Reach swarm · Multi-location-sms-broadcast agent · Build pillar · Published July 2, 2026
How to build a multi-location SMS broadcast engine for multi-unit franchise + multi-location service operators
A multi-unit franchise or multi-location service operator running 50-500 locations sending SMS broadcasts faces TCPA statutory damages of $500-$1,500 per violation, franchisor agency-theory exposure for franchisee-originated SMS, state mini-TCPAs (Florida FTSA + Oklahoma + Washington CEMA + Maryland MDPA), and per-carrier 10DLC filtering that rejects unregistered campaigns. This guide walks the 4-skill bundle (Consent + Compose + Throttle + Audit) on the multi-location-sms-broadcast agent end-to-end.
The 4-skill bundle on the multi-location-sms-broadcast agent
Consent
Maintain a per-recipient consent register keyed by phone number. Consent source: web form + paper signup + in-store kiosk + transactional opt-in + double-opt-in confirmation. Consent scope: this location vs portfolio vs cross-brand. Consent timestamp + capture image or recording reference. Revocation events: STOP + UNSUBSCRIBE + END + CANCEL + QUIT + STOPALL keywords + custom revocation strings + carrier -reported opt-outs honored within reasonable period per 2024 FCC revocation rule. Per-state consent expiration where applicable. Per-recipient consent posture queryable in under 100 ms at send time. Revocation honored across all sender IDs within the portfolio, not just the sender that received the STOP.
Compose
Generate per-campaign message drafts respecting GSM-7 vs Unicode encoding, character-count rules (160 GSM-7 + 70 Unicode + multi-part concatenation), link-shortener domain registration (Bitly + Rebrandly + Branch.io + Firebase Dynamic Links + per-portfolio vanity domain), deep-link routing, merge-tag personalization (first name + loyalty tier + location name + personalized coupon + deep link), operator-counsel-approved claims-allowlist (sibling skill from #496), and forbidden-phrase library check (sibling from #507). LLM personalization optional with per-vendor zero-retention verified per call. Compose produces draft; Compose does not send. Send authority belongs to Throttle.
Throttle
Enforce per-recipient daily cap (default 2 messages) + weekly cap (default 5) + cross-campaign deduplication window. Per-state quiet-hours: CTIA 8 AM to 9 PM default + Florida FTSA 8 AM to 8 PM + Florida weekend restriction + state-specific overrides. Per-recipient time-zone resolution from area code + ZIP + self-declared. Per -carrier MPS and DPS throughput honoring (AT&T + Verizon + T-Mobile + USCellular + tier-based MNO acceptance rate). 10DLC TCR campaign-registration-binding (every send tied to a registered campaign per use case: marketing + low-volume-mixed + 2FA + account-notification + customer -care + delivery-notification + fraud-alert + higher -education + polling-voting + PSA + security-alert). Per-location sender-ID rotation (1-to-1 + pool + shared rotating allocation strategy). Emergency-bypass allowed only for true emergency with CCO or general-counsel approval recorded in audit trail.
Audit
Per-message canonical record (message ID + campaign ID + recipient ID tokenized + location ID + sender ID + TCR campaign ID + consent state pointer + send timestamp + quiet-hours evaluation + throttling evaluation + delivery status + carrier error code + reply content + reply routing destination + per-attestation flag). Immutable WORM storage. Per-message record retains for TCPA class -action discovery + state-AG enforcement review + CASL CRTC compliance + CTIA Messaging Principles attestation + FDD-amendment review. Per-recipient revocation event retains as substantiation of revocation-honor latency.
The real ecosystem this sits above
SMS platform + CPaaS
Twilio, Bandwidth, Sinch, Plivo, MessageBird, Vonage, Telnyx, ClickSend, Sakari CPaaS. Attentive, Postscript, EZ Texting, SimpleTexting, TextMagic, Yotpo SMSBump, Klaviyo SMS, Iterable, Braze marketing-SMS platforms. Multi-vendor mix is normal; Throttle coordinates per -recipient cap and revocation honor across all senders so the per-recipient experience is one stream, not 5.
10DLC TCR + CTIA + carrier
The Campaign Registry (TCR) brand + campaign registration. CTIA Short Code Monitoring Handbook + Messaging Principles and Best Practices. AT&T Code of Conduct, Verizon Messaging Policy, T-Mobile Code of Conduct, USCellular Messaging Guidelines. Per-carrier filtering policies reject unregistered campaigns; Throttle binds every send to a TCR campaign ID per use case.
