Skip to content
TCPA Compliance for Recruiting SMS: Consent, Opt-Out & Quiet Hours | ATS Mako
ATS Mako
TCPA Compliance Guide

Text Fast.
Stay Compliant.

Everything recruiting teams need to run TCPA-compliant SMS outreach - consent capture, automatic opt-out handling, quiet hours, and a full audit trail, built into the platform so compliance is never an afterthought.

No setup fees. No long-term contracts. Full feature access from day one.

Why This Matters

SMS is recruiting's fastest channel - and its most regulated one.

The Telephone Consumer Protection Act (TCPA) imposes strict rules on automated text messages. For recruiting teams using SMS to reach hundreds or thousands of candidates, non-compliance is not a legal technicality - it is a material financial risk. Each unsolicited message carries a statutory penalty, and class-action exposure scales with your send volume.

This guide covers the five pillars of TCPA compliance for recruiting SMS: what each rule requires, where recruiting teams typically get it wrong, and how ATS Mako enforces compliance at the platform level so your team can move fast without legal exposure.

$500
per violation

Statutory minimum per unsolicited text under TCPA - up to $1,500 for willful violations.

8am-9pm
local time only

TCPA restricts automated messages to this window in the recipient's own time zone - not yours.

5 pillars
of SMS compliance

Consent, opt-in language, STOP handling, quiet hours, and audit trails - all enforced in one platform.

The 5 Pillars

What TCPA actually requires from recruiting teams.

Compliance is not a single checkbox. These five requirements work together - miss any one of them and the others do not protect you.

Prior Express Written Consent

TCPA requires that before you send a single recruiting text, the candidate must have given prior express written consent to receive automated SMS messages from your organization. Verbal consent is not enough. A checkbox buried in fine print is not enough. The consent must be clear, conspicuous, and standalone - not bundled with other terms. On every ATS Mako Apply Here page, you can display a purpose-built consent statement at the point of application, so the record is captured at the exact moment a candidate opts in to your recruiting pipeline.

Compliant Opt-In Language

The language candidates see when they consent matters. It must name the sender, describe the type of messages they will receive (recruiting updates, interview scheduling, status notifications), state that message and data rates may apply, and explain how to opt out. ATS Mako's lockable template system lets you standardize TCPA-compliant consent copy across every application form, every recruiter, and every location - so the language is always legally sound and on-brand. Update once, deploy everywhere.

STOP Opt-Out Handling

Every outbound recruiting text must include a clear opt-out instruction - typically "Reply STOP to unsubscribe" - and your platform must honor that reply immediately and permanently. No more texts to that number, ever. ATS Mako processes STOP replies automatically: the candidate's record is flagged, outbound automation rules exclude them from every future campaign, and the opt-out is logged with a timestamp for your compliance records. No recruiter intervention required. No accidental re-engagement.

Quiet Hours and Time-of-Day Rules

TCPA restricts automated calls and texts to between 8 a.m. and 9 p.m. in the recipient's local time zone. Some states - including California, Florida, and New York - impose stricter windows. Sending a mass SMS blast at 7 a.m. your time to candidates three time zones away is a violation. ATS Mako's outbound scheduling engine enforces configurable quiet-hours windows at the platform level, not just as a setting recruiters can forget. Automations queue and release only within the approved window for each recipient's location.

Record-Keeping and Audit Trails

If your compliance is ever challenged, you need to prove it. That means being able to show exactly when a candidate consented, what disclosure language they saw, when a message was sent, and when an opt-out was processed. ATS Mako logs every SMS event - sent, delivered, replied, opted out - in a timestamped activity feed tied to the candidate profile. Your consent records, opt-out history, and full message thread are always one click away.

Risk vs. Compliance

What risky looks like - and what compliant looks like.

Most TCPA violations in recruiting are not malicious - they are the result of fragmented tools and no platform-level guardrails. Here is where teams typically break the rules and what the correct approach looks like.

Consent capture
Risky

A generic "I agree to terms" checkbox at application. Consent is bundled, vague, and does not name the sender or message type.

Compliant

A standalone, purpose-specific consent statement at point of application naming the sender, message type, and opt-out instructions. Captured and timestamped in the applicant record.

