Social media lead ad consent language for TCPA compliance

Get the exact consent language your Facebook and Instagram lead ads need to survive TCPA scrutiny. One missing phrase can cost $500, $1,500 per call.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-11

Hands completing a consent form at a desk with a smartphone nearby for lead compliance
Hands completing a consent form at a desk with a smartphone nearby for lead compliance

TL;DR

TCPA-compliant lead ads on Facebook, Instagram, or TikTok need a clear, visible disclosure that names your company and says the consumer agrees to autodialed calls and texts. Use an unchecked box or a submit-as-consent line. A pre-checked box or buried fine print is not consent. Damages run $500 to $1,500 per call or text, with no cap.

The TCPA, at 47 U.S.C. § 227, bans autodialed or prerecorded calls and texts to cell phones without "prior express written consent" of the called party. [1] That phrase is a term of art. The FCC has defined it across several rulemakings, and it means a lot more than getting someone to fill out a form.

The FCC's 2012 rule spelled out the pieces. Prior express written consent means a written agreement that clearly authorizes the seller to send autodialed or prerecorded messages. The agreement has to include the consumer's phone number and a clear statement that they agree to receive those messages. And you can't require the consent as a condition of buying anything. [2]

For lead ads, the working test is blunt. Could a plaintiff's lawyer hold up a screenshot of your form and argue the consumer had no idea what they signed up for? If the answer is yes, you have a problem. The bar sits higher than most marketers assume.

Start with language that tracks the statute word for word. Here's a template that works. Adapt the specifics, but keep the structure intact.

"By submitting this form, I agree to receive autodialed and prerecorded calls and text messages from [Company Legal Name] at the phone number I provided above. I understand that consent is not a condition of any purchase. Message and data rates may apply. I can opt out at any time by replying STOP."

Every phrase there earns its place. "Autodialed and prerecorded" maps to the call types in 47 U.S.C. § 227(b)(1)(A). [1] "At the phone number I provided" ties consent to the exact number on the form. "Not a condition of any purchase" hits the FCC's 2012 no-conditioning requirement. [2] "Opt out at any time" matches CTIA messaging guidelines and reads as good faith in front of a judge.

Don't collapse this into something vague like "I agree to receive communications from partners." That won't hold. TCPA class actions have survived motions to dismiss precisely because the form said "partners" or "affiliates" instead of naming the company that actually placed the calls. [3]

One more requirement: the disclosure has to be conspicuous. Six-point gray text under the submit button is not conspicuous. Courts ask whether a reasonable consumer would have seen and understood the disclosure before clicking submit. Make it readable. Make it visible. Put it right above or right below the button.

No. A pre-checked box is not valid prior express written consent under the TCPA.

The FCC's 2012 order required consent to be an affirmative act by the consumer. [2] A box that loads already checked asks the consumer to do nothing. Courts have agreed, repeatedly. If someone submits a form with a pre-checked consent box and later says they never agreed to calls, you are in a bad spot defending it.

Use an unchecked box the consumer has to click. Or use a clear statement above the submit button that makes submitting the form itself the act of consent. The submit-as-consent structure works if the disclosure is genuinely conspicuous and unambiguous. Lots of companies prefer it because it cuts friction while still meeting the affirmative-action standard.

If you do use a separate checkbox, it has to be for TCPA consent alone. Don't bundle it with a general "I agree to terms and privacy policy" checkbox. Bundling is a common mistake, and plaintiffs' attorneys look for it on purpose. [3]

TCPA consent: what the numbers mean for your lead ad campaigns Key thresholds and exposure figures under 47 U.S.C. § 227 500 $500 per call (negligent violation) 1,500 $1,500 per call (willful violation) 4 4 years: federal TCPA statute of limitations 10 10 business days: max DNC opt-out processing time Source: 47 U.S.C. § 227; FTC Telemarketing Sales Rule; 28 U.S.C. § 1658

Yes. This is the single issue that has driven the most litigation in lead generation.

The FCC reinforced in its December 2023 one-to-one consent order (FCC 23-107) that TCPA consent has to identify the specific entity making the calls. [4] The 11th Circuit stayed that order in early 2024, and as of mid-2025 the one-to-one rule's legal status is still unsettled. But the underlying principle, that consent must name the caller, has been around since the 2012 rules. Courts applied it long before 2023.

