Documentation

Compliance and suppressions

Current Textree SMS eligibility model for suppressions, STOP events, compliance readiness, and spend gates.

Compliance and suppressions

Textree V1 uses a suppression-based SMS eligibility model.

Outbound SMS does not require a global granted consent record before enqueue. Sends are allowed by default unless one of the current gates blocks them.

Send gates

Every one-off UI send, developer API send, MCP-triggered send, and campaign delivery checks:

  • workspace suppression for the recipient phone number
  • campaign suppression for campaign deliveries
  • spend limit and ledger reservation
  • test/live environment constraints
  • sender number and provider readiness
  • payload validation and provider errors

Workspace suppressions

Workspace suppressions block all outbound sends to a phone number in that workspace.

They can be created by:

  • provider STOP/opt-out webhooks
  • manual operator action in Workspace Settings

Workspace owners and admins can remove a suppression only when their compliance process says the recipient may receive SMS again.

Campaign suppressions

Campaign suppressions block only one campaign’s rendered deliveries for a phone number.

They do not block:

  • one-off sends
  • developer API sends
  • MCP sends
  • other campaigns

Campaign owners, admins, and operators can manage campaign opt-outs from the Campaign page.

Legacy consent/contact metadata

The contact_consents data model still exists as contact metadata and history. Message responses may include a consent_status value such as missing, granted, or opted_out.

That field is informational in V1. It is not the required global send gate. Workspace and campaign suppressions are the active opt-out enforcement model.

Provider STOP handling

Signed provider opt-out events create or update workspace suppressions. This keeps STOP behavior durable and prevents future sends before any provider call is made.

The webhook event is persisted first, then reconciled asynchronously through Oban. Duplicate provider events are safe because suppression creation is idempotent for the same workspace and phone number.

Compliance readiness

Compliance readiness is separate from any global consent-grant requirement. Before live traffic, operators should verify:

  • billing and spend limits are configured
  • sender numbers are registered or connected
  • workspace suppressions are respected
  • campaign opt-outs are isolated to the correct campaign
  • provider webhooks are signed and replayable
  • test-mode sends pass before switching to live mode