Platform

Compliant, link-based SMS engagement — not another blast tool.

A short, plain-text SMS carries a one-time secure link to a personalized mini-site that only the intended recipient can view. No offer content in the message body. Better deliverability, real privacy, full audit trail.

How it works

Three steps from send to verified view.

Carriers filter messages stuffed with offers, and anything visible on the lock screen leaks to whoever holds the phone. We solve both problems by moving the offer off the SMS and behind an identity-verified link.

1The outbound SMS

A short, compliant message

Plain text. Brand identity. STOP/HELP language. A unique per-recipient token. No promotional content in the body — which is exactly what carrier filters reward.

Hi Sarah — your Gatsby update is ready. View here: https://gatsby.viewyouroffers.com/access?t=a1b2c3 Reply STOP to opt out, HELP for help.
  • • Sent only to explicitly opted-in contacts
  • • Each message carries a unique ?t= token
  • • Zero offer details on the lock screen
2The secure mini-site

Token-gated, never publicly browsable

The link lands on a branded subdomain (e.g. gatsby.viewyouroffers.com/access). No token, no menu, no public catalog — invalid visitors are redirected to the main marketing site.

  • • Token resolves to tenant + contact + campaign + offer payload
  • • JS execution required + intentional processing delay to deter scrapers and link-preview bots
  • • Optional 21+/terms gate before any content renders
3Identity verification

Last-4 challenge — no second SMS

Recipient enters the last 4 digits of the phone number that received the SMS. The recipient knows their number; a stranger holding the link does not. Forwarded or screenshotted links are useless without the device.

  • • Server-side validation — phone number never leaves the server
  • • 5 attempts / token / minute, then a 30-min lockout after 3 failures
  • • 1-hour verified session so refreshes don't re-prompt
Identity & abuse protection

Why last-4 is stronger than email OTP — and cheaper than SMS OTP.

Phone numbers aren't published like email addresses, so possession of the recipient device is a real signal. No second SMS means no extra carrier cost, no extra latency, no extra 10DLC risk.

Server-authoritative attempts

The client never decides what's left. The edge function returns attempts_remaining or locked:true — manipulating localStorage does nothing.

Brute-force lockout

3 failed attempts locks the token for 30 minutes (auto-unlock). Every attempt is logged with IP and timestamp in verification_attempts.

Possession-based proof

Recipient enters the last 4 digits of the number that received the SMS. Inherent knowledge — no extra message, no extra cost.

Scraper & preview-bot defense

JS execution required plus a small intentional processing delay neutralize link-preview bots and casual scrapers.

1-hour verified session

Once verified, the session is cached in localStorage for an hour. Refreshes and navigation stay frictionless without re-prompting.

Rate-limited at the edge

Max 5 verification requests per token per minute, tracked per IP in verification_logs. Spray attacks die at the proxy.

System overview

Every layer your messaging needs.

From the first opt-in to the verified view of a personalized offer, the platform connects data, decisions, and delivery in one place.

Audience & segmentation

Behavior-based segments from purchase rhythm, category affinity, recency, and consent state.

Automations & flows

Welcome, win-back, post-purchase, birthday, restock — orchestrated with content and timing guardrails.

AI send strategy

Predictive audience selection plus adaptive timing and content recommendations tuned per goal.

Link-based delivery

Per-recipient secure tokens, branded subdomains, and identity-verified mini-sites instead of offer-laden SMS bodies.

Compliance & consent

Source-tracked opt-in capture, content guardrails, per-subscriber consent state, optional 21+ gate.

Deliverability engine

Audience hygiene, carrier-risk scoring, and content checks to protect handset outcomes.

Loyalty & retention

Loyalty signup growth, lapsed-customer win-back, and repeat-visit lift built into campaign flows.

Analytics & attribution

Verified views, visit lift, revenue per send, opt-out rate, and segment-level performance you can act on.

Opt-in growth tools

In-store, web, and loyalty-tied capture surfaces — every opt-in source attributed.

Integrations

Connects alongside leading POS and loyalty systems so you keep your customer of record.

Operating principles

Built on the realities of cannabis SMS.

Keep the SMS clean

Carriers reward short, plain, brand-identified messages. The offer belongs behind a token-gated link — never in the message body.

Privacy is design

Lock screens leak. Forwards leak. A verified-recipient view by default means content is only seen by the person it was intended for.

Adaptive, not static

Audience selection, send timing, and link content refine cycle over cycle using delivery, verified-view, and engagement signals.

FAQ

Platform questions, answered.

Why put the offer behind a link instead of in the SMS?+

Two reasons. First, carrier filters aggressively downrank SMS bodies that look promotional — short, plain, brand-identified messages deliver dramatically better. Second, anything in the SMS body is visible on the lock screen and in any forward or screenshot. Moving the offer behind an identity-verified link protects deliverability and recipient privacy in one move.

Why not send a second SMS for OTP instead of the last-4 challenge?+

A second SMS doubles cost, doubles carrier risk, adds latency, and has worse UX. The recipient already knows their own phone number — entering the last 4 digits proves possession of the device without sending anything extra. It's also harder to bypass than email OTP because phone numbers aren't published the way email addresses are.

What stops someone from brute-forcing the last-4 code?+

Rate limiting (max 5 verification requests per token per minute, tracked per IP), a 30-minute lockout after 3 failed attempts, and a server-authoritative attempts counter that the client cannot manipulate. Every attempt is logged in verification_attempts with IP and timestamp.

What does a recipient actually see?+

After tapping the SMS link, they hit /access?t=TOKEN on your branded subdomain. They get a short bot-protection delay, then a last-4 challenge, optionally a 21+/terms confirmation, and then the personalized offer — greeting by first name, branded card, image, CTA, location info. Verified sessions are cached for 1 hour so refreshes don't re-prompt.

Do I have to replace my POS or loyalty system?+

No. We integrate alongside leading POS and loyalty systems so you keep your customer of record. We handle opt-ins, segmentation, link-based delivery, identity verification, and analytics.

How long does onboarding take?+

Most single-location dispensaries are live in days. Multi-location operators usually run a structured rollout over a few weeks across stores, including branded subdomain setup and 10DLC registration.

See the platform tailored to your store.

A working session with a specialist who's onboarded dispensaries like yours. Walk through a real link-based campaign end to end — SMS, mini-site, identity verification, and analytics.