If you're a lead aggregator, a mortgage broker buying leads off a shared form, or any company dialing leads generated on someone else's page, sit with this one. A form that says "I agree to be contacted by lenders in our network" may not be valid consent for your specific company to call. That exact fact pattern is live in dozens of TCPA cases right now.

The clean answer: if your company name is not in the consent language, treat the consent as legally thin. Either get your lead vendor to add your name, or handle those leads like cold prospects and dial them the compliant way (human-dialed, no prerecorded messages, scrubbed against the do not call list).

For your own native lead ads, name your company. Every time. "[Company Name]" in the disclosure is non-negotiable.

Prior express written consent is defined at 47 C.F.R. § 64.1200(f)(9). The FCC has said an electronic record, including a checked box on a web form, counts as a written agreement, as long as it meets the E-SIGN Act. [5] E-SIGN, at 15 U.S.C. § 7001, gives electronic signatures and records the same legal effect as paper. [6]

On a social lead ad, the form submission is usually the electronic signature. Facebook and LinkedIn lead ad forms let you add custom disclaimer text. That disclaimer, visible before the submit button, meets the written requirement if it carries the content pieces described above.

Here's the risk nobody plans for: you have to be able to prove the consent happened. That means storing the consumer's name, phone number, the exact disclosure text they saw, the timestamp, and ideally the IP address or a platform identifier. Facebook logs the submission timestamp. It does not store a screenshot of the form as the consumer saw it. Save that yourself, version it, and keep it for at least four years, the federal TCPA statute of limitations. [7]

If you can't prove what your consent language said on the day a specific lead submitted, you can't prove consent. Solve that before a lawsuit, not during one.

The layout matters as much as the words. A defensible lead ad form has a few things in common.

  • A visible consent block, at least the same font size as the rest of the form, placed right above or below the submit button
  • The full disclosure text, not a hyperlink to "terms" or a "see more" toggle that hides the key language
  • Either an unchecked checkbox labeled for TCPA consent, or a submit-as-consent structure where the button text itself references the consent ("Submit and agree to contact")
  • No pre-checked boxes anywhere on the form
  • The company's legal name spelled out, not a trade name that doesn't match the entity placing calls

For Facebook and Instagram lead ads, the native form builder gives you a custom privacy policy link and a custom disclaimer. Put your TCPA consent language in the disclaimer field. Don't lean on Facebook's generic "By submitting..." line. It does not meet the TCPA standard.

LinkedIn lead gen forms have a similar custom disclaimer field. TikTok's instant forms support custom language too. Fill these in. They aren't decoration.

PlatformConsent field available?Supports unchecked checkbox?Notes
Facebook / Instagram Lead AdsYes (custom disclaimer)No (submit-as-consent only)Add full TCPA language in disclaimer field
LinkedIn Lead Gen FormsYes (custom disclaimer)NoSame structure as Facebook
TikTok Instant FormsYes (custom disclaimer)NoRelatively new; audit regularly
Google Lead Form ExtensionsLimitedNoLess flexible; consider linking to landing page

Google lead form extensions are the weakest option for capturing consent. The custom text field is short and you get less control over layout. For high-volume outbound, a dedicated landing page with a full consent form is more defensible than any native social form.

The TCPA sets statutory damages at $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. [1] Each call or text is its own violation. There is no cap.

The math turns ugly fast. Call 10,000 leads with defective consent, and a willful finding puts theoretical exposure at $15 million. Real settlements land lower because defendants negotiate, but they stay large. The cash app tcpa class action settlement and the credit one tcpa settlement show how these cases actually resolve.

TCPA cases draw plaintiffs' firms for three reasons. One defective consent form affects every lead on a campaign, so the class builds itself. Statutory damages are automatic, so nobody has to prove actual harm. And carrier records exist, so the defendant can't quietly make the calls disappear.

Small companies are not safe. Plaintiffs' firms have gone after mortgage brokers, insurance agents, and home services outfits with tiny operations. Campaign size matters less than defect size. One broken consent form running for six months is more dangerous than a big campaign with tight compliance.

The FCC adopted the one-to-one consent rule in December 2023 (FCC 23-107). It would have required TCPA consent to name a single, specific seller rather than a category of sellers or a vague "marketing partners" list. [4] The 11th Circuit stayed the rule in January 2024, before it took effect, and the case is still in litigation as of mid-2025.

