Consent Resolve
Compliance & Privacy Blog

What Actually Counts as TCPA Consent (and What Doesn't)

Under the TCPA, not every 'yes' is a yes. A buried checkbox, an implied opt-in, or a name from a purchased list won't hold up. Here's what actually counts as consent — and why a timestamped record is the difference between defensible and exposed.

By Tyler Spurlock, Account Manager at Consent Resolve 7 min readReviewed by Stefan Dimitrov, Head of Engineering

“They opted in somewhere” is where shops get in trouble

Most home-service owners know the TCPA exists and know it has something to do with consent. Where they get burned is assuming that any vague opt-in counts. A homeowner filled out a form once, or their name came from a list that supposedly had permission, so surely it’s fine to text them, right?

Not necessarily. Under the TCPA — the federal law governing marketing calls and texts — not every “yes” is a yes. The law cares about a specific kind of consent: clear, informed, and provable. “They opted in somewhere” is precisely the phrase that turns into a settlement, because when a recipient says they never agreed, somewhere is not something you can point to. Let’s break down what actually counts.

Strip the TCPA down and valid marketing consent has three qualities. Miss any one and you’re exposed.

It has to be affirmative. The consumer has to take a real action to agree — actively check a box, accept a clear banner, reply YES. A pre-checked box they never touched, or a default they had to notice and turn off, isn’t agreement. Silence and inertia aren’t consent.

It has to be informed. They have to understand what they’re agreeing to — that they’ll be contacted, by whom, and roughly for what. Permission buried in fine print they never read, or bundled into a wall of terms, doesn’t clear the bar. The FCC’s guidance on unwanted calls and texts reflects how seriously regulators treat that clarity.

It has to be provable. This is the one shops forget. If a recipient claims they never agreed, the burden is on you to show they did. A gut feeling, a screenshot of a generic form, or “our vendor said they consented” doesn’t hold up. Provable means a record: who agreed, when, and to what.

A consent that’s affirmative and informed but not documented is nearly as risky as no consent at all, because in a dispute you can’t produce it. All three qualities have to travel together.

What clearly does not count

It’s easier to spot valid consent by ruling out the common fakes:

  • Pre-checked boxes and fine print. If the person didn’t actively, knowingly agree, it’s not affirmative or informed.
  • Implied consent from unrelated activity. Someone visiting your website, or once calling for a quote years ago, hasn’t agreed to ongoing marketing texts.
  • Purchased or shared lists. Any consent belongs to whoever collected the name, on terms you never set and can’t produce. “We bought the list” is not a defense.
  • Consent for one purpose stretched to another. Agreeing to a one-time appointment reminder isn’t agreeing to a promotional blast.

There’s a hard lesson in the enforcement record about where leads come from. When the FTC reached a $7.2 million settlement with Angi’s HomeAdvisor — a consent order, with over $3 million refunded to pros — the issue was deceptive claims about lead quality and source. The provenance of a lead, and whether the person behind it actually consented, isn’t a detail you can outsource to a vendor and forget.

Why the stakes make guessing expensive

The reason this precision matters is the penalty structure. The TCPA carries statutory damages of $500 to $1,500 per unsolicited call or text, and it includes a private right of action — the recipient can sue you directly, per message, with no regulator needed. So a “consent” that doesn’t hold up isn’t a warning; it’s per-message arithmetic that ends in a five- or six-figure number fast.

And the same theme runs through privacy enforcement beyond the phone. California’s wiretap law, CIPA, carries $5,000 per violation for tracking people without permission, and Texas reached a $1.375 billion settlement with Google over data collected without consent. Different laws, same principle: the penalty is for acting on people who never gave a real, provable yes.

The fix isn’t a cleverer disclaimer. It’s a record. Provable consent looks like a line you can pull up on demand: this person affirmatively accepted a clear banner on your site, at this timestamp, agreeing to be contacted for this purpose. That’s an express, documented opt-in — the thing that turns a scary demand letter into a five-minute reply.

That’s the entire premise behind consent-first capture. Consent Resolve identifies only the visitors who actively accept a clear consent banner, logs a timestamped record held in a 7-year audit trail, and hands you an email-grade lead — a name and a consented email, never a phone number to cold-dial. Each lead is a flat $7, exclusive to you, never resold, and the proof of consent travels with it. Contrast that with a bought list, where the consent, if any, belongs to someone else and you inherit only the liability.

Following up by email into the funnel you already run is itself a risk reducer: it keeps you out of the cold-calling and mass-texting behavior the TCPA scrutinizes hardest, and it means every contact is someone who said yes on your site, with the record to show it. Consent Resolve is built to the GDPR standard — whose maximum fine reaches €20 million or 4% of global revenue — so the stricter European bar handles the U.S. rules by default. Every figure here is sourced on our stats page.

Even a valid, documented yes has limits, and this is where careful shops still trip. Consent is specific and it can be withdrawn. If a homeowner agreed to hear from you and later replies “stop” or unsubscribes, that yes is over — continuing to contact them turns a compliant relationship back into a violation. So a real consent system isn’t just a collection of opt-ins; it’s a living record that also tracks opt-outs and honors them promptly. A timestamped log that captures the yes but ignores the later no is only half a defense.

The scope matters too. Consent to be contacted about a specific service isn’t blanket permission to market anything forever, and consent given on your site is for your shop, not for a partner or a list buyer you might sell to later. Keeping consent narrow and honest — this person, this business, this purpose, until they say otherwise — is what keeps it defensible over time. It’s also just decent treatment of a customer, which is the same instinct that earns the referral in the first place. The shops that get this right don’t think of consent as a one-time checkbox; they think of it as an ongoing agreement they’re obligated to keep, and they build the record to prove they kept it.

The rule to remember

If you can’t answer “did this person clearly agree, and can I prove it?” with a documented yes, you don’t have TCPA consent — you have a guess, and guessing is the expensive part. Capture on affirmative, informed, recorded consent; follow up by email; keep the receipt on every lead. That’s the difference between a contact you can defend and a text you’ll regret. See why consent-first protects your shop, and weigh it against what your current lead channels actually cost — in fees and in exposure.

This article is general information, not legal advice. For your specific situation, consult an attorney.

FAQ

Frequently asked questions

Generally no. Valid consent for marketing calls and texts has to be a clear, affirmative agreement where the consumer knew what they were signing up for. A box they never actively checked, or permission buried in fine print they didn't read, is exactly the kind of 'consent' that falls apart when challenged — and the burden of proving they agreed is on you.