A2P 10DLC Opt-In and Consent Collection in GoHighLevel: The Complete 2026 Guide

Express written consent is the single most important compliance requirement in A2P 10DLC, and it’s the #1 reason GoHighLevel agency campaigns get rejected by The Campaign Registry. The carriers that approve your messaging traffic — AT&T, T-Mobile, Verizon — care more about how you collected consent than almost anything else on your registration. This guide walks through every compliant opt-in method available to GHL agencies in 2026, with the exact disclosure language and form structure carriers want to see.

The short version

Express written consent for SMS requires four elements at the point of opt-in:

1. A clear, conspicuous disclosure identifying the brand and the message types being sent
2. Affirmative action by the user — checkbox, keyword reply, signed form, or recorded verbal agreement (never pre-checked)
3. Frequency and rates disclosure — “Message frequency varies. Msg & data rates may apply.”
4. STOP and HELP keyword references at the consent point, plus Privacy Policy and Terms of Service linked from the opt-in form footer and the website footer

If you collect SMS consent through any method that’s missing any of these four elements, you’re out of compliance — even if the user genuinely agreed and even if you have records of the agreement. TCR reviewers and carriers don’t grade on intent; they grade on documentation.

Why opt-in is the #1 thing TCR cares about

TCR’s reviewers look at four primary attributes when evaluating a campaign submission: brand identity, use case, message content, and how consent was collected. Of those four, consent is the only one that ties directly to TCPA — the federal law that allows consumers to sue businesses for $500 to $1,500 per non-compliant message under 47 U.S.C. § 227. Carriers face liability exposure when their networks deliver non-consented traffic, so they push that compliance burden upstream to the brand registration process.

The result: when a TCR reviewer can’t tell from your submission how a user actually consented to receive SMS, the campaign gets rejected. When the consent flow exists but isn’t documented at the point of submission, it gets rejected. When the consent was collected but lacks the required disclosure elements, it gets rejected.

For GHL agency owners, this means the URL you submit for the “Opt-in Workflow” field during campaign registration is doing more work than any other piece of evidence. (GHL Trust Center doesn’t accept screenshot uploads — the URL is what reviewers verify against.) The opt-in page at that URL needs to clearly show:

• A standalone SMS consent checkbox (unchecked by default, optional — never required to submit)
• The full CTA disclosure language directly adjacent to the checkbox
• Functioning links to your Privacy Policy and Terms of Service
• A clear flow where only users who affirmatively check the box get added to the SMS list

A critical clarification: SMS consent must be optional, not required. TCPA explicitly prohibits making consent to receive marketing or informational SMS a condition of any purchase, service, or form submission. If your GHL form blocks submission unless the SMS checkbox is checked, that’s not consent — it’s coerced agreement, and it’s non-compliant. The form should always submit with or without the box checked; only contacts who voluntarily check the box get enrolled in the SMS campaign.

Anything less and the campaign goes into the rejection queue.

The four core elements of compliant SMS consent

Every compliant opt-in method — web form, paper form, verbal, keyword — needs the same four elements. The format changes; the content doesn’t.

1. Brand identification

The disclosure must name the brand sending the messages — specifically enough that TCR can identify which registered entity the message originates from. Generic phrasing like “you’ll receive messages from us” or “from our partners” doesn’t satisfy review because it doesn’t identify the brand at all.

There are two valid patterns depending on whether the business operates under a DBA:

• No DBA (legal name is the public brand): Use the legal business name in the consent disclosure. “I consent to receive text messages from [Brand Name]” is the standard.
• DBA different from legal entity: Use the DBA in the consent disclosure, provided the legal/DBA relationship is declared in the Campaign Description with the sentence “We are doing business as [DBA Name].” This is GHL-sanctioned per their Understanding A2P Campaign Rejection Reasons & Required Fixes article. The rest of the submission (website, Privacy Policy, Terms of Service, opt-in form, samples) should be consistent with the format “[Brand Name] DBA [DBA Name]” in formal sections and “[DBA Name]” in consumer-facing copy.

