Last updated 2026-07-10

TL;DR
A TCPA-compliant landing page disclosure sits right next to the submit button, names every seller or caller who will contact the consumer, describes the call and text methods they agree to, and makes consent optional rather than a condition of getting a quote. Miss any of those pieces and you face $500 to $1,500 per call or text under 47 U.S.C. § 227.
What does TCPA actually require on a landing page?
The TCPA never mentions landing pages. It bans autodialed or prerecorded calls and texts to cell phones for telemarketing without the called party's "prior express written consent," codified at 47 U.S.C. § 227 [1]. The FCC's 2012 rule spelled out what that written consent has to look like, and its 2023 one-to-one consent rule (effective January 2025, with plenty of legal turbulence since) pushed the bar higher [2].
For a landing page, the requirements come down to four things. The consumer has to clearly agree to receive autodialed or prerecorded calls or texts. That agreement cannot be a condition of buying anything or getting a quote. The disclosure has to identify who will contact them. And the consumer has to take an affirmative action, like ticking a checkbox or pressing a labeled submit button, that counts as a written signature under the E-SIGN Act [3].
People ask whether a buried footer link counts. It doesn't. The FCC's rules and the courts reading the TCPA require the consent language to be clear and conspicuous, meaning a normal person would actually see and understand it before hitting submit [4]. Six-point gray text under a footer fails that test. Courts have tossed consent defenses precisely because the disclosure was not visible without scrolling.
The short version: the disclosure belongs right there, directly next to the button the user clicks.
What exact language should the TCPA disclosure say?
There's no FCC-approved template. That's good news (you get flexibility) and bad news (you have to get it right yourself). FCC orders and class action outcomes point to a set of parts every compliant disclosure carries.
Here's what the language has to cover, broken into pieces:
Who is contacting them. Name, or give a clear way to identify, each company that will use this consent to call or text. After the FCC's January 2025 one-to-one consent rule, consent given to a lead aggregator can't be shared across multiple downstream buyers under one checkbox [2]. Each seller needs its own consent. One buyer? Name that buyer. A multi-buyer lead marketplace? You likely need a different consent architecture entirely.
What methods will be used. Say you'll contact them using an automated telephone dialing system (autodialer), prerecorded messages, text messages, or whatever actually applies. Don't list methods you don't use. Don't leave out any you do.
What the contact is for. A short statement of purpose, like "regarding [product or service]," is standard and protects you if a consumer later claims they didn't understand what they agreed to.
That consent isn't required. This one is non-negotiable. The TCPA's implementing regulations at 47 C.F.R. § 64.1200(f)(9) define "prior express written consent" so that the consumer can't be forced to consent in order to get goods or services [6]. Your disclosure has to say something like "You are not required to consent as a condition of purchasing any property, goods, or services."
A reference to your privacy policy and terms. Linking to these is standard. Make sure the links work and the documents are current.
A working example: "By clicking 'Get My Free Quote,' I agree that [Company Name] may contact me at the phone number I provided using automated dialing technology, prerecorded messages, or text messages for insurance-related inquiries. I understand that consent is not a condition of any purchase. Message and data rates may apply. I may opt out at any time by replying STOP."
That example runs about 60 words. You can go shorter. You can go longer. You can't be vague.
Where exactly on the page should the disclosure appear?
Placement matters as much as language. The FCC and courts use the "clear and conspicuous" standard, which has two working tests: a consumer should see it without effort, and understand it without specialized knowledge [4].
The highest-risk mistake is putting the disclosure below the fold and below the submit button. If a user can submit the form without ever seeing the language, courts have found no valid consent was given. The cash app tcpa class action settlement and other large TCPA settlements often trace back to exactly this kind of flawed placement.
Safest placement is directly above or directly below the submit button, inside the form container. Not the page footer. Not a pop-up users can dismiss without reading. Right there, next to the action.
Font size is a real issue. The FTC's guidance on online disclosures says disclosures should be near the claim they modify, hard to miss, and easy to read, which in practice means disclosure text at least as large as the surrounding body copy, usually no smaller than 12px on desktop, with real contrast [5]. Dark gray on white works. Light gray on light gray doesn't.
If you use a checkbox model (more below), the disclosure text sits next to the checkbox, and the box has to start unchecked. A pre-checked box isn't affirmative consent.