Opt-in language
Risky

Recruiter-written SMS templates vary by rep. Some include opt-out instructions; some do not. No centralized standard.

Compliant

Lockable template library enforces approved opt-out language in every outbound message. Legal sections cannot be edited or deleted by individual recruiters.

STOP handling
Risky

A recruiter manually checks for STOP replies and removes the number from a spreadsheet - sometimes days later. Risk of texting an opted-out candidate again.

Compliant

Platform-level STOP processing: reply detected, opt-out flagged, and all future automations for that number halted in real time. Logged with timestamp.

Time-of-day compliance
Risky

A recruiter schedules a mass SMS for 7 a.m. their local time without accounting for candidate time zones. Recipients in eastern states receive texts before 8 a.m.

Compliant

Quiet-hours rules enforced at the platform level by recipient time zone. Automations queue and release only within the approved 8 a.m. to 9 p.m. window.

Do Not Contact lists
Risky

Opted-out numbers live in a separate spreadsheet. When a recruiter imports a new bulk list, opted-out numbers get re-added without a cross-check.

Compliant

Platform-level suppression list is applied automatically on every outbound send. No opted-out number can be re-messaged, regardless of import source.

Audit trail
Risky

No centralized record of who consented, when, or what language they saw. Opt-out timestamps exist only if the recruiter noted them manually.

Compliant

Every SMS event - sent, delivered, replied, opted out - is logged with a timestamp in the candidate profile. Consent records and opt-out history are retrievable at any time.

How It Works in ATS Mako

Compliance built into every step - not bolted on at the end.

ATS Mako enforces TCPA requirements at the platform level so recruiters can move at full speed without managing a compliance checklist manually.

Apply

Consent captured at the source

A candidate applies through your branded Apply Here page. The TCPA consent statement is displayed at the point of submission - standalone, clearly worded, and timestamped. The opt-in record is stored in the applicant profile the moment they hit submit.

Confirm

Opt-in confirmation sent

An automated confirmation SMS goes out with the sender name, a brief description of the messages they will receive, and opt-out instructions. This double-confirmation step reinforces consent and starts the candidate relationship on the right foot.

Engage

Compliant outreach, every time

All outbound SMS messages use templates from the lockable library - compliant opt-out language included by default. Quiet-hours rules hold any message that would fall outside the 8 a.m. to 9 p.m. local window and release it the next morning.

Respond

STOP replies handled automatically

If a candidate replies STOP, UNSUBSCRIBE, CANCEL, END, or QUIT, the platform flags the opt-out in real time, halts all automation rules for that number, and logs the event. No recruiter involvement needed. No risk of accidental re-engagement.

Audit

Full records, always available

Every consent record, message, delivery receipt, and opt-out timestamp lives in the candidate profile - searchable and exportable. If compliance is ever questioned, your evidence is one click away.

Conversational SMS

Every reply in one inbox. Every opt-out logged.

ATS Mako's two-way conversational inbox surfaces every candidate reply alongside their full profile, pipeline status, and resume - so recruiters never lose context, and every STOP reply is processed instantly before the next send.

  • STOP replies trigger immediate suppression - platform-wide, not recruiter-by-recruiter.
  • Quiet-hours enforcement is automatic: late sends queue and release at 8 a.m. local time.
  • Lockable message templates ensure opt-out language is always present.
  • Consent records and opt-out timestamps stored in every candidate profile.
  • Full SMS event log: sent, delivered, replied, opted out - timestamped and searchable.
ATS Mako two-way SMS inbox showing a candidate conversation with opt-out handling and status tracking
ATS Mako branded Apply Here page with TCPA consent statement at point of application
Apply Here, Anywhere

Capture consent where candidates apply.

Every ATS Mako Apply Here page is a compliant entry point to your recruiting pipeline. Give every office its own branded application page - display your logo, contact details, and a TCPA-compliant consent statement in one place.

Share it in job postings, social media, recruiting campaigns, QR codes on flyers, text messages, and emails. Every submission captures consent at the moment of application - timestamped and stored automatically, so your audit trail starts before the first message is sent.

  • One Apply Here page per office or location.
  • Branded to you: your logo, colors, and domain.
  • TCPA consent statement displayed and recorded at submission.
  • Works across job boards, social, QR codes, and direct links.
Common Questions

TCPA questions recruiting teams actually ask.

Does TCPA apply to recruiting text messages?

Yes. The Telephone Consumer Protection Act applies to any automated or prerecorded text message sent to a cell phone, including messages sent for recruiting purposes. If you use an automated SMS platform to reach candidates - status updates, interview scheduling, outreach campaigns - TCPA compliance is not optional. Courts and the FCC have consistently held that recruiting texts sent via autodialer or automated platform fall within TCPA's scope.

What is the difference between prior express consent and prior express written consent?

For informational or non-marketing texts, prior express consent (verbal or written) is generally sufficient under TCPA. However, the safer and most defensible standard for recruiting outreach - especially when messages promote a job opportunity or a specific role - is prior express written consent. This means a signed agreement (digital is fine) in which the candidate explicitly agrees to receive automated texts from your organization. Many compliance attorneys recommend treating all recruiting SMS as requiring written consent to eliminate ambiguity.

What opt-out language must I include in recruiting texts?

At minimum, every initial outbound message should include a clear opt-out instruction such as "Reply STOP to unsubscribe" or "Text STOP to stop receiving messages." The platform must then honor STOP, UNSUBSCRIBE, CANCEL, END, and QUIT as recognized opt-out keywords and cease all future messaging to that number immediately. Subsequent messages in an ongoing thread do not need to repeat the opt-out instruction every time, but best practice is to include it at least in the first message of each new conversation or campaign.

What are the TCPA quiet hours for text messages?

TCPA restricts automated telephone calls and messages to between 8 a.m. and 9 p.m. in the recipient's local time zone. For SMS recruiting, this means you must calculate the candidate's time zone, not your own. State laws in California, Florida, Texas, and others may set narrower windows. The safest approach is to enforce quiet hours by recipient time zone at the platform level - so recruiters cannot accidentally schedule a mass send that violates the rule for candidates in other time zones.

What are the penalties for TCPA violations in recruiting?

TCPA violations carry statutory damages of $500 per violation and up to $1,500 per willful violation - and each individual text message counts as a separate violation. A single mass SMS campaign sent to 5,000 candidates without proper consent could expose an organization to $2.5 million to $7.5 million in statutory damages. Class action lawsuits are common because the per-message structure means large plaintiff classes quickly produce significant aggregate damages. Compliance is not a back-office formality - it is a material financial risk.

How does ATS Mako help recruiting teams stay TCPA-compliant?

ATS Mako enforces compliance at the platform level rather than relying on individual recruiters to remember the rules. Consent is captured at point of application via branded Apply Here pages. The lockable template library ensures opt-out language is always present in outbound messages and cannot be stripped by individual users. STOP replies trigger immediate, automated suppression with a timestamped log. Quiet-hours rules hold outbound automations until the approved local window. And every SMS event is recorded in the candidate profile for a complete audit trail - so your compliance documentation is built as a byproduct of normal recruiting activity.

Pressure-test

The pre-send TCPA compliance checklist

Run every recruiting SMS campaign through these eight checks before it goes out.

  • Capture prior express consent at the point of application, with your brand named.
  • State the purpose of the texts and that message and data rates may apply.
  • Include a clear opt-out instruction ("Reply STOP to unsubscribe").
  • Stop sending immediately and permanently when a candidate opts out.
  • Confine outbound texts to reasonable, business-style hours by time zone.
  • Keep a timestamped log of consent, messages, replies, and opt-outs.
  • Use template sections for legal and EEO language that staff cannot strip or alter.
  • Review your process with your own counsel before you scale a campaign.

Educational, not legal advice — confirm your process with your own counsel before you scale a campaign.

"The service is already great and is being improved daily to fit our exact recruiting needs. The support the Mako team provides is next to none. Extremely fast to respond and very willing to listen to and implement any suggestions."
Clayton, Buckeye Better Business
Get Started

Stop worrying about TCPA. Start closing.

ATS Mako handles consent capture, opt-out enforcement, quiet-hours rules, and audit trails automatically - so your team moves fast and stays protected. Designed for speed. Built for scale.

No credit card required. Guided onboarding included.