So if the legal name is “Acme Holdings LLC” and the public DBA is “Acme Salon,” the consent checkbox should say “I consent to receive text messages from Acme Salon” — that’s what consumers see on the storefront, that’s what they’re signing up for. The “Acme Holdings LLC DBA Acme Salon” format goes in the Privacy Policy and Terms of Service section headers; the legal entity name still appears on the brand registration record itself.

For GHL agency clients, this means each individual client brand needs its own opt-in form — a single agency-wide form that says “from our partners” or “from [Agency Name] and our clients” is non-compliant. Each brand should have a dedicated form with that brand’s name in the disclosure (DBA or legal, per the rule above).

2. Message type description

The disclosure must describe what kinds of messages the user will receive. Specifics matter — vague language like “messages from us” or “important information” causes use-case mismatch flags during review. Sample message-type descriptions by campaign type:

• Marketing campaigns (single checkbox): “promotional offers, new product announcements, and event invitations”
• Mixed campaigns (two checkboxes — one for each side):
  • Marketing checkbox: “promotional offers, sales, and new product announcements”
  • Non-marketing checkbox: “appointment reminders, account updates, and confirmations”
• Account Notification (single checkbox): “appointment confirmations, account status updates, and scheduled reminders”
• Customer Care (single checkbox): “support replies, follow-ups on inquiries, and customer service responses”

The message type description in the disclosure has to logically match the campaign use case selected in GHL Trust Center. For Mixed campaigns specifically, do not list both message types under one checkbox — TCPA requires separate consent for each side, and TCR reviewers flag bundled descriptions as use-case mismatches.

3. Frequency, rates, and STOP/HELP

Four standard disclosure elements must appear at every opt-in point:

• Frequency: “Message frequency may vary.” (or “Message frequency varies.”)
• Rates: “Message & data rates may apply.”
• Help: “Text HELP for help”
• Opt-out: “reply STOP to opt-out”

Easy A2P’s Draft Fresh Copy Wizard generates these in this exact phrasing because it’s what GHL Trust Center samples and TCR reviewers consistently treat as a clean pass. A few specifics worth knowing:

• Use “opt-out” not “cancel” in checkbox language. “Opt-out” is the phrasing carriers and TCR reviewers expect to see in consent checkbox text. (In sample messages — different surface — “unsubscribe” is also accepted; GHL’s own sample messages use both interchangeably.)
• Use “Text HELP” not “Reply HELP” in checkbox language for consistency with the Trust Center sample format.
• Don’t commit to a specific number of messages (“Up to 4 messages per month”) unless your client truly runs a fixed-volume program. Specific numbers create a paper trail you can be held to in customer disputes; “Message frequency may vary” is the safer default and is fully compliant.

Missing any one of the four elements is a near-automatic rejection. The STOP/HELP references are required at the opt-in point in addition to being included in the welcome/confirmation message.

4. Privacy Policy and Terms of Service references

Working links to the Privacy Policy and Terms of Service must be visible on the surface where consent is collected — but not inside the consent checkbox text. For web forms, these live as visible links in the form footer (and in the website footer site-wide). For paper forms, they’re printed as URLs in the form footer. For verbal opt-in, the agent reads the URLs aloud as part of the script.

The Privacy Policy must contain the specific A2P 10DLC clauses TCR looks for (especially the “we do not share mobile information with third parties” non-sharing clause). The Terms of Service must include the seven required SMS clauses. We covered both in detail in Privacy Policy and Terms of Service Templates for A2P 10DLC.

Method 1: Web form opt-in (the most common GHL flow)

About 80% of GHL agency clients collect SMS consent through web forms — embedded on the client’s website, hosted as a GHL landing page, or used as a lead magnet form.

A compliant GHL web form has these elements in this order:

1. Name field (first name + last name, or single name field)
2. Phone number field (required, formatted for US 10-digit input)
3. Email field (often required for double-opt-in confirmation)
4. One or two SMS consent checkboxes, each unchecked by default and optional:
   • Marketing-only or single-purpose non-marketing campaign → one SMS checkbox
   • Mixed campaign → two SMS checkboxes (one marketing, one non-marketing)
5. Submit button (the form must accept submissions whether or not the SMS box(es) are checked)

The disclosure language template that passes TCR review (single-checkbox campaign):

☐ I consent to receive text messages from [Brand Name] about [message types] at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

Several variants of this language are acceptable — what matters is that the four core elements are all present and visible at the moment the user checks the box.

