RecurMend

Platform Compliance

SMS Compliance Architecture

Two compliance gates — platform-level merchant attestation + per-merchant Twilio toll-free verification — enforce documented subscriber consent on every SMS sent through Mendworthy.

The compliance chain

Mendworthy is a B2B transactional-SMS platform delivering payment-failure notifications on behalf of subscription merchants. Consent flows through five explicit stages:

  1. SubscriberMerchant

    Subscriber provides phone number with explicit, separate, optional SMS consent at the merchant's signup. TCPA-aligned consent collection is the merchant's responsibility (principles below).

  2. MerchantMendworthy

    Platform attestation. Merchant flips an opt-in toggle in settings; persists smsConsentAttested + evidence trail (timestamp, surface, attesting user) on their workspace record.

  3. MerchantTwilio

    Carrier verification.Merchant completes per-merchant toll-free verification through Twilio's Compliance Embeddable, supplying their own business identity, opt-in evidence, and message sample. Carriers approve each number independently.

  4. MendworthyTwilio

    Both gates checked at send time. No code path bypasses them; merchants missing either run email-only.

  5. TwilioSubscriber

    Twilio delivers from the merchant's verified number. STOP honored platform-wide; opt-outs don't affect the subscription.

Platform attestation layer

A default-unchecked attestation toggle in the merchant's settings (app.mendworthy.com/settings/sms) persists smsConsentAttested = true on the workspace record plus a TCPA evidence trail — attestation timestamp, attesting user, and surface (settings / api / onboarding) — frozen at the off → on transition. The evidence trail survives subsequent toggle cycles as audit trail on every end-customer record onboarded while attestation was active. Merchants who decline keep SMS off and run email-only recovery.

Carrier verification layer

Per-merchant Toll-Free Verification through Twilio's Compliance Embeddable, hosted inside the merchant's dashboard at app.mendworthy.com/settings/sms-onboarding. Each merchant supplies their own business identity (legal name, EIN, address), website, opt-in evidence, sample production message, and monthly volume estimate. The submission goes directly from the embeddable to Twilio; Mendworthy stores only the resulting inquiry status on a merchant_tfv_submissions row. Until carrier approval lands (typically 3 business days), SMS sends are unconditionally suppressed for that merchant.

Mendworthy operates as the umbrella ISV on Twilio Trust Hub: our primary Customer Profile sits at the platform layer, and each merchant gets a secondary profile carrying their own end-business identity. That's the architecture Twilio documents for SaaS platforms sending on behalf of merchants.

Code-level enforcement

Both gates evaluated at every send attempt: platform attestation (client.smsConsentAttested), subscriber STOP record (!contact.smsOptedOutAt), and per-merchant carrier-verification status (merchant_tfv_submissions.status === "approved"). Any one failing → email-only.

Show enforcement details (smsEligible gate + sender-side TFV check)

The dunning engine computes smsEligible from the platform-attestation + opt-out + operational conditions. The carrier-status check lives one layer below in the SMS sender:

src/dunning/email-send.ts
const smsEligible =
  sequenceAllowsSmsAtStep(dunning.sequenceType, dunning.currentStep) &&
  !merchantDisabled &&
  contact.phone &&
  client.smsConsentAttested &&
  !contact.smsOptedOutAt;

return {
  kind: "send",
  plan: {
    /* ... */
    smsScheduledAt: smsEligible ? new Date(Date.now() + SMS_STAGGER_MS) : null,
  },
};

The sender consults merchant_tfv_submissions.status before invoking Twilio; sends are suppressed for any merchant whose status is not approved with a logged tfv_pending or tfv_rejectedskip reason. The two layers fail closed independently. There's no broadcast, ad-hoc, or marketing send path; every SMS is triggered automatically by a specific failed-payment event on the recipient's own account.

Merchant responsibility

Merchants are responsible for their subscriber consent collection. The platform attestation is the contractual mechanism for accepting that responsibility, and requires consent collection to follow standard TCPA / CTIA principles:

Explicit
SMS consent is requested distinctly from terms-of-service and privacy-policy acceptance, not bundled into a single “I agree” checkbox.
Separate
The SMS opt-in is its own choice rather than a precondition for any other agreement.
Optional
Subscribers can complete signup without opting into SMS. SMS consent is not a condition of using the merchant’s service.
Clearly disclosed
The opt-in surface communicates message frequency, the STOP keyword, and that standard message and data rates may apply.

Subscriber-facing message format

Every SMS: merchant name, brief notice, secure card-update link, opt-out instruction.

AcmeCorp: It looks like your card on file has expired. Please update your card.

mendworthy.com/s/abc123

Reply STOP to opt out.
Keyword behavior + frequency / rates / carrier disclosures

Keywords

STOP
STOP, UNSUBSCRIBE, CANCEL, END, or QUIT. Twilio blocks future sends at the carrier level; Mendworthy's webhook mirrors that via smsOptedOutAt on every matching end-customer record, so the recipient is opted out across every Mendworthy merchant who has them as an end-customer.
START
START / YES / UNSTOP — symmetric re-opt-in. Twilio re-enables; Mendworthy clears smsOptedOutAt.
HELP
Twilio responds with a configured help message pointing to [email protected].

Frequency, rates, scope

  • Frequency: 1–5 messages per failed-payment event over a recovery window of up to 14 days; sends stop on payment-method update or subscription cancel.
  • Rates: Standard message + data rates may apply per the recipient's carrier; Mendworthy does not charge for SMS.
  • Carriers: AT&T, T-Mobile, Verizon, and their MVNOs. Carriers are not liable for delayed or undelivered messages.
  • Scope: U.S. mobile numbers only.

Subscriber-facing terms

The subscriber-facing SMS Program Terms live at mendworthy.com/sms-consent. They cover what the SMS is, how to opt out, and how the merchant relationship works. Phone-number handling, data sharing, and retention are described in our Privacy Policy.

Contact

Questions about this architecture or our compliance posture can be directed to [email protected].

Mendworthy
1312 17th Street #569
Denver, CO 80202
United States