CRM + consent + WORM audit
HubSpot, Salesforce, Pipedrive, Close, Keap CRM. OneTrust + TrustArc + Didomi + Cookiebot + Sourcepoint consent management. AWS S3 Object Lock + Azure Blob immutable + Google Cloud Storage Bucket Lock + Wasabi compliance WORM storage. LLM personalization + reply intent classification under per-vendor zero-retention (OpenAI, Anthropic, Google, AWS Bedrock, Azure OpenAI).
The 5-anchor compliance overlay
Anchor 1 — TCPA + 2024 FCC revocation rule + class-action precedent + franchisor agency-theory (operationally distinctive)
TCPA 47 USC 227 statutory damages run $500 per violation and $1,500 per willful violation with no statutory cap. Subway Sandwich Shops settled TCPA class actions for $30M and a related matter for $75M. Capital One Auto Finance settled for $40M. The 2024 FCC revocation rule (FCC 24-18) confirmed revocation in any reasonable manner and cross-sender honor within reasonable period. FCC Insurance Marketing Coalition v FCC (DC Cir 2025) vacated the FCC one-to-one consent rule but the rest of TCPA still applies. State mini-TCPAs cover Florida Telephone Solicitation Act FTSA Fla Stat 501.059 + Oklahoma TCPA 15 OS 775C + Washington CEMA RCW 19.190 + Maryland MDPA Md Code Ann Com Law 14-3201 et seq. Franchisor agency-theory exposure under Restatement Third of Agency Sec 7.07 (apparent authority + control over instrumentality considered). Operationally distinctive — the franchisor shipping multi-location SMS without per-location consent register + per-recipient revocation honor + per-state quiet-hours + per-location sender-ID + per-message audit trail is purchasing a TCPA class-action and franchisor agency-theory exposure rather than a marketing capability.
Anchor 2 — 10DLC TCR + CTIA Messaging Principles + per-carrier filtering
The Campaign Registry brand registration + brand vetting + trust score + campaign registration per use case (marketing + low-volume-mixed + 2FA + account-notification + customer-care + delivery-notification + fraud-alert + higher-education + polling-voting + PSA + security-alert) + per-carrier MNO acceptance (AT&T + Verizon + T-Mobile + USCellular) + CTIA Messaging Principles and Best Practices + CTIA Short Code Monitoring Handbook. Per -carrier filtering rejects unregistered campaigns; every send is bound to a TCR campaign ID at Throttle time.
Anchor 3 — CASL + PIPEDA + GDPR for cross-border recipients
CASL 2013 Canadian Anti-Spam Legislation when sending to Canadian recipients (express consent for most CEMs + implied consent windows + identification + opt-out requirements + CRTC enforcement). PIPEDA Personal Information Protection and Electronic Documents Act for Canadian PI. GDPR Article 6(1)(a) consent legal basis + Article 7 conditions for consent + Article 17 right to erasure when sending to EU recipients. Per-recipient jurisdiction resolution at Throttle determines which regime applies.
Anchor 4 — CCPA + CPRA + state-comprehensive-privacy + DSAR overlay
CCPA + CPRA + state-comprehensive-privacy (Virginia VCDPA + Colorado CPA + Connecticut CTDPA + Utah UCPA + Texas TDPSA + Oregon OCPA + Montana MCDPA + Tennessee TIPA + Iowa Act + Indiana ICDPA + Delaware DPDPA + New Jersey NJDPA + New Hampshire NHPA + Kentucky KCDPA + Maryland MODPA + Minnesota CDPA + Rhode Island DTPPA). DSAR overlay tagging across Consent + per-message Audit substrate so a per-recipient access request surfaces consent posture + per-message history within the statutory response window.
Anchor 5 — NIST AI RMF + ISO 42001 + EU AI Act + per-vendor LLM zero-retention
When LLM personalization at Compose or LLM intent classification at reply-routing are used, NIST AI RMF Govern + Map + Measure + Manage applies, ISO 42001 documents the governance posture, EU AI Act Article 14 human oversight + Article 15 accuracy and robustness apply where operator scope reaches EU, and per-vendor LLM zero-retention posture is verified before any recipient identifier or consent posture is sent to LLM endpoint. LLM use does not create a TCPA exemption; the consent + revocation + quiet-hours chain applies regardless of whether the message body was LLM-drafted.
The 6-workstream pre-engagement-baseline reporting cycle
Completions does not commit to numeric send-volume or deliverability targets before engagement scope is documented. The Q6 pre-engagement -baseline reporting cycle covers the six workstreams that ship in every engagement.
- Consent coverage. Per-recipient consent register completeness + per-source enumeration (web + paper + kiosk + transactional + double-opt-in) + per-scope tagging + per-state expiration where applicable + per-revocation event latency budget + cross-sender revocation honor completeness.
