The short version: yes, if you get three things right
You served this person. They paid you. Now you want to text them a link to leave a Google review, or nudge them to book their next tune-up. Is that legal? Yes — and it's a completely normal, everyday use of business texting. But "legal" depends on three separate things that owners tend to jam into one worry.
The first is consent: did the customer agree to be texted? The second is carrier registration, the A2P 10DLC rules that decide whether your text even gets delivered. The third is opt-out: can they reply STOP and actually stop? Get those three right and you're on solid ground. Miss one and you either get filtered into the void or, in the worst case, draw a TCPA complaint. The good news is that a review request to your own customer is the easy case, not the hard one.
Consent: your own customer is not a cold lead (TCPA in plain English)
The TCPA (Telephone Consumer Protection Act) is the US law people are scared of. It's the reason random spam-blast marketing companies get sued. But the TCPA draws a hard line between cold marketing to strangers and a follow-up message to someone you already have a business relationship with.
A review-request text a few hours after a completed job is a transactional follow-up to your existing customer. A seasonal rebooking nudge to a past customer is close behind. Neither is a cold marketing blast to a purchased list. That distinction matters: the standard of consent for messaging your own customers about the service they just received is far more forgiving than blasting numbers you bought. The reasonable, defensible move is to get consent anyway — and it's easy. Most home-service shops do it verbally at the point of service: "Can I text you a link to leave a review of the work today?" That yes, logged with the number, is a legitimate, carrier-accepted consent method (it's called verbal opt-in). You're not asking a lawyer to bless anything — you're just asking the customer, out loud, the way you already ask for their email.
A2P 10DLC: why texting from your personal cell gets blocked
Here's the part almost nobody knows until their texts stop arriving. In the US, every business that sends automated or bulk texts has to register under a program called A2P 10DLC (application-to-person, 10-digit long code). The carriers — AT&T, Verizon, T-Mobile — require it. There is no way around it and it is not optional.
If you text 40 customers the same review link from your personal cell or an unregistered app, the carriers see a burst of identical app-like messages from an unregistered sender and silently filter or block them. You often get no error. The customer just never receives it, and you assume the link is broken. Registration is what tells the carriers "this is a known, vetted business sending expected messages," so your texts actually land in the inbox.
There are two pieces to register: your brand (your company identity — name, EIN, address, website) and your campaign (the use case, i.e. "we send review-request and rebooking texts to our own customers"). The campaign is the part that gets scrutinized, because the reviewer wants to confirm how your recipients agreed to be texted. This is exactly the kind of paperwork that's miserable to do once and pointless to learn — which is why it belongs on the platform, not on your desk. Every serious review platform — Birdeye, Podium, and yes, AutoReview — registers this so you don't have to.
Opt-out: STOP has to actually work
The third rule is the simplest and the most enforced: if someone replies STOP, the texts have to stop. Carriers expect an opt-out instruction visible in the message body, and they expect STOP to be honored instantly and automatically — no matter what your message says.
In practice that means two things. Every message needs a clear opt-out line — the plain "Reply STOP to opt out" that rides along at the bottom. And STOP (plus its cousins UNSUBSCRIBE, CANCEL, END, QUIT) has to be caught and processed the moment it comes in, with a confirmation that names your business so the customer knows exactly who they unsubscribed from. If you're doing this by hand from a phone, you are the opt-out system — and one missed STOP is the kind of thing that turns an annoyed customer into a complaint. This is the strongest argument for not running review texts out of your own contacts app.
The honest-routing question owners always ask
A fair worry: "If I ask everyone, won't I get bad reviews too?" You might. But the compliant — and frankly more durable — approach is to ask every customer the same way, and keep the public Google review link one tap away for all of them. What you can honestly do is give an unhappy customer a private path to reach you first, so they can vent to the owner instead of only to the internet. You just never hide the public link or steer only happy people toward it.
That last part matters legally, not just ethically. Google's policies and the FTC's 2024 rule on fake and manipulated reviews both target "review gating" — the practice of filtering people so only 5-star customers reach the public page. Sorting customers before the ask is exactly what regulators are now fining. Asking everyone, and letting the unhappy ones talk to you first while the public link stays available, keeps you clean and keeps your star rating real. (This is general guidance, not legal advice — when in doubt, check with your own attorney.)
How AutoReview handles the compliance part for you
The whole point of using a platform instead of your personal phone is that the law-shaped work stops being your job. AutoReview registers the A2P 10DLC brand and campaign so your texts deliver instead of getting filtered. It enforces consent inside the product — a number can't be saved or messaged until the business confirms consent was obtained — which is the same merchant-collected, verbal opt-in model the carriers already accept.
It also carries the opt-out line in every message and auto-processes STOP, UNSUBSCRIBE, CANCEL and the rest the instant they come in, then confirms the unsubscribe with your business name attached — so you're never the one manually remembering who said stop. And it's built around asking everyone the same way: the public Google link is always one tap away, with a private path for unhappy customers, never a gate that hides it.
That same compliant plumbing runs both pillars — the after-the-job review request and the seasonal customer reactivation that texts past customers to rebook (that's the /win-back side, and /for/hvac if you want the trade-specific version). You get the delivery and the STOP-handling handled correctly, without becoming an expert on carrier rules. You can start free at /signup and see the consent, opt-out, and messaging flow before you send a single text.