Mobile is where most conversions happen now, and where most disclosure failures happen too. Test your form on a 375px-wide viewport. If the user has to scroll past the submit button to see the disclosure, or the font renders below 11px, fix it before you take a single lead.
Should you use a checkbox or can the button itself be the consent mechanism?
Both approaches hold up when done right, and both have tradeoffs that hit your conversion rate and your legal exposure.
The button-as-consent model puts the disclosure right above or below the submit button and uses language like "By clicking 'Submit,' you agree to..." Fewer clicks, usually better conversion. The legal risk climbs if your disclosure is at all ambiguous or hard to see, because there's no separate affirmative act pointing specifically at consent.
The separate checkbox model adds one click but builds a cleaner record. The consumer ticks a box labeled with the consent language, then submits. Courts and plaintiff attorneys have a harder time arguing the consumer didn't understand consent when there's a dedicated checkbox. The conversion cost is real but usually smaller than people expect, often a few percentage points depending on the funnel.
My honest recommendation: use a separate, unchecked checkbox any time you're feeding leads to automated dialing programs or sharing leads with multiple buyers. The conversion cost is real. So is the difference in defensibility if you ever face a tcpa lawsuit.
Whatever model you pick, log the timestamp, IP address, form data, and consent language version the consumer saw at submission. If you can't prove what a specific consumer agreed to on a specific date, the consent is worth almost nothing in litigation.
How does the FCC's 2024/2025 one-to-one consent rule change landing page requirements?
The FCC adopted its one-to-one consent rule in December 2023, with an original January 27, 2025 effective date [2]. The rule requires that when a consumer gives prior express written consent through a comparison shopping site or lead generator, that consent be specific to one named seller at a time, not a blanket consent shared across a list of buyers.
That's a big change for lead generation pages. The old model, where a consumer checks a box agreeing to be contacted by "our network of trusted partners," fails the new rule. Each seller has to be named and individually consented to.
A legal challenge from the Insurance Marketing Coalition led the Eleventh Circuit to vacate part of the rule in early 2025, which created genuine uncertainty about enforcement [7]. The FCC hasn't formally rescinded the one-to-one requirement as of mid-2025, and several state attorneys general have signaled they may pursue similar requirements under state law no matter what happens federally.
Practically, that means two things for your page. If you sell leads to multiple buyers, get legal counsel into your consent architecture now, not after your first demand letter. And building toward the stricter standard (named sellers, individual consent) is the lower-risk path regardless of how federal enforcement shakes out, because state law is moving the same direction.
For single-seller pages where you both collect the lead and make the call, the one-to-one rule is mostly a non-issue. Name yourself, describe your contact methods, and you're fine on that front.
What are the real financial stakes if your TCPA disclosure is wrong?
Statutory damages under 47 U.S.C. § 227 run $500 per violation for negligent violations and $1,500 per violation for willful or knowing ones [1]. Each call or text is a separate violation. A list of 50,000 people, each of whom got two texts from a broken consent program, is 100,000 violations at $500 minimum. That's $50 million in statutory exposure before anyone adds attorneys' fees.
Class actions make it worse. The credit one tcpa settlement shows how fast these cases scale. Large TCPA class settlements routinely land in the tens of millions, and the plaintiff bar is good at finding pages with defective disclosures, submitting the form, and building a class.
Small teams think they're not targets. They're wrong. Plaintiff attorneys don't sort by company size. They sort by whether the consent records hold up. A 10-person insurance agency running Facebook ads with a bad disclosure is just as actionable as a Fortune 500 name.
Here's the good part: valid consent is a complete defense. A consumer who genuinely, clearly, and verifiably agreed to your calls has a much harder time winning. The whole point of a correct landing page disclosure is building that defense record before you ever need it.
How do you keep conversion rates high while staying compliant?
This is the question everyone actually wants answered, because compliance and marketing tend to fight about it. The honest answer: compliant disclosures do cost some conversions, and anyone who tells you otherwise is selling something.
The cost of a well-written, well-placed disclosure is much smaller than most marketers fear. A few things that genuinely help:
Keep the language plain. Legalese reads as a warning sign. "We may contact you" beats "the undersigned hereby authorizes automated telephonic communications." Plain language raises both trust and completion rates.
Lead with value, not the disclaimer. Put your headline, your offer, and your form fields above the disclosure. The disclosure sits next to the submit button, which is usually lower on the page. A consumer who has already typed their name and phone number is committed. At that point the disclosure is a speed bump, not a wall.
