Is a paper SMS sign-up sheet TCPA compliant?

Paper forms can technically satisfy TCPA's written consent requirement if they include compliant disclosure language. The problem is they produce no digital proof — no timestamp, no IP address, no version control for the disclosure language. In litigation, you have no way to verify the form was accurate or that the consumer filled it out voluntarily.

What should a QR code consent form include?

The form must include: your business name, a description of message types, message frequency estimate, 'message and data rates may apply,' opt-out instructions (STOP), help instructions (HELP), and a link to your terms and privacy policy. The consent checkbox must be unchecked by default.

Can I use a Google Form for in-person SMS consent?

Google Forms can collect phone numbers but do not provide TCPA-compliant consent capture: no session replay, no form version tracking, no hash-verified audit trail, and no CTIA-standard disclosure management. They are not suitable for SMS consent documentation.

How do I display the QR code in my business?

Common placements include counter cards or tent cards at checkout, table toppers for restaurants, posters near entrances, receipts, loyalty card handouts, and event badges. The QR code should include brief context: 'Scan to join our text club — get exclusive deals.'

What happens if a customer doesn't have a smartphone for the QR code?

Include a text-to-join keyword as a backup. Display: 'Text JOIN to [number] to sign up.' Keyword opt-ins create a documented consent trail when the platform sends an automated confirmation message with your disclosure language.

QR Code SMS Consent Forms for In-Person Opt-Ins (2026)

A gym owner in Atlanta had 800 people on his SMS list. When a plaintiff's attorney sent a demand letter, he pulled out a box of paper sign-up sheets. Some had illegible handwriting. Some had no date. None showed what disclosure language the customer had seen. He had no idea if the forms from 2023 matched the language from 2024.

He settled for $180,000.

In-person SMS consent is a genuine gap in how most local businesses handle TCPA compliance. The solution is straightforward: QR codes linked to session-recording consent forms. Here's how to deploy them in any physical business setting.

The Problem With Paper Sign-Up Sheets

Paper forms are the default consent collection method for brick-and-mortar businesses — gyms, salons, restaurants, retail stores, event organizers. They feel intuitive and low-tech. They are also legally indefensible.

Here's what a paper sign-up sheet cannot prove:

Consent language version: What did the disclosure say when the customer signed? You may have updated your SMS program, changed your message frequency, or revised your terms. A box of paper forms has no version control.

Timestamp: When did the customer sign up? Paper forms typically have a date column, but it's filled in by staff, not automatically generated. Courts treat staff-entered dates with skepticism.

IP address and geolocation: Digital consent records capture the device's IP address and approximate location. Paper forms have none of this corroborating data.

Legibility and attribution: Handwriting is ambiguous. A phone number that was clearly written by the customer versus transcribed by a staff member is a chain-of-custody question.

Proof of affirmative action: A paper form doesn't show whether the customer read the disclosure before signing. A session replay recording does.

For TCPA litigation defense, paper forms leave you with almost nothing.

How QR Code Consent Works

The QR code approach replaces the paper sign-up sheet with a digital consent form that the customer fills out on their own phone. Here's the flow:

Customer sees a QR code at your counter, table, front door, or event booth
Customer scans with their phone camera — no app required
Phone opens a mobile-optimized consent form with your business name, CTIA disclosure language, and an unchecked SMS consent checkbox
Customer enters their phone number and checks the box — their entire form interaction is recorded via session replay
Form submits — a consent record is created with: timestamp, IP address, geolocation, browser/device fingerprint, form version hash, and session recording
Customer receives an opt-in confirmation text with your message frequency and opt-out instructions

The customer gets the same experience as any digital opt-in. You get a court-admissible consent record.

Where to Display QR Code Consent Forms

Restaurants and Cafes

Counter card next to the register: "Join our text deals — scan for 10% off your next order"
Table toppers with QR code on the back
Receipt footer: "Join our text club for exclusive offers"
Menu inserts for specials notifications

Gyms and Fitness Studios

Front desk counter placard
Posted near equipment check-in
Welcome packet for new members
Class schedule holder with QR code footer

Salons and Spas

Station cards at each stylist chair
Reception desk stand-up card
Appointment reminder cards: "Opt in for text reminders — scan here"
Retail product shelf displays

Retail Stores

Point-of-sale card next to PIN pad
Product display cards
Loyalty program signup stand
Window signage for passersby

Events and Trade Shows

Badge lanyard card
Booth counter card
Event program footer
Handout flyers with QR code

Designing the QR Code Placement

The physical display should include:

The QR code (minimum 1.5 inches × 1.5 inches for reliable scan)
A brief value proposition: "Scan to get exclusive text deals"
A backup text-to-join keyword for customers without camera access
Your business name

Do not include the full consent disclosure on the printed card — it clutters the design and customers won't read it there. The disclosure is on the form itself, which they will see on their phone screen.

Setting Up the Consent Form

Using OptInFix, you can create a mobile-optimized consent form in minutes:

Create a new form and set your business name and CTIA disclosure language
Configure the welcome message that fires after opt-in
Copy the form URL
Generate a QR code from that URL (any free QR generator works, or use a QR with tracking parameters)
Print and display

When a customer scans and submits, their consent record appears in your audit vault with full session recording. The consent is tied to your specific form version — so if you update your disclosure language later, old consents are logged against the form version that was active when they signed up.

Handling Staff-Assisted Sign-Ups

Sometimes customers ask staff to help with the form. This is fine — the session recording will show the interaction. Train staff to:

Hand the customer the phone/tablet to enter their own number
Not pre-enter customer information before handing over the device
Never check the consent checkbox on behalf of a customer

If a staff member fills out the form on a customer's behalf without the customer's participation, that is not valid TCPA consent regardless of the digital record.

The Comparison: Paper vs. QR Code Consent

Proof Element	Paper Form	QR Code Consent Form
Timestamp	Staff-entered, unverified	Auto-generated, server-side
IP address	None	Captured
Geolocation	None	Captured
Form version tracking	None	Automatic
Session recording	None	Full interaction replay
Tamper-proof storage	No	Append-only audit vault
Hash verification	No	SHA-256 hash
TCPA defense value	Weak	Strong

The transition from paper to QR code consent is not a technology upgrade — it's a liability reduction. Every paper sign-up sheet you're still accepting is a liability you cannot defend.

For more on what a consent record must contain to be defensible in court, see: What Is a Compliance Certificate for SMS Consent →

Create your QR code consent form →