- Compose quality. Per-campaign GSM-7 vs Unicode handling + character-count discipline + link -shortener domain registration + merge-tag personalization correctness + claims-allowlist check + forbidden-phrase check + per-vendor LLM zero-retention freshness when LLM personalization used.
- Throttle quality. Per-recipient daily + weekly cap discipline + cross-campaign deduplication window + per-state quiet-hours (CTIA + Florida FTSA + state overrides) + per-recipient time-zone resolution accuracy + per-carrier MPS + DPS + MNO acceptance + 10DLC TCR campaign-registration-binding completeness + per-location sender-ID rotation strategy + emergency-bypass approval chain.
- Audit quality. Per-message canonical record completeness + immutable WORM storage posture + per -recipient revocation-event latency record + per -attestation flag freshness.
- Compliance posture. TCPA + 2024 FCC revocation rule operator-counsel signoff + Subway + Capital One precedent review + franchisor agency-theory exposure review + state mini-TCPA coverage (Florida + Oklahoma + Washington + Maryland + emerging) + 10DLC TCR registration + CTIA Messaging Principles + per-carrier filtering posture + CASL + PIPEDA + GDPR + CCPA + CPRA + state-comprehensive -privacy + DSAR overlay completeness + NIST AI RMF + ISO 42001 + EU AI Act + per-vendor LLM zero-retention freshness.
- Audit-trail completeness. Per-Consent + per-Compose + per-Throttle + per-Audit canonical record retention in versioned-history substrate readable by external counsel + state-AG enforcement + class-action discovery + CASL CRTC review + CTIA attestation.
Frequently asked questions
What problem does a multi-location SMS broadcast engine solve for a multi-unit franchise or multi-location service operator?
A multi-unit franchise or multi-location service operator running 50-500 locations wants to send SMS broadcasts (promotional + transactional + appointment-reminder + emergency) at a cadence that respects recipient consent, respects per-state mini-TCPA rules, clears 10DLC carrier filtering, and produces an audit trail that survives TCPA class-action discovery and state-AG enforcement review. Naive SMS-broadcast tooling assumes one sender and one consent list; multi-location operations require per-location sender ID, per-location consent posture (different franchisees collected consent under different forms), per-state quiet-hours, per-recipient cap discipline, and a franchisor-side audit trail that proves the franchisor did not direct or ratify any non-consenting send. The skill ships the substrate that makes per-location SMS defensible and the audit trail that makes franchisor agency-theory exposure manageable.
What is the 4-skill bundle and what does each skill do?
Consent maintains a per-recipient consent register keyed by phone number with consent source (web form + paper signup + in-store kiosk + transactional opt-in + double-opt-in confirmation), consent scope (this location vs portfolio vs cross-brand), consent timestamp, consent capture image or recording reference, revocation events (STOP + UNSUBSCRIBE + END + CANCEL + QUIT + STOPALL keywords + custom revocation strings + carrier-reported opt-outs), and per-state consent expiration where applicable. Compose generates per-campaign message drafts respecting GSM-7 vs Unicode encoding, character-count rules, link-shortener domain registration, deep-link routing, merge-tag personalization, and operator-counsel-approved claims-allowlist; Compose does not send. Throttle enforces per-recipient daily and weekly caps, per-state quiet-hours, per-recipient time-zone resolution from area code + ZIP + self-declared, per-carrier MPS and DPS throughput, per-carrier MNO acceptance rate, 10DLC TCR campaign-registration-binding, and per-location sender-ID rotation. Audit ships per-message canonical records to immutable WORM storage for TCPA class-action discovery + state-AG enforcement review + CASL CRTC compliance + CTIA Messaging Principles attestation.
Why is TCPA + 2024 FCC revocation rule + Subway class-action precedent + franchisor agency-theory exposure the operationally distinctive anchor for this skill?
TCPA 47 USC 227 statutory damages run $500 per violation and $1,500 per willful violation, with no statutory cap. Subway Sandwich Shops settled a TCPA class action in 2014 for $30M+ over franchisee SMS sent to consumers who had not opted in, then a related matter for $75M; the franchisor was named because franchisees were sending on franchisor-coordinated platforms with franchisor-approved messaging templates. Capital One Auto Finance settled a TCPA matter for $40M. The 2024 FCC revocation rule (FCC 24-18) confirmed that consumers can revoke consent in any reasonable manner including STOP plus reasonable variants, and operators must honor revocation across all senders within a reasonable period. FCC Insurance Marketing Coalition v FCC (DC Cir 2025) vacated the FCC one-to-one consent rule but the rest of TCPA still applies. Per-state mini-TCPAs (Florida FTSA + Oklahoma TCPA + Washington CEMA + Maryland MDPA) add private rights of action and per-state statutory damages on top. Operationally distinctive frame: the franchisor that ships a multi-location SMS broadcast engine without per-location consent register + per-recipient revocation honor + per-state quiet-hours + per-location sender-ID + per-message audit trail is purchasing a TCPA class-action and a franchisor-agency-theory exposure rather than a marketing capability.
What real regulatory and standards-body hooks does the compliance overlay anchor on?
Anchor 1 is TCPA 47 USC 227 + 2024 FCC revocation rule FCC 24-18 + Subway Sandwich Shops TCPA class actions ($30M + $75M) + Capital One Auto Finance TCPA $40M + franchisor agency-theory exposure (Restatement Third of Agency Sec 7.07 + Patterson v Domino Pizza Cal Sup Ct 2014 limiting joint-employer; agency for SMS-marketing direction remains a fact question) + state mini-TCPAs (Florida Telephone Solicitation Act FTSA Fla Stat 501.059 + Oklahoma TCPA 15 OS 775C + Washington CEMA RCW 19.190 + Maryland MDPA Md Code Ann Com Law 14-3201 et seq) + FCC Insurance Marketing Coalition v FCC DC Cir 2025. Anchor 2 is 10DLC The Campaign Registry brand registration + brand vetting + trust score + campaign registration per use case + per-carrier MNO acceptance (AT&T + Verizon + T-Mobile + USCellular) + CTIA Messaging Principles and Best Practices + per-carrier filtering policies that reject unregistered campaigns. Anchor 3 is CASL 2013 Canadian Anti-Spam Legislation when sending to Canadian recipients + PIPEDA + Bill C-28 implementation guidance + CRTC enforcement. Anchor 4 is CCPA + CPRA + state-comprehensive-privacy + GDPR Article 6(1)(a) consent legal basis when sending to EU recipients + Article 7 conditions for consent + Article 17 right to erasure honored across substrate + DSAR overlay. Anchor 5 is NIST AI RMF + ISO 42001 + EU AI Act + per-vendor LLM zero-retention when LLM personalization at Compose or LLM intent classification at reply-routing are used; LLM use does not create a TCPA exemption.
How does Throttle prevent quiet-hours violations across 50 time zones?
CTIA Messaging Principles and Best Practices recommend send window of 8 AM to 9 PM in the recipient local time. Florida FTSA imposes 8 AM to 8 PM and prohibits weekend sends without specific consent. Throttle resolves per-recipient local time zone from area code (heuristic, can be wrong after porting), ZIP code (when known), and self-declared time zone (when collected), defers sends scheduled during quiet hours to the next legal window, applies per-state stricter window (Florida 8 AM to 8 PM + weekend restriction) where applicable, and refuses send when consent record lacks state. Emergency-bypass is allowed only for true emergency (CTIA Best Practices public-safety definition) with CCO or general-counsel approval recorded in the audit trail; marketing branded as emergency is a TCPA-class-action invitation. Throttle also enforces per-recipient daily cap (default 2 messages) and weekly cap (default 5), respects cross-campaign deduplication windows, and integrates fatigue-detection signals (recipients who stop engaging are throttled down before they STOP).
What does Completions ship and how does an engagement start?
Completions ships the multi-location-sms-broadcast agent + 4-skill bundle (Consent + Compose + Throttle + Audit) + 5-anchor compliance overlay (TCPA + 2024 FCC revocation rule + Subway + franchisor agency-theory + state mini-TCPAs + 10DLC TCR + CTIA Best Practices + per-carrier filtering + CASL + PIPEDA + GDPR + CCPA + CPRA + NIST AI RMF + ISO 42001 + EU AI Act + per-vendor LLM zero-retention) + the Q6 6-workstream pre-engagement-baseline reporting cycle. Tier 1 AI Readiness Assessment ($10k, 2-3 weeks) audits the current per-location consent register + revocation-honor latency + per-state quiet-hours posture + 10DLC TCR registration + per-message audit trail completeness. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded) runs the multi-location-sms-broadcast agent on the operator SMS + CRM + marketing-automation stack on an ongoing basis.
Engage Completions on the multi-location-sms-broadcast agent
Tier 1 AI Readiness Assessment ($10k, 2-3 weeks) audits the current per-location consent register + revocation-honor latency + per-state quiet-hours posture + 10DLC TCR registration + per -message audit trail completeness. Tier 3 Fractional CMO with AI Swarm ($15-25k/month, 6-month minimum, 1-2 days/wk embedded) runs the multi-location-sms-broadcast agent on the operator SMS + CRM + marketing-automation stack on an ongoing basis.