Klaviyo and the Texas SMS law — compliance steps

---

title: "Klaviyo and the Texas SMS law — compliance steps" description: "Texas SB1620 + state-level SMS regulations + A2P 10DLC compliance — how to implement geo-exclusion in Klaviyo SMS and monitor for drift." slug: "klaviyo-texas-sms-compliance" publishedAt: "2026-05-19" updatedAt: "2026-05-19" painCluster: 8 intent: 8 tier: 4 faq:

• q: "What does Texas SB1620 require for SMS marketing?" a: "SB1620 requires that commercial text-message senders register with the Texas Secretary of State or face penalties up to $5,000 per unsolicited message. The practical effect for most ecommerce senders is to exclude Texas-based profiles from SMS sends unless you've registered. Compliance is binary — registered or excluded — and registration is the harder path."
• q: "How do I exclude Texas profiles from Klaviyo SMS sends?" a: "Build a segment that excludes profiles in Texas based on the State field in their profile data. Apply that segment as a filter on every SMS flow and campaign. The hard part is getting State data populated — for profiles without state data, you have to decide whether to include or exclude them. Most operators exclude unknown-state profiles as the safer default."
• q: "Are other states passing similar SMS laws?" a: "Yes. Florida, California, and several other states have either passed or are advancing SMS-specific consumer protection laws. The trend is toward stricter consent and registration requirements at the state level. The compliance posture worth adopting now is 'plan for more states, not fewer' — build infrastructure that can geo-exclude or apply state-specific rules on demand."
• q: "Does A2P 10DLC registration cover Texas SB1620?" a: "No. A2P 10DLC is a federal carrier-level registration program (different mechanism). Texas SB1620 is a state-level commercial-sender registration. The two are separate and you need to comply with both if you're sending SMS to Texas residents at scale."
• q: "What's the penalty for non-compliance with Texas SB1620?" a: "Up to $5,000 per unsolicited message. For a brand sending tens of thousands of SMS messages to Texas residents, the theoretical exposure is large. Enforcement is selective and complaint-driven, but the math means even modest non-compliance can produce material legal exposure."
• q: "How do I get state data on existing Klaviyo profiles?" a: "Three main sources. Shipping address (if they've placed an order, state is available). Billing address (same). Manual input via signup form (rarely done because it adds friction). For profiles without any of these, you can sometimes infer state from area code on phone number, but that's unreliable post-portability. Most accounts have state on 50-80% of SMS profiles and unknown on the rest."
• q: "Can geo-exclusion fail silently in Klaviyo?" a: "Yes. If the segment that defines 'exclude Texas' is broken (state field not syncing, segment not refreshing, profile geo-data outdated), Texas profiles will receive SMS messages despite the exclusion. The failure looks identical to a working exclusion in the UI — the segment exists, the flow filter references it — but the underlying population isn't right."
• q: "Will Playbook detect Texas SMS compliance drift?" a: "Yes. We monitor the size and composition of any geo-exclusion segment configured against your SMS sends. If the segment's composition shifts unexpectedly (suddenly contains many fewer Texas profiles than your billing/shipping data would suggest), we surface a finding. The deep link goes to the segment definition and the relevant SMS flow filter." related:
• klaviyo-sms-not-delivering
• klaviyo-vs-attentive-sms
• klaviyo-vs-postscript
• klaviyo-monitoring-tools-2026

---

Texas SB1620 made commercial SMS senders subject to registration requirements and penalties of up to $5,000 per unsolicited message. For ecommerce brands sending SMS marketing, this changed the compliance posture overnight — registration is one path, geo-exclusion is the other, and "send to everyone everywhere" is no longer viable.

This page covers the practical compliance steps in Klaviyo SMS. We won't pretend this is legal advice — talk to your counsel about the specifics of your sending and your registration obligations. What we can cover is the operational layer: how to implement geo-exclusion in Klaviyo, how to verify it's working, and how to monitor for the drift that's caused so many brands to discover their geo-exclusion broke months ago.

The compliance options at a glance

For Texas specifically (and the analogous state laws emerging), brands have three options.

Option 1: Register with the Texas Secretary of State. Compliant if you complete the registration. Significant administrative work; requires designated registered agent for service; registration is public record. This is the path larger brands typically take if Texas is a material market.

Option 2: Exclude Texas profiles from SMS sends. Simpler operationally. Some revenue cost (you lose SMS to Texas residents). Lower legal exposure. This is the path most mid-market brands take.

Option 3: Hope no one notices. Self-evidently a bad strategy. The enforcement is complaint-driven and selective, so the probability of a specific brand getting hit is low — but the per-message penalty math means even one complaint can produce six-figure legal exposure. The actuarial math doesn't support this option for any serious sender.

Assuming you're taking Option 2 (or Option 1 but with belt-and-suspenders geo-exclusion as a backup), the rest of this page is the implementation guide.

Implementing geo-exclusion in Klaviyo SMS

The core mechanic is: build a segment that identifies non-Texas profiles, then use that segment as the audience for every SMS send. Or equivalently: build a segment that identifies Texas profiles and use it as an exclusion filter.

Step 1: Confirm state data on your profiles. Open a sample of profiles. Look at the location-related fields. The most reliable sources are billing-address state (from Shopify orders) and shipping-address state (same). Phone-number area code is sometimes usable but unreliable since number portability — a Texas resident can have a non-Texas area code and vice versa.

Step 2: Build the segment. Lists & Segments → Create Segment. The simplest definition: "State equals Texas." For Texas-specific exclusion, this is sufficient. For a broader compliance posture (anticipating more states), build it as a positive segment: "State is one of [list of compliant states]" and use it as your inclusion audience instead.

Step 3: Apply the segment as a filter. On every SMS flow and SMS campaign, add the exclusion filter. The filter goes on the flow itself (in the trigger configuration) and on every campaign send (in the audience configuration).

Step 4: Handle profiles with unknown state. This is the decision point. A profile in Klaviyo without state data could be a Texas resident or could be from anywhere. The safer compliance posture is to exclude unknown-state profiles from SMS by default — yes, you lose some SMS reach, but the legal exposure of accidentally hitting a Texas resident with no consent and no registration is the worse outcome.

Step 5: Document the configuration. Internal record of what segment you built, what filter is applied where, when you implemented it. This is what your legal team will ask for if there's ever a complaint.

What can go wrong (and what to monitor)

The most common failure mode is silent drift — the geo-exclusion stops working but the UI still shows the segment and filter as in place. A few specific patterns:

State data stops syncing. If Shopify integration breaks or order events stop syncing, new profiles won't have state populated. They'll fall into the "unknown state" bucket, which (depending on your handling) may mean they receive SMS when they shouldn't.

Segment refresh lag. Klaviyo segments with relative-time conditions update on a 24-hour cycle. A profile that just placed a Texas-shipping order won't appear in the exclusion segment for up to 24 hours — during which a flow can fire to them.

Profile state data goes stale. A subscriber's state on file is from their last order 18 months ago. They've since moved to Texas. Your geo-exclusion doesn't catch this because their billing/shipping address in Klaviyo still shows the old state.

Segment definition broken. Someone edited the segment and made a change that quietly broke its logic. The UI still shows the segment in place, but the included profiles aren't right.

Flow filter not actually applied. A new flow was built without inheriting the geo-exclusion filter. The pattern is to apply the filter on every new flow, but a forgotten filter on one flow means that flow is non-compliant while everything else is fine.

Each of these failures is invisible from a casual UI review. You'd need to spot-check by pulling a sample of profiles from the segment, verifying their actual state, and confirming they aren't receiving sends. Most operators don't do this routinely — which is why these failures persist for months.

The audit you should run today

Three checks, takes about 30 minutes.

Check 1: Pull a sample of profiles from your exclusion segment. Random sample of 20. For each, confirm their stated state matches your exclusion criteria. If 1-2 don't match, that's normal data noise. If 5+ don't match, the segment definition or the underlying data is wrong.

Check 2: Pull a sample of profiles NOT in your exclusion segment but who have a Texas billing/shipping address. Look for profiles that should be excluded but aren't. Any meaningful count is a problem — it means your segment is missing profiles it should catch.

Check 3: For each active SMS flow and the last 5 SMS campaigns, verify the exclusion segment is actually applied as a filter. This is tedious but the only way to confirm. New flows and new campaigns get built and the filter sometimes doesn't get applied.

If any of these three checks fail, fix the underlying issue and add a calendar reminder to re-audit monthly. The cost of getting compliance wrong is too high to leave to ad-hoc review.

A2P 10DLC, the other compliance layer

Texas SB1620 is one law. A2P 10DLC is a separate compliance program at the carrier level — every commercial SMS sender on US 10-digit-long-code phone numbers has to register the campaign with The Campaign Registry. Klaviyo handles this for you if you're sending SMS through Klaviyo's infrastructure, but the registration requires that you provide certain information (sender ID, content categories, opt-in mechanism documentation).

For Texas-specific compliance, A2P 10DLC isn't sufficient on its own — you still need state-level compliance via either registration or geo-exclusion. But unregistered or improperly-registered A2P 10DLC will cause your SMS to be heavily filtered regardless of any state-level compliance work, so both layers need to be addressed.

What's likely coming next

State-level SMS regulation is following the same pattern that email regulation followed in the late 2010s — patchwork state laws emerging, eventual federal action that may or may not preempt the state laws. The right operational posture is to build geo-exclusion infrastructure now that can handle additional states as they come online, rather than building Texas-specific tooling that has to be re-architected per state.

A useful pattern: maintain a sms_compliance_state custom property on each profile, set per-profile based on the most authoritative location data you have. Use that property — not the underlying state field directly — for all compliance segments. This decouples the compliance logic from the underlying data source and lets you adjust the mapping (which states are compliant, which are not) in one place.

Most importantly: the compliance work isn't a one-time project. Profile state changes (subscribers move), the law changes (new states pass laws), and the platform behavior changes (Klaviyo updates segment behavior, Shopify changes address handling). Continuous monitoring of the geo-exclusion segment's composition is the only reliable way to catch the drift that creates legal exposure. Audit monthly minimum; monitor continuously if the volume justifies it.