety days. By the time you notice, your Saturday brunch promo has reached eleven percent of the list and your reply rate looks like the channel is broken — because it is. This guide is the practical, restaurant-specific compliance plan that keeps your sender reputation intact, your carrier filters happy, and your legal exposure as close to zero as the law allows.

Nothing in this guide is legal advice. It is the working playbook we use to launch SMS for restaurants without getting filtered by T-Mobile or sued by a plaintiffs’ firm. Run it past your own counsel before you flip the switch.

Why This Matters

Restaurants get flagged more aggressively than most industries for three reasons. First, the volume — a 200-cover restaurant with a tight birthday flow and a weekly specials broadcast can fire 40,000 messages a month, which puts it in carrier territory typically occupied by retailers ten times its size. Second, the content — alcohol promos, late-night offers, and “limited time” language hit the exact heuristics carriers built to catch payday lenders and sweepstakes scams. Third, the consent hygiene — most restaurants collect phone numbers on a paper waitlist and never get express written consent for marketing, which is technically a TCPA violation on every single marketing send.

The penalty stack runs from carrier suspension (free, but kills the channel for 30-90 days) to TCPA litigation ($500-$997 per message, with class actions reaching seven figures). Most restaurants never see a lawsuit. Almost every restaurant sending without proper consent eventually sees a carrier suspension. Both are avoidable.

Prerequisites — What You Need Before You Start

• An EIN, legal business name, and registered business address (DBAs and sole props can register, but the friction is higher)
• A privacy policy hosted on your restaurant’s website, with a specific SMS section
• A terms-of-service page that mentions message frequency, data rates, and opt-out instructions
• Your reservation platform, loyalty platform, and any third-party data source mapped, with consent language documented from each
• A clean source of truth for the date and method each guest opted in — most restaurants do not have this and have to rebuild
• 10DLC registration fees budgeted (typically $4 brand fee plus $10-15/month per campaign, plus carrier pass-through fees)

The Step-by-Step Plan

Audit your existing opt-in language by channel

Make a spreadsheet. One row per place a guest can hand you a phone number: the reservation widget, the waitlist iPad, the loyalty signup kiosk, the QR code on the table tent, the paper comment card, the gift-card purchase flow, the catering inquiry form. For each one, write down the exact consent language used today and grade it against TCPA’s express written consent standard: clear and conspicuous, identifies the sender, specifies the type of messages, mentions frequency and data rates, and includes a clear opt-out mechanism. Most restaurants fail four of five rows. That is fine — you are about to fix them.

Rewrite reservation, loyalty, and marketing opt-ins separately

There are three legally distinct consent categories you need to maintain: transactional (reservation confirmations and no-show flows), loyalty (rewards balance, points earned), and marketing (specials, events, gift cards). Each one needs its own checkbox and its own language. Do not use a single checkbox that says “I agree to receive messages from [Restaurant].” Use three. The marketing checkbox must be unchecked by default — pre-checked boxes are an explicit TCPA violation.

Sample marketing opt-in language: “Yes — text me about specials, events, and gift-card promotions from [Restaurant]. Up to 6 msgs/month. Msg & data rates may apply. Reply STOP to cancel, HELP for help. Consent is not a condition of purchase.”

Build a double-opt-in workflow for marketing SMS

A double opt-in is not legally required under TCPA, but it is what carriers want to see and it is the cleanest evidence of consent if you are ever challenged. The flow is simple: guest checks the marketing box, GHL sends a confirmation SMS that says “Reply Y to confirm you want texts about specials from [Restaurant].” Only guests who reply Y enter the marketing list. Capture the timestamp, the original source URL or device, and the IP address with each Y reply. Store all of it.

Configure STOP, HELP, UNSUBSCRIBE, and START keyword routing

Every SMS platform is required to honor these keywords. STOP and UNSUBSCRIBE must remove the guest from every marketing list immediately and send a single confirmation message. HELP must return a message that names your business and provides a customer service contact. START re-subscribes a guest who previously opted out, but only with a new affirmative consent — do not auto-resume their old subscriptions. Build a custom routing layer in GHL for STOP-ALL (removes from every list including transactional, which is the guest’s right) versus STOP-MARKETING (removes only from marketing while keeping reservation reminders, which most guests actually want).

Register your 10DLC brand and campaign

A2P 10DLC is the carrier framework that lets businesses send legitimate messaging traffic from local long codes. Submit your brand inside GHL with your EIN, business name, vertical (food service), and website. Then register a campaign — restaurants typically need two: a “Customer Care” campaign for reservations and loyalty, and a “Marketing” campaign for promotional broadcasts. Approval timelines run 1-2 weeks in normal conditions, longer around major holidays. Once approved, your throughput limits unlock and your filter rate drops dramatically.