What kills web form opt-ins

Common mistakes that cause GHL agency campaigns to get rejected for opt-in issues:

• Pre-checked SMS checkbox. Default state must be unchecked.
• Required SMS consent. Forcing the checkbox to be checked before the form will submit makes the consent coerced, not voluntary. TCPA prohibits conditioning any transaction or service on SMS consent — the form must accept submissions whether or not the box is checked.
• Bundled consent. Combining SMS consent with general site Terms of Service or Privacy Policy acceptance in a single checkbox (e.g. “I agree to the Terms of Service” with SMS consent implied) is non-compliant. SMS consent must be its own dedicated, standalone checkbox; ToS and Privacy Policy are referenced as inline links within the SMS disclosure, not as a separate consent step.
• Hidden disclosure. Disclosure language placed in a footer, on a separate page, or in a popup that closes before submission.
• Vague brand name. “Our partners” or “the company” instead of the actual brand name.
• Missing STOP/HELP line. Acknowledging only that messages will be sent without explaining how to opt out.
• No Privacy Policy link. Or a link that 404s when the reviewer clicks it.
• Marketing checkbox doubling for transactional consent. Mixed campaigns need two checkboxes; using one is a use case mismatch.

Run your form through Easy A2P’s copy review system before submission to catch these before TCR does.

Method 2: Paper form opt-in

Paper forms are common for in-person collection at events, conferences, retail locations, and service appointments. The compliance requirements are the same as web forms — affirmative action, full disclosure, brand identification — but the format adapts to print.

A compliant paper form has:

• A printed checkbox the user physically marks
• The full CTA disclosure printed adjacent to the checkbox in legible font (8pt minimum, 10pt+ recommended)
• The brand name in the disclosure
• The message type description matching the campaign use case
• “Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.”
• Printed URLs (not just hyperlinks) to the Privacy Policy and Terms of Service in the form footer
• A signature line and date the user fills out

The signed form must be retained — physical paper, scanned PDF, or photographed copy uploaded to GHL contact records — for at least four years. TCPA discovery can request this documentation in litigation, and “we threw out the paper after digitizing the contact” is not an acceptable answer.

Method 3: Verbal opt-in

When a phone agent collects SMS consent during a call, three documentation requirements apply:

1. A documented script read to the customer that includes all four core CTA disclosure elements
2. A recorded call capturing the customer’s affirmative agreement statement
3. A CRM record in GHL noting date, time, agent name, recording reference, and script version

The minimum compliant script:

“Before we wrap up, would you like to receive SMS updates from [Brand Name] about [message types]? Message frequency may vary. Message and data rates may apply. You can reply STOP at any time to opt out, or text HELP for assistance. By saying yes, you also agree to our Privacy Policy and Terms of Service available at [website]. Do you consent to receive these messages at the phone number on file?”

The customer must respond with a clear “yes” or affirmative equivalent — silence, “sure, whatever,” or “I guess” don’t count as documented affirmative consent if a TCPA dispute later arises.

Method 4: Keyword (text-to-join) opt-in

Some GHL clients advertise a keyword opt-in: “Text JOIN to 555-555-5555 to receive offers.” The keyword method is fully compliant under TCR rules, but it has a frequently-missed requirement: the full CTA disclosure must appear next to every advertised instance of the keyword call-to-action.

That means on:

• Website banners advertising the keyword
• Flyers and printed marketing materials
• Social media posts
• Storefront signage
• Email newsletters mentioning the keyword
• Radio scripts and audio ads

In all those locations, the bare instruction “Text JOIN to 555-555” is non-compliant. The compliant version reads:

Text JOIN to 555-555 to receive promotional offers from [Brand Name]. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out. View Privacy Policy at [url] and Terms at [url].

When a user texts JOIN, the confirmation reply must include the brand name, the message description, and the same disclosure summary:

“Welcome to [Brand Name] SMS! You’ll receive promotional offers. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out. Privacy: [url] / Terms: [url]“

Method 5: Point-of-sale opt-in

Retail and service businesses often collect SMS consent at checkout — a tablet or POS terminal asks for the customer’s number plus consent. The compliance rules treat this as a hybrid of web and paper forms: the affirmative action is a tap or signature on the screen, and the disclosure must appear visible on that screen at the moment of consent.

