How Teckst Complies with GDPR and TCPA

GDPR (General Data Protection Regulation)

GDPR is a regulation that replaces the 1995 directive for the European Union’s data protections. It gives individuals more power over the collection and usage of their personal data and aims for more transparency as to how that data is being used. GDPR not only applies to organizations within the EU, but also those outside if they sell goods or services to people living in the EU, or obtain access to their personal data.

How Teckst Complies with GDPR

As a Controller of End-User Data

PII directly stored:

Phone Number


The conversations our clients and their customers have are collected by our system and stored on our servers for up to 365 days. We can delete the contents of these conversations from our own servers upon client request. However, we use communications metadata for our own business operations, such as the timing and number of text messages transmitted or received via our platform. These records often constitute personal data because they contain users’ phone numbers. We need this data for our own business operations, like billing, routing, tax, and audit purposes and cannot delete it immediately upon request. However, Teckst can supply the client with a record of these conversations via CSV file.

Please fill out the form at the bottom of this page for data requests.

As a Sub-Processor

As it relates to our clients’ GDPR compliance documents, Teckst is a sub-processor.

PII Directly Stored

  • Phone Number

PII Passively Collected in Conversation:

  • Name
  • Address
  • Location Data (GPS)
Phone Number


Teckst does not allow the sale of customer data or retargeting your customers with marketing, SPAM, etc. PII actively and passively collected and stored can be provided to our clients at any time or destroyed upon request if not needed for Teckst’s own business operations, as noted in the section above.

Please fill out the form at the bottom of this page for data requests.

As a Controller of Data (Applies to site visitors only)

Teckst is a controller of data collected from our website for the purposes of sales and marketing. Data collected includes any information a website user provides in a form, such as their name, email, and phone number.

PII directly Stored

  • Name
  • Phone Number
  • Email Address


Individuals who provide Teckst with their contact information as part of a request for marketing information, or sales inquiry will be contacted in those contexts. Requests to be forgotten, to access the data we have obtained, and to learn how personal data is used can be submitted via the form below. 

Please fill out the form at the bottom of this page for data requests. If you are making the request on behalf of yourself, please enter your own name as both the client and the data subject.

Teckst’s Usage of Sub-Processors

Teckst uses third parties, who may be considered sub-processors, to transmit the messages our clients and customers send to each other. The data they process is unrelated to marketing or sales. Teckst can delete user data from these sub-processors, or make requests on our clients’ behalf to download it or obtain more information about it.

TCPA (Telephone Consumer Protection Act)

TCPA was passed in 1991 to protect consumers from robocalling and other automated marketing methods, including SMS. Essentially it says that a company needs to have prior consent from the message recipient to contact them via any automated method. There are two ways to receive this consent:
  1. An individual messages to initiate a transaction with your company.

    If an individual initiates messaging contact with your company to purchase a good or service, he or she has opted in to receive transactional messages (not marketing messages) back from you.

  2. The individual opts in to receive marketing or promotional messages.

    If you get explicit consent, usually meaning the individual checked a box (either online or on actual paper) saying promotional messages are okay, then you may market via text channels. As with transactional messages, you must disclose any possible fees incurred and clearly offer a way to opt out. You can’t make acceptance of marketing messages a condition of purchase.

Caveat: A representative of your company can send a manual, one-to-one message to an individual who has never received a message from your company. A message sent via API may technically be considered to be in violation of TCPA, but one human may send a message to another human. As with the scenario above, however, the recipient may opt out at any point.

How Teckst Helps Our Customers Comply with TCPA

We recommend that all of our clients use a “double opt-in.” This means that even though an individual has technically opted in by initiating a text conversation with your company, we suggest sending a message like this: “Thanks for texting with Burton! By sending us a text, you are confirming you'd like to be contacted by an associate. Msg & data rates may apply. Reply STOP to cancel at any time.”

If requested, Teckst can block associates from being able to send a text message to a customer that has not yet texted you.

Once an individual replies “STOP” to cease all communication, they will receive one final text message, which includes confirmation that messaging has ended and instructions outlining how to reply with “UNSTOP” to send/receive future messages.

If we have an API integration with your CRM, we can blacklist the individual from receiving any forms of communication originating from Teckst from across your organization.

We recommend that clients use separate numbers for transactional and marketing messages. Transactional messages include purchase confirmations, updates such as flight status, or notifications such as rain delays for a sporting event. Marketing messages include any attempt to sell additional goods and services. If a customer opts out of a marketing message, it still allows you to communicate with them about service and support.

GDPR Data Request Form