Map banned and state-restricted content categories

Three content categories will get a restaurant in trouble even with perfect consent. Alcohol — federally, you cannot promote alcohol to anyone under 21, which means your list must have an age-gate at opt-in for any drinks-led promo. Several states (Utah, Tennessee, parts of New York) have additional restrictions on alcohol marketing channels and timing. Gambling and raffles — if your “win a dinner for two” promo qualifies as a sweepstakes under your state’s rules, the SMS must include official rules and odds language. Loans and high-pressure financial offers — irrelevant for most restaurants, but if you run any kind of installment payment for catering, the rules apply. Build a one-page checklist and pin it next to the broadcast queue.

Also map your state’s quiet hours. Federal TCPA prohibits marketing SMS before 8 AM or after 9 PM in the guest’s local time zone. Several states (Florida, Oklahoma) have stricter rules — Florida limits to 8 AM-8 PM. GHL respects time-zone scheduling; use it.

Set up the consent and complaint record-keeping system

You must retain proof of consent for at least four years. We recommend five. Inside GHL, every contact should have these custom fields populated: consent_source (the URL or location of opt-in), consent_timestamp (ISO 8601), consent_method (web form, double-opt-in SMS, paper signed receipt), consent_ip (where applicable), and consent_text (the exact disclosure text the guest agreed to). Also maintain an opt-out log: timestamp, channel, keyword used. And a complaint log for any guest who escalates beyond a simple STOP — emails to the GM, social complaints, attorney letters. If you ever have to defend a send, this file is the difference between a five-figure settlement and a dismissal.

Run a 30-day compliance launch with a kill-switch

Do not flip every campaign on at full volume on day one. Phase the sending up: week one, transactional only (reservation reminders, no-show reclaim). Week two, add loyalty messages to opted-in guests. Week three, send the first marketing broadcast to your cleanest 25% of the marketing list. Week four, full volume. Monitor three metrics daily: opt-out rate (should stay under 2% per send), complaint rate (target under 0.1%), and carrier delivery rate (should hold above 92%). Define your kill-switch in writing: if opt-out tops 5% on a single send, every campaign pauses pending review. If a carrier suspends, every campaign pauses pending re-registration.

Common Mistakes to Avoid

Treating the reservation list as a marketing list. This is the violation that ends careers. The host stand collects phone numbers because the guest wants a reservation reminder. That is the only thing those numbers are consented for. Build a separate opt-in pathway for marketing and never collapse them.

Using pre-checked boxes. Pre-checked consent boxes are an express TCPA violation and a guaranteed carrier filter trigger. Every consent checkbox must be unchecked by default.

Sending alcohol promos without an age gate. A 15% off bottles-of-wine text that hits a 19-year-old on your list because she made a reservation for her parents is a regulatory problem in every state. Age-gate at opt-in or scrub the list against birthday data before any alcohol send.

Ignoring local time zones in scheduling. A 9 PM Pacific broadcast hits Eastern guests at midnight, which is a TCPA quiet-hours violation. Always schedule by guest local time, not server time.

Reusing a phone number after a STOP. When a guest opts out, that number is dead to marketing forever unless they actively re-subscribe. Buying a list, importing from a third party, or scraping the reservation platform to “refresh” an opted-out number is the fastest path to a complaint that turns into a lawsuit.

Skipping the brand registration to “test.” Unregistered traffic gets filtered hard by all major carriers. Your test sends will look like they are working until your real traffic hits volume, at which point delivery falls off a cliff. Register first.

Treating HELP as optional. A surprising number of carrier suspensions trace to a HELP keyword that returned an unhelpful or missing message. Write a real HELP response that names the restaurant, gives a phone number, and explains opt-out.

What Success Looks Like

A compliant restaurant SMS program looks like this after sixty days: opt-out rates hold around 0.8-1.5% per marketing send, complaint rates sit under 0.05%, carrier delivery rates run 94-97%, and your auditable consent records cover 100% of the active marketing list. Your transactional list (reservations, no-show recovery) is physically separated inside GHL with its own sender configuration. Your 10DLC campaigns are approved, your throughput limits are unlocked, and your monthly carrier fees are predictable. When an attorney letter shows up — and one will, eventually, on the smallest pretext — you pull a single CSV of consent proof, send it to your lawyer, and the matter dies in two weeks instead of dragging on for two years.

Most operators discover that compliance is not the headwind they feared. It is the thing that finally makes the channel reliable. Carriers reward clean senders with better delivery, lower per-message fees, and faster approval on new campaigns. Doing this right is the unlock for everything you actually wanted to do with SMS in the first place.