Most POS providers (Square, Toast, Shopify POS) have built-in SMS consent flows, but the default disclosure language is often generic. GHL agencies should review the POS template and confirm:

• The brand name shown is the GHL client’s name (not the POS vendor’s)
• The disclosure includes message frequency, rates, and STOP/HELP
• Privacy Policy and Terms of Service links route to the GHL client’s documents (not the POS vendor’s)

This is one of the easiest places for a use case mismatch to slip in: a salon’s POS might collect consent worded for “general promotional updates” while the actual GHL campaign is registered as Mixed (promotional + appointment reminders). Either the POS disclosure or the campaign use case has to change to match.

What about existing contacts? (the “no consent record” problem)

Almost every GHL agency takes on a client who hands over a CRM full of contacts collected before SMS consent rules were tight — paper newsletter signups from 2018, email subscribers from a Mailchimp list, past customers from a Square POS. None of those contacts have documented SMS consent for the new client’s campaign, even if the business owner insists “they all know we’ll be texting them.”

This is a TCPA exposure issue, not a TCR campaign-rejection issue — a campaign can be approved by TCR and still produce TCPA litigation if you message contacts who never affirmatively opted in to SMS specifically. The cleaner path is a one-time invitation campaign sent through email or another non-SMS channel:

1. Email all existing contacts a message explaining you’re now offering SMS updates
2. Include a link to a compliant web form (or instruct them to text a keyword)
3. Only after they affirmatively opt in through that flow do you message them via SMS
4. Suppress everyone else from your SMS list

The “they’re customers, they expect to hear from us” defense doesn’t hold up under TCPA — the law requires affirmative SMS-specific consent regardless of prior business relationship. Re-consenting through a fresh opt-in flow is the only audit-defensible way to bring an inherited contact list into a new SMS program.

Mixed campaigns need two consent checkboxes

If your client’s GHL campaign is registered as Mixed (the most common pick — see How to Choose the Right A2P 10DLC Use Case), the opt-in form needs two separate consent checkboxes, not one.

TCPA requires separate consent for promotional and transactional message types, even when both are sent under the same campaign. The form structure looks like:

☐ I consent to receive marketing text messages from [Brand Name] about offers, sales, and new product announcements at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

☐ I consent to receive non-marketing text messages from [Brand Name] about appointment reminders, account updates, and confirmations at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

The Privacy Policy and Terms of Service links live as visible links elsewhere on the opt-in web page — typically in the footer of the form — not inside the consent checkbox text. What can’t be shared between the two checkboxes is the consent action itself: each box must be independently checked, and each must be optional (the form must accept submissions whether or not either box is checked).

This is the most commonly missed requirement on Mixed campaigns. Agency owners default to the single-checkbox flow they’re used to, register Mixed because their client sends both kinds of messages, and then get rejected for use case mismatch when TCR reviewers see only one consent checkbox in the submitted screenshot.

Sample disclosure language by use case

To save time, here are paste-ready disclosure templates for each of the most common GHL use cases. These are the same patterns Easy A2P’s Draft Fresh Copy Wizard generates. Replace [Brand Name] with the consumer-facing brand — the legal entity name when the business has no DBA, or the DBA when the legal/DBA relationship is declared in the Campaign Description (see Brand identification above).

Marketing

☐ I consent to receive marketing text messages from [Brand Name] about offers, sales, and new product announcements at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

Mixed (or Low Volume Mixed) — TWO checkboxes required

☐ I consent to receive marketing text messages from [Brand Name] about offers, sales, and product updates at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

☐ I consent to receive non-marketing text messages from [Brand Name] about appointment reminders, account updates, and confirmations at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

Account Notification

☐ I consent to receive non-marketing text messages from [Brand Name] about my account, including status updates, scheduled reminders, and account alerts at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

Customer Care

☐ I consent to receive non-marketing text messages from [Brand Name] about responses to my inquiries and follow-ups on support requests at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

Delivery Notification

☐ I consent to receive non-marketing text messages from [Brand Name] about shipment status updates, delivery confirmations, and arrival alerts at the phone number provided. Message frequency may vary. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

2FA / Authentication

☐ I consent to receive SMS authentication codes from [Brand Name] when I sign in or verify my account at the phone number provided. Message & data rates may apply. Text HELP for help, reply STOP to opt-out.