So the rule is not in force right now. Don't treat that as permission to keep using "marketing partners" language. Courts were already skeptical of it under the 2012 rules. The one-to-one rule mostly wrote down what good consent already looked like.

Here's the takeaway. If you run your own lead ads and you're the only company calling, named-company language already satisfied the existing rules and will satisfy the one-to-one rule if it ever takes effect. If you sell or share leads, the pressure for company-specific consent on the originating form only goes up, whichever way the 11th Circuit rules.

For shared-lead and aggregator models, the compliance math is genuinely harder right now, and nobody has a clean legal answer. The closest guidance is the existing FCC position that consent must be "clear and conspicuous" and must cover the actual entity placing the calls.

Can you use a social media lead ad for SMS marketing specifically?

Yes, but your consent language has to authorize text messages, not only calls. Plenty of companies run lead ads to build SMS lists for promotions, appointment reminders, or drip campaigns. The TCPA treats autodialed texts to cell phones the same as autodialed calls. [1] Separate authorization for texts is both a legal requirement and a CTIA best practice. [8]

For an SMS-specific lead ad, your language should read something like this.

"By submitting this form, I agree to receive recurring automated marketing text messages from [Company Name] at the number I provided. Consent is not a condition of purchase. Message and data rates may apply. Reply STOP to opt out."

Notice "recurring automated marketing text messages" instead of just "text messages." That phrasing tracks the TCPA's autodialer concern and the CTIA guidelines. If you're only sending a one-time confirmation text, the language can say that, but most programs send more than one message, so "recurring" is usually right.

For text message marketing programs on a short code or a dedicated long code, you also have to handle carrier registration (10DLC for long codes). That's a separate layer on top of TCPA consent, not a substitute for it.

Storing SMS opt-in records works the same as call consent: save the form text, the timestamp, and the phone number. Four-year retention, minimum.

Documentation is what separates a defensible consent program from a liability sitting on a timer. Consent you can't prove in court is consent you don't have.

At minimum, capture and store:

1. The consumer's name and phone number as submitted on the form 2. The exact disclosure text shown on the form at submission (not a link to a current version, which may have changed) 3. The date and timestamp of submission 4. The source or campaign identifier, so you can trace the record to a specific form version 5. The platform and form ID (Facebook gives each lead ad form version an ID)

For Facebook lead ads, you pull leads through the Graph API or a CRM integration. The raw lead data carries a timestamp and form ID, but not the disclosure text. So you have to keep a separate record mapping each form ID to the exact disclosure language that ran during that period. Screenshot it, version it, date it, and store it where it survives after you pause the campaign.

A free compliance audit at LeadCompliant can check whether your current consent records meet the documentation standard before a demand letter shows up.

Retention: the TCPA statute of limitations for private suits is four years under 28 U.S.C. § 1658. [7] Keep records at least that long. Some state consumer protection statutes carry longer limitations periods, so when in doubt, keep the records indefinitely or until counsel tells you otherwise.

Your lead routing system should log the consent timestamp alongside each lead record. Then if a contact claims they never consented, you pull the record and show exactly what they saw and when.

What about leads you buy from a third-party lead vendor?

This is where a lot of outbound teams walk into trouble without seeing it coming.

When you buy a lead, you inherit the vendor's consent process. If their form didn't name your company, or their language was defective, you may have no valid TCPA consent to call that person. The FCC has said sellers can't hand off consent responsibility entirely to lead generators. [4]

Before you dial any purchased leads, do three things. Get the vendor's consent form language in writing, including a screenshot of the actual form as it ran. Confirm your company name appears in that language, or that the language is narrow enough (a specific category that clearly includes you) to defend. And get a contractual representation and warranty that the leads were collected with TCPA-compliant consent.

That warranty won't stop a TCPA suit, but it hands you an indemnification claim against the vendor if you get pulled in. Small lead buyers skip this constantly and end up eating both the litigation cost and the vendor's liability.

If the vendor won't give you the consent form text and a warranty, treat those leads as unconsented. You can still call them with a human agent on a non-autodialer, but scrub them against the do not call telemarketer list and the mobile phone do not call list first. cold calling without TCPA consent is still allowed under certain rules, but it carries its own requirements.