A/B test the button copy. "Get My Free Quote" beats "Submit" in most tests, and the button copy can anchor the consent language naturally ("By clicking 'Get My Free Quote,' you agree to...").
Don't hide the disclosure to lift conversions. Sounds obvious. Teams under revenue pressure still do it. Hiding it trades a fraction of a point in conversion for exponentially larger legal risk. Bad trade.
The text message marketing space has the most data on this tradeoff. Programs with transparent, plain-language consent flows tend to produce better leads anyway, because the people who read and accept the terms are the ones who pick up when you call or text.
Tools like LeadCompliant's free consent language checker scan your existing disclosure against current FCC requirements and flag gaps before you run traffic. That's a cheaper way to catch problems than waiting for a demand letter.
What records do you need to keep to prove consent later?
The burden of proving consent sits on the party making the call or sending the text, not on the consumer. That's how TCPA litigation works: when a plaintiff says "I never consented," you have to produce the evidence that they did.
Minimum records for each lead:
- Timestamp of form submission (to the second, in UTC)
- IP address of the submitting device
- The exact form data submitted (name, phone, email)
- The version of the consent language shown at submission (if you've ever changed your disclosure, you need to know which version a given consumer saw)
- The page URL and any UTM parameters that identify the traffic source
- For checkbox models, a server-side log that the box was checked, more than client-side JavaScript
Store these for at least four years. The TCPA carries a four-year federal statute of limitations (28 U.S.C. § 1658, the general federal question limit, applies to TCPA claims), and some state claims run longer [8].
A common failure point is lead aggregators who pass a lead but not the consent record. If you buy leads, your vendor contract has to require them to hand over the consent documentation with each lead, and you have to actually receive and store it. "We got the lead from a vendor" is not a TCPA defense.
Some companies use third-party consent management platforms that generate a tamper-evident certificate for each submission. Not required, but far easier to produce in discovery than reconstructing logs from three different systems.
Do state laws add requirements beyond the TCPA?
Yes, and this is where small teams get blindsided. Several states run their own telemarketing and auto-dial statutes that sit alongside or exceed federal TCPA rules.
Florida's Telephone Solicitation Act (FTSA) has its own prior express written consent requirement for calls and texts to Florida numbers, and Florida's private right of action set off a wave of lawsuits after a 2021 amendment broadened the statute's reach [9]. Washington, Oklahoma, and other states have similar statutes with their own damage provisions.
California's CCPA and CPRA add a consent and opt-out framework for personal data that overlaps with your lead collection, even though they aren't strict TCPA analogs [10].
The upshot: if you run national lead generation, your disclosure and consent records have to clear federal TCPA as the floor, and you should have counsel review the specific states where you take the most volume. A Florida-heavy insurance lead program carries meaningfully different exposure than the same program running mostly in Texas.
Make sure your disclosure includes a clear opt-out ("reply STOP to opt out of texts") and that your backend actually processes those opt-outs right away. States including Florida treat ignoring an opt-out as a separate, independent violation.
What does a side-by-side comparison of compliant vs. non-compliant disclosures look like?
The gap between a defensible disclosure and a lawsuit magnet is often subtle. Here's a direct comparison of common patterns:
| Element | Non-Compliant Version | Compliant Version |
|---|---|---|
| Caller identification | "our partners" | "[Named Company LLC]" |
| Contact methods listed | "contact you" | "call or text you using an autodialer or prerecorded message" |
| Consent conditionality | No opt-out mention | "Consent is not required to receive a quote" |
| Placement | Footer of page | Adjacent to submit button |
| Checkbox default | Pre-checked | Unchecked |
| Font size | 8px gray on white | 12px, same color family as body text |
| Consent record | Not logged | Timestamped, IP-logged, version-matched |
| Opt-out instructions | Not mentioned | "Reply STOP to opt out" |
The non-compliant version looks familiar because it's everywhere. A big chunk of lead generation pages in insurance, mortgage, solar, and home services still use language like "our partners may contact you" without naming anyone. Courts have rejected that language in multiple TCPA cases as too weak to establish prior express written consent for specific callers.
You can check your own current disclosure against the FCC's requirements using the free tools at LeadCompliant before your next traffic push.
What about TCPA compliance for cold calling vs. form-generated leads?
Your landing page disclosure only covers inbound consent, meaning people who chose to fill out your form. It does nothing for cold calling to people who've never touched your brand.
For outbound cold calling, the rules are different. You have to scrub your call lists against the National Do Not Call Registry, keep your own internal do-not-call list, and follow the calling-hour limits (8 a.m. to 9 p.m. local time for the called party) [6]. The do not call list and mobile phone do not call list articles cover those in detail.
For cold calling specifically, if you're dialing cell numbers with an autodialer, you need prior express written consent even when those numbers aren't on the DNC list, because the TCPA's cell phone restrictions are separate from and stricter than the DNC rules. A cell number that's not on the DNC list is still protected from autodialed calls without consent.
The landing page disclosure is your consent mechanism for the inbound side. A compliant cold call program needs a different legal basis, usually either an established business relationship (which has limits) or consent gathered through some other documented channel.
How do you audit an existing landing page for TCPA compliance?
Got a page already running and not sure the disclosure holds up? Here's an audit you can run yourself in under an hour.
Step 1: Screenshot the page at 1440px desktop and 375px mobile. Look at where the disclosure lands relative to the submit button and the fold. If you can't see the disclosure without scrolling on either viewport, that's a critical fix.
Step 2: Read the disclosure literally. Does it name who will contact the consumer? Does it specify the methods (autodialer, prerecorded, text)? Does it say consent isn't required? Any of those missing gets marked as a gap.
Step 3: Pull up your CRM or lead management system. Grab three leads from the past 90 days. For each one, can you produce the exact submission timestamp, the IP address, and the consent language version they saw? If the answer is no for any of them, your records system needs work before your disclosure language even matters.
Step 4: Test your opt-out. Text STOP to your own program. Does it stop within one business cycle? Is that opt-out logged and honored in your dialing system?
Step 5: Check your lead vendor contracts. If you buy leads, does each contract require the vendor to provide consent documentation? Have you actually received and stored it for recent batches?
This audit doesn't replace legal review, and nothing here is legal advice. But it surfaces the most common gaps plaintiff attorneys look for when they decide whether a TCPA case against you is worth filing.
Frequently asked questions
Can I use a pre-checked checkbox to capture TCPA consent on my landing page?
No. A pre-checked box isn't affirmative consent under the TCPA. The FCC's definition of prior express written consent requires the consumer to take a deliberate action, like checking an empty box or clicking a labeled button, that signals agreement. A box already checked when the page loads doesn't meet that standard. Courts have rejected consent defenses built on pre-checked boxes in multiple TCPA cases.
Does TCPA consent on a landing page expire?
The TCPA sets no fixed expiration for consent. Courts and the FCC have signaled that consent can go stale if a lot of time passes or if the contact changes materially from what the disclosure described. In practice, most programs treat consent older than 24 months as needing renewal. If a consumer explicitly revokes consent, that revocation is effective immediately and can't be overridden.
What phone number types does TCPA consent on a landing page cover?
TCPA prior express written consent for autodialed or prerecorded calls covers cell phone numbers. Landlines also require prior express written consent for prerecorded telemarketing calls under the 2012 FCC rules, though the autodialer restrictions apply mainly to wireless numbers. Your disclosure should cover both call and text to be safe, since most consumers give a cell number on web forms and texts to cell phones always require consent.
What happens if a consumer gives TCPA consent and then revokes it?
Revocation is effective immediately and has to be honored. The FCC's 2015 TCPA Omnibus Declaratory Ruling held that consumers can revoke consent through any reasonable means, including replying STOP to a text, saying stop verbally on a call, or sending a written request. You get a reasonable time to process it but cannot keep contacting the consumer in the interim. Ignoring revocation is treated as willful, which carries $1,500 per contact.
Can I use the same TCPA consent to contact someone via both calls and texts?
Yes, if your disclosure explicitly covers both. The language has to name each method you intend to use: autodialed calls, prerecorded calls, texts, or all three. If your disclosure only mentions calls and you also send texts, you don't have valid consent for the texts. List every method you actually use, and skip the ones you don't, since claiming methods you never use creates its own accuracy problem.
Is a TCPA disclosure in a privacy policy enough to cover my landing page?
No. A disclosure buried in a footer-linked privacy policy fails the clear and conspicuous requirement. Courts and the FCC require the consent language to be visible where the consumer acts, meaning next to the submit button or form. Consumers who never open the privacy policy, which is nearly all of them, haven't seen or agreed to language that lives only there. Your disclosure has to be on the face of the form.
Do I need separate TCPA consent for each company that will contact the consumer?
Under the FCC's one-to-one consent rule adopted in December 2023, yes, consent has to be specific to one named seller. A blanket consent to be contacted by a 'network of partners' doesn't satisfy it. The rule faced an Eleventh Circuit challenge in early 2025 that created some uncertainty, but building toward named, individual consent per seller is the safer path regardless of how federal enforcement resolves, because state laws are trending the same way.
What is the statute of limitations for TCPA claims related to a landing page consent failure?
Federal TCPA claims generally run under a four-year statute of limitations from 28 U.S.C. § 1658, the general federal question limit. Some states have their own telemarketing statutes with different and sometimes longer periods. That's one reason to keep consent records for at least four years and ideally longer, because a consumer or plaintiff class can wait nearly four years from the date of contact before filing.
Can I use a modal pop-up or interstitial for the TCPA consent rather than inline on the form?
Technically yes, but it carries higher risk. Pop-ups consumers can dismiss without reading, or that appear before they fill in any fields, are harder to tie to the specific submission. If you use one, your records system has to log that the consumer acknowledged the pop-up before submitting, more than that it appeared on the page. Inline disclosure directly next to the submit button is cleaner and easier to defend.
What should I do if I am buying leads from a third-party vendor?
Your vendor contract has to require a consent record with each lead: the timestamp, IP address, the exact disclosure language shown, and the page URL where consent was collected. You have to receive and store those records yourself. Taking the vendor's word that consent was collected is not a TCPA defense. Review a sample of actual consent records before you commit to a vendor, and audit them periodically after.
Does adding a TCPA disclosure hurt my conversion rate significantly?
A well-written, well-placed disclosure usually costs between 2 and 8 percentage points of conversion versus a page with none, based on commonly reported industry experience. The range is wide because page design, offer quality, and traffic source matter more than the disclosure itself. Plain-language disclosures beat legalese. And the leads you keep tend to be higher quality, because people who read and accept the terms engage more when you contact them.
Are text message opt-in disclosures the same as TCPA voice call disclosures?
The core legal requirement is the same: prior express written consent for autodialed or prerecorded contact to a cell phone. But SMS programs also typically need to satisfy CTIA guidelines, which add requirements around program description, message frequency, opt-out instructions, and help keywords. If your page collects consent for both calls and texts, your disclosure should address both, and your SMS program separately needs to meet carrier requirements under CTIA standards.
What does 'clear and conspicuous' mean in practice for a TCPA landing page disclosure?
The FCC and courts apply a reasonable consumer standard: would an average person filling out this form actually see, read, and understand the consent language before submitting? In practice, the text appears near the submit button without scrolling, uses at least 12px font on desktop with readable contrast, reads in plain English rather than jargon, and isn't buried in dense text. If your UX team had to fight to make it less visible, it probably fails the standard.
Sources
- Cornell LII, 47 U.S.C. § 227 – Telephone Consumer Protection Act: TCPA statutory damages are $500 per violation and $1,500 for willful or knowing violations; prohibits autodialed or prerecorded calls to cell phones without prior express written consent
- Cornell LII, 15 U.S.C. § 7001 – E-SIGN Act, electronic records and signatures: Electronic signatures are valid consent mechanisms, which the FCC's 2012 TCPA rules rely on to define prior express written consent
- FTC, Business Guidance on advertising disclosures (.com Disclosures): FTC guidance on clear and conspicuous disclosures online, including proximity to the triggering action and visibility without scrolling
- eCFR, 47 C.F.R. § 64.1200 – Delivery Restrictions: Defines prior express written consent including prohibition on making consent a condition of purchase; sets calling hours 8 a.m. to 9 p.m. local time
- U.S. Court of Appeals, Eleventh Circuit, Insurance Marketing Coalition v. FCC (2025): Eleventh Circuit vacated part of the FCC's one-to-one consent rule in early 2025, creating enforcement uncertainty
- Cornell LII, 28 U.S.C. § 1658 – Limitation on Actions: General four-year federal statute of limitations that courts apply to TCPA claims
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida FTSA has its own prior express written consent requirement for automated calls and texts to Florida numbers, amended in 2021
- California Attorney General, California Consumer Privacy Act (CCPA): California CCPA and CPRA create consent and opt-out requirements for personal data that overlap with lead generation practices
- FTC, National Do Not Call Registry and telemarketing rules: FTC enforces do-not-call rules and telemarketing restrictions that complement TCPA requirements