Compliant, link-based SMS engagement — not another blast tool.
A short, plain-text SMS carries a one-time secure link to a personalized mini-site that only the intended recipient can view. No offer content in the message body. Better deliverability, real privacy, full audit trail.
Three steps from send to verified view.
Carriers filter messages stuffed with offers, and anything visible on the lock screen leaks to whoever holds the phone. We solve both problems by moving the offer off the SMS and behind an identity-verified link.
A short, compliant message
Plain text. Brand identity. STOP/HELP language. A unique per-recipient token. No promotional content in the body — which is exactly what carrier filters reward.
- • Sent only to explicitly opted-in contacts
- • Each message carries a unique
?t=token - • Zero offer details on the lock screen
Token-gated, never publicly browsable
The link lands on a branded subdomain (e.g. gatsby.viewyouroffers.com/access). No token, no menu, no public catalog — invalid visitors are redirected to the main marketing site.
- • Token resolves to tenant + contact + campaign + offer payload
- • JS execution required + intentional processing delay to deter scrapers and link-preview bots
- • Optional 21+/terms gate before any content renders
Last-4 challenge — no second SMS
Recipient enters the last 4 digits of the phone number that received the SMS. The recipient knows their number; a stranger holding the link does not. Forwarded or screenshotted links are useless without the device.
- • Server-side validation — phone number never leaves the server
- • 5 attempts / token / minute, then a 30-min lockout after 3 failures
- • 1-hour verified session so refreshes don't re-prompt
Why last-4 is stronger than email OTP — and cheaper than SMS OTP.
Phone numbers aren't published like email addresses, so possession of the recipient device is a real signal. No second SMS means no extra carrier cost, no extra latency, no extra 10DLC risk.
Server-authoritative attempts
The client never decides what's left. The edge function returns attempts_remaining or locked:true — manipulating localStorage does nothing.
Brute-force lockout
3 failed attempts locks the token for 30 minutes (auto-unlock). Every attempt is logged with IP and timestamp in verification_attempts.
Possession-based proof
Recipient enters the last 4 digits of the number that received the SMS. Inherent knowledge — no extra message, no extra cost.
Scraper & preview-bot defense
JS execution required plus a small intentional processing delay neutralize link-preview bots and casual scrapers.
1-hour verified session
Once verified, the session is cached in localStorage for an hour. Refreshes and navigation stay frictionless without re-prompting.
Rate-limited at the edge
Max 5 verification requests per token per minute, tracked per IP in verification_logs. Spray attacks die at the proxy.
Every layer your messaging needs.
From the first opt-in to the verified view of a personalized offer, the platform connects data, decisions, and delivery in one place.
Audience & segmentation
Behavior-based segments from purchase rhythm, category affinity, recency, and consent state.
Automations & flows
Welcome, win-back, post-purchase, birthday, restock — orchestrated with content and timing guardrails.
AI send strategy
Predictive audience selection plus adaptive timing and content recommendations tuned per goal.
Link-based delivery
Per-recipient secure tokens, branded subdomains, and identity-verified mini-sites instead of offer-laden SMS bodies.
Compliance & consent
Source-tracked opt-in capture, content guardrails, per-subscriber consent state, optional 21+ gate.
Deliverability engine
Audience hygiene, carrier-risk scoring, and content checks to protect handset outcomes.
Loyalty & retention
Loyalty signup growth, lapsed-customer win-back, and repeat-visit lift built into campaign flows.
Analytics & attribution
Verified views, visit lift, revenue per send, opt-out rate, and segment-level performance you can act on.
Opt-in growth tools
In-store, web, and loyalty-tied capture surfaces — every opt-in source attributed.
Integrations
Connects alongside leading POS and loyalty systems so you keep your customer of record.
Built on the realities of cannabis SMS.
Carriers reward short, plain, brand-identified messages. The offer belongs behind a token-gated link — never in the message body.
Lock screens leak. Forwards leak. A verified-recipient view by default means content is only seen by the person it was intended for.
Audience selection, send timing, and link content refine cycle over cycle using delivery, verified-view, and engagement signals.
Platform questions, answered.
Why put the offer behind a link instead of in the SMS?+
Two reasons. First, carrier filters aggressively downrank SMS bodies that look promotional — short, plain, brand-identified messages deliver dramatically better. Second, anything in the SMS body is visible on the lock screen and in any forward or screenshot. Moving the offer behind an identity-verified link protects deliverability and recipient privacy in one move.
Why not send a second SMS for OTP instead of the last-4 challenge?+
A second SMS doubles cost, doubles carrier risk, adds latency, and has worse UX. The recipient already knows their own phone number — entering the last 4 digits proves possession of the device without sending anything extra. It's also harder to bypass than email OTP because phone numbers aren't published the way email addresses are.
What stops someone from brute-forcing the last-4 code?+
Rate limiting (max 5 verification requests per token per minute, tracked per IP), a 30-minute lockout after 3 failed attempts, and a server-authoritative attempts counter that the client cannot manipulate. Every attempt is logged in verification_attempts with IP and timestamp.
What does a recipient actually see?+
After tapping the SMS link, they hit /access?t=TOKEN on your branded subdomain. They get a short bot-protection delay, then a last-4 challenge, optionally a 21+/terms confirmation, and then the personalized offer — greeting by first name, branded card, image, CTA, location info. Verified sessions are cached for 1 hour so refreshes don't re-prompt.
Do I have to replace my POS or loyalty system?+
No. We integrate alongside leading POS and loyalty systems so you keep your customer of record. We handle opt-ins, segmentation, link-based delivery, identity verification, and analytics.
How long does onboarding take?+
Most single-location dispensaries are live in days. Multi-location operators usually run a structured rollout over a few weeks across stores, including branded subdomain setup and 10DLC registration.
See the platform tailored to your store.
A working session with a specialist who's onboarded dispensaries like yours. Walk through a real link-based campaign end to end — SMS, mini-site, identity verification, and analytics.