Are there state laws that add requirements beyond the federal TCPA?

Yes. Several states run their own telemarketing and consent laws on top of the federal TCPA.

California's Invasion of Privacy Act (CIPA) imposes its own restrictions and shows up as state-law claims filed alongside TCPA claims. [9] Florida's Mini-TCPA, effective July 2021, restricts autodialed calls and texts to Florida numbers with damages up to $500 per call. [10] Washington, Texas, and Indiana all have telemarketing statutes that can run parallel to TCPA claims.

The practical effect: your consent language has to be good enough for the most demanding state you're calling into, usually California or Florida. If your language meets the federal TCPA standard and reads clearly and conspicuously, it's generally in the right territory for state law too. Still, have counsel review any state-specific campaigns.

One nuance worth knowing. Some state laws define "automatic dialing" differently and can capture systems that fall outside the Supreme Court's narrowed TCPA autodialer definition from Facebook, Inc. v. Duguid (2021). [11] State exposure didn't vanish when Duguid narrowed the federal ATDS definition. It moved. Your consent language and recordkeeping still matter for state claims even if your system arguably isn't a federal ATDS.

What's a quick checklist to audit your current lead ad consent language?

Run your current form through these questions. Any "no" or "I'm not sure" is a gap to fix.

1. Does the consent disclosure name your company by its legal name? 2. Does it mention autodialed calls or texts (or both, if applicable)? 3. Is it visible above or right next to the submit button, in readable font? 4. Does it state that consent is not a condition of purchase? 5. Does it include an opt-out instruction (STOP, unsubscribe, or similar)? 6. Is any consent checkbox unchecked by default? 7. Is the TCPA consent separate from a general terms or privacy policy agreement? 8. Do you have a stored record of the exact form language for each version? 9. Do your stored lead records include submission timestamps? 10. For purchased leads, do you have the vendor's consent form and a written warranty?

Items 1, 2, 3, and 8 trip up the most teams. The naming requirement (item 1) and the documentation requirement (item 8) are where most enforcement vulnerabilities live.

LeadCompliant's free consent checkers can help you spot gaps before they become a demand letter. Start with your highest-volume campaigns. The tcpa basics hub has more background if you're building a compliance program from scratch.

Frequently asked questions

Can I use a generic 'I agree to receive communications' checkbox to cover TCPA consent on a lead ad?

No. Generic language doesn't meet TCPA's prior express written consent standard. The FCC requires the disclosure to clearly authorize autodialed or prerecorded calls and texts specifically. Courts have rejected consent language that omits those terms. Your disclosure needs to name those call types and name your company.

No. Facebook's default form language covers its own data sharing terms, not TCPA consent for your company's outbound calling. You have to add your own custom TCPA disclosure in the form's disclaimer field. Running any outbound call campaign on Facebook lead ad contacts without adding your own consent language is a real legal risk.

At minimum four years, the federal statute of limitations for TCPA private suits under 28 U.S.C. § 1658. Some state consumer protection statutes carry longer lookback periods. Keep the exact form text, the submission timestamp, and the consumer's phone number. Deleting campaign records when you pause an ad is a common and costly mistake.

What happens if a consumer opts out and I call them again?

Calling or texting someone after they've opted out is a willful TCPA violation, carrying statutory damages of $1,500 per call. Every contact after a valid opt-out is a separate violation. You need a system that processes opt-outs within a reasonable time, typically within 10 business days for DNC requests under FTC rules, and immediately for STOP responses to texts.

If I buy leads from a vendor, am I liable for their bad consent language?

Yes, you can be. The FCC's position is that sellers cannot fully hand off consent responsibility to lead generators. If the vendor's form didn't name your company or lacked required elements, you may have no valid consent to call those leads. Get the vendor's form text in writing and a contractual warranty. Treat leads without documented consent as unconsented.

No. The FCC adopted it in December 2023, but the 11th Circuit stayed the rule in January 2024 before it took effect. As of mid-2025, it's not in force pending litigation. Courts were already skeptical of 'marketing partners' consent language under the existing 2012 rules, so named-company consent stays the safest approach regardless of how the 11th Circuit rules.

Does a phone call to a landline require the same TCPA consent as a call to a cell phone?