How Easy A2P helps

The Draft Fresh Copy Wizard generates compliant opt-in disclosure language for any GHL use case in under 60 seconds. The Review Existing Copy Wizard audits your existing form, paper script, or verbal script against all 27 TCR rejection causes — including the four core consent elements covered in this article.

If you’ve drafted your own form or inherited a client’s form, paste the consent disclosure into the copy review system before submitting it to TCR. We catch the missing brand name, the bundled consent, the missing STOP line, the pre-checked default, and the use-case mismatched message type description before TCR does.

What to submit to TCR for the “Opt-in Workflow” field

When you register a campaign in GHL Trust Center, the Opt-in Workflow field (called the “How do Contacts Opt-in to Messages?” field in Trust Center) asks for evidence of how consent is collected. It’s a text field, so the reviewers are reading what you write — there’s no screenshot upload. What they want to see is a clear, plain-language description of the opt-in method (web form, paper form, verbal, keyword) along with a URL where they can verify the consent flow lives.

A clean submission for a GHL web form looks like:

Customers opt in to receive SMS messages from [Business Name] by completing an online form that clearly explains messaging and includes explicit SMS consent language. Documentation is available at [Opt-In URL].

Replace [Business Name] with the legal entity name (and add “DBA [DBA Name]” if the business operates under a DBA — that’s the format the Trust Center reviewer expects to see when checking consistency between the brand record and the public site). Replace [Opt-In URL] with the public URL of the form (or, if the form is gated, an unauthenticated preview URL). The reviewer will visit that URL, see the unchecked SMS consent checkbox with the disclosure language, and approve or reject based on what’s visible there.

Common rejection reasons related to opt-in

These are the consent-specific rejection reasons most often seen in GHL agency campaigns. Each one is fixable; we covered the full list of 27 in Every TCR Rejection Reason in GoHighLevel.

• Missing CTA disclosure on opt-in form — checkbox exists but disclosure language is absent or buried
• Pre-checked consent box — default state is checked instead of unchecked
• Bundled SMS + ToS consent — single checkbox covers both, violating affirmative-action rule
• Generic brand language — “our partners” or “our company” instead of specific brand name
• Missing STOP/HELP at opt-in point — included in welcome message but not at the consent moment
• No Privacy Policy link at opt-in point — link exists in footer of website, but not at bottom of opt-in form
• Use case mismatch in disclosure — Marketing-only language used for Mixed campaign, or vice versa
• Single checkbox on Mixed campaign — both promotional and transactional consent bundled

If any of these sound like your current GHL setup, fix them before re-submission. Submitting a campaign with a known consent gap is the most common cause of Twilio error 30909 — “Message Flow or Call to Action incomplete/unverified”, which fires when reviewers can’t verify how end users actually consent.

A note on consent permanence and stale records

Express written consent doesn’t expire on its own — once a user opts in, the consent remains valid until they affirmatively opt out (text STOP, unsubscribe via web form, or revoke in writing). But carrier expectations have tightened over time: consent collected before 2020 was captured under disclosure standards that didn’t include the current STOP/HELP, message frequency, and rates language. If your client has a long-tenured contact list with consent records from 2017–2019, that consent is technically still on the books but exposes the program to TCPA litigation risk if the disclosure language at the time didn’t include what’s now required.

The safest path for any GHL agency taking on a new client with old consent records: run a one-time re-consent campaign through email or a non-SMS channel to refresh the affirmative action under current disclosure standards. Yes, you’ll lose some contacts who don’t re-opt-in. The contacts you keep are the ones with defensible consent under current TCPA standards — and that’s the list worth messaging anyway.

Need help reviewing your client’s opt-in form before you submit a GHL campaign? Run it through Easy A2P’s copy review system — it audits the consent disclosure, brand identification, message type alignment, and STOP/HELP language against all 27 TCR rejection causes in under 30 seconds.