STELLA AUTOMOTIVE AI, INC.
10DLC SMS COMPLIANCE POLICY

1. PURPOSE

This policy outlines the procedures adopted by STELLA AUTOMOTIVE AI, INC. (“STELLA”) to comply with the rules and standards governing 10DLC (10-digit long code) SMS text messaging campaigns in the United States. These rules are set by mobile carriers, The Campaign Registry (“TCR”), and regulatory authorities including the FCC and CTIA. The purpose is to ensure legal compliance, transparency, and ethical standards in all AI-powered outreach.

2. SCOPE

This policy applies to all employees, contractors, and departments that utilize AI systems for generating or distributing outbound communications to consumers, clients, or business contacts. The 10DLC SMS program allows STELLA to communicate with its customers using application-to-person (A2P) messaging via standard 10-digit phone numbers. This program is subject to registration, vetting, and content monitoring by mobile carriers and TCR.

3. CAMPAIGN REGISTRATION

Responsible Party: Telnyx LLC (“Telnyx”)

Telnyx will register each SMS campaign with TCR through its approved messaging provider.

Information provided will include:

• Legal business name and EIN
• Message content samples
• Website and privacy policy URL
• Opt-in and opt-out description

Approval: all campaigns must be vetted by and approved prior to initializing any live SMS traffic.

4. CONSENT AND OPT-IN

All users must expressly consent to receive text message. No messages may be sent via phone or SMS without verified consent from the recipient as required by applicable federal or state law.

Consent must be explicit, recorded and revocable; it must be obtained and documented before initiating automated SMS campaigns.

Acceptable Opt-in methods include:

• Online web forms
• Written consent via paper forms
• Keyword initiated opt-in via SMS

Sample opt-in disclosure:
“By providing your phone number, you consent to receive marketing text messages from [STELLA] at the number provided. Message and data rates may apply. Reply STOP to unsubscribe.”

5. OPT-OUT

Every SMS message must include clear opt-out language and an easy to use method for the recipient to opt out of future communications, such as:

“Reply STOP to unsubscribe.”

Opt-out requests must be honored immediately, but in all cases, a request should be honored within 24 hours of the transmission of the opt-out language.

Maintain a suppression list to avoid messaging opted out numbers. Opted-out numbers are to be suppressed from future messaging via automated mechanisms.

6. CONTENT COMPLIANCE

• All communications must comply with the Telephone Consumer Protection Act (“TCPA”) and relevant state laws
• All AI communication systems must be periodically audited
• No impersonation unless explicitly authorized
• SHAFT content, fraudulent, misleading, or illegal messages are prohibited

7. DATA USE AND PRIVACY

• Compliance with CCPA/CPRA and GDPR where applicable
• No sale or sharing of phone numbers without consent
• Sensitive data requires explicit written authorization

8. SECURITY, MONITORING AND ENFORCEMENT

• SMS logs retained for four (4) years
• Annual staff compliance training
• Immediate campaign suspension upon violation discovery
• Internal investigation and corrective action