Partly. TCPA's prior express written consent requirement covers autodialed or prerecorded calls to cell phones and prerecorded calls to residential landlines. Autodialed calls to landlines without a prerecorded message have a lower bar (prior express consent, not written). Most outbound lead programs target cell phones, so written consent is the relevant standard for almost all social media lead campaigns.

Can I send a text message immediately after someone submits a lead ad form?

Yes, if your consent language specifically authorized text messages and covered autodialed messages. An immediate confirmation or follow-up text is generally within the scope of consent given at submission. Make sure your first text includes your company name, the nature of the messages, and a STOP opt-out instruction, which are CTIA requirements carriers enforce through 10DLC registration.

Prior express consent is the lower standard, covering informational calls to numbers voluntarily provided in a business context. Prior express written consent is required for marketing calls and texts to cell phones using an autodialer or prerecorded message. A social media lead ad for a sales campaign almost always triggers the written consent requirement. The distinction matters because the penalty exposure is the same either way if you get it wrong.

Do I need a separate disclosure for each product or service I might market?

Courts haven't required product-by-product consent, but your language should be specific enough that a consumer understands the general category of communications they're agreeing to. If you sell home insurance and auto insurance and might call about both, 'calls regarding insurance products from [Company Name]' is more defensible than a blank 'any communications' disclosure. Overly broad language increases plaintiff-friendly ambiguity.

Can a minor submit a lead ad form and give valid TCPA consent?

This is unsettled under the TCPA itself, but minors generally can't enter binding contracts under state law, which means their purported consent may be voidable. If your product or service is likely to attract minors, add an age verification step or a declaration that the submitter is 18 or older. This is also a COPPA issue separate from TCPA, especially for platforms like TikTok.

Is an email lead generation form subject to TCPA?

No. The TCPA covers telephone calls and text messages, not email. Email marketing is governed by CAN-SPAM. But if your email lead form also collects a phone number and you plan to call or text those leads, you need TCPA-compliant consent language on the same form. Many email capture forms miss this because they were designed for email compliance, not phone compliance.

This is why documenting the exact form language matters. If you have a stored record showing the consent text was visible at submission, that's your evidence. If you only have the lead data and no record of what the form said, the dispute gets much harder to win. Courts have ruled against defendants who couldn't prove what their consent language actually said at the time.

Does the TCPA apply to calls made by a human agent with no autodialer?

Mostly no. The TCPA's autodialer restrictions apply to automated equipment. A human agent manually dialing on a regular phone or click-to-dial, without predictive or automated features, generally isn't covered by the TCPA's cell phone calling restrictions. But human-dialed calls to numbers on the National Do Not Call Registry are still restricted separately under FTC rules, so scrubbing the DNC list matters regardless of how you dial.

Sources

  1. U.S. Government Publishing Office, 47 U.S.C. § 227 (TCPA statute text): TCPA prohibits autodialed or prerecorded calls to cell phones without prior express written consent; damages are $500 per violation and $1,500 for willful violations
  2. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: Consent bundled with general terms or identifying only 'partners' rather than the specific calling entity has been litigated as insufficient in TCPA cases
  3. FCC, 47 C.F.R. § 64.1200 (implementing TCPA regulations): Prior express written consent is defined at 47 C.F.R. § 64.1200(f)(9); electronic records qualify as written agreements under E-SIGN
  4. U.S. Government Publishing Office, 15 U.S.C. § 7001 (E-SIGN Act): E-SIGN Act establishes that electronic signatures and records have the same legal effect as paper documents, enabling web form submissions to satisfy TCPA written consent requirement
  5. U.S. Government Publishing Office, 28 U.S.C. § 1658 (federal statute of limitations): Federal statute of limitations for private TCPA suits is four years under 28 U.S.C. § 1658; consent records should be retained for at least this period
  6. California Penal Code § 638.50 et seq. (California Invasion of Privacy Act, CIPA): California CIPA imposes state-law restrictions on automatic dialing systems that can run parallel to TCPA claims, increasing potential liability for callers targeting California area codes
  7. Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida Mini-TCPA effective July 2021 restricts autodialed calls and texts to Florida area codes with statutory damages up to $500 per call under state consumer protection law
  8. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed the TCPA definition of automatic telephone dialing system in 2021 to require capacity to generate random or sequential numbers; state law ATDS definitions may still capture systems that fall outside this federal definition

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit