TCPA Compliance for Cannabis Dispensary SMS
TCPA is the federal statute that turns a careless SMS program into a class-action target. For dispensaries it intersects with carrier policy, state cannabis rules, and your own consent posture.
The four things TCPA actually requires for SMS.
TCPA (Telephone Consumer Protection Act) requires prior express written consent before sending marketing SMS, immediate honoring of opt-outs, calling-hour limits, and clear disclosure of who is sending the message. For cannabis, the same rules apply, but the audit risk is higher because plaintiff firms watch the category.
Most TCPA exposure for dispensaries comes from imported lists, pre-checked opt-in boxes, and continuing to message after an opt-out due to system lag between locations or channels. None of those are unsolvable — they're operational disciplines.
This page is operational guidance, not legal advice. Always engage qualified counsel on your specific situation.
Built for cannabis, not generic retail.
Prior express written consent
Source-tracked opt-in with timestamp, surface, and the exact consent language shown to the subscriber.
Real-time opt-out enforcement
STOP keywords processed instantly across every store, channel, and active flow — no lag between locations.
Calling-hour discipline
Per-recipient state quiet hours enforced platform-side so nobody on the team has to remember the matrix.
Audit-ready records
Every send carries the consent record, content version, and policy checks at the moment of delivery.
Risky-pattern detection
Bulk imports, sudden frequency spikes, and high opt-out rates flagged before they become a complaint.
Cross-location consent
One subscriber, one consent record across the brand — not a separate list per store with separate suppression.
Questions buyers ask before booking.
What counts as 'prior express written consent' for SMS?+
A clear, affirmative action by the consumer (signed form, double opt-in, keyword opt-in) that includes the brand name, message frequency disclosure, msg-and-data-rates language, and HELP/STOP instructions. Pre-checked boxes and 'implied consent' from a purchase do not qualify.
Does TCPA apply to transactional or loyalty messages?+
Service messages (order ready, appointment confirmation) have a narrower compliance burden but still require opt-out honoring. Loyalty messages with promotional content are treated as marketing and require full consent.
What are statutory damages for TCPA violations?+
$500 per message, $1,500 if willful — multiplied across a class. A 50,000-subscriber list with a single careless send creates seven-figure exposure quickly. The risk isn't theoretical.
How do we handle a TCPA complaint?+
Pull the subscriber's full record: opt-in source, timestamp, consent language, every send received, opt-out events, and policy checks at send time. A defensible audit trail resolves most complaints before they escalate.
Is double opt-in required under TCPA?+
Not strictly required, but it's the cleanest defense — it documents intent twice and reduces 'I never signed up' disputes. Many cannabis operators adopt it for the higher-quality audience alone.
Does this replace legal counsel?+
No. This is operational guidance for the platform layer. TCPA exposure is jurisdiction-specific and fact-specific — engage qualified counsel for your situation.
Audit your TCPA posture before a plaintiff firm does.
A 30-minute review of your consent sources, opt-out flow, and audit trail. We flag the gaps, you fix them.