Good to know: Single Opt-in and Double Opt-in describe how consent is collected and verified. They do not determine what type of messages a contact will receive. These are two separate questions, and keeping them apart is the key to setting up consent correctly.
The three dimensions of an opt-in
Every opt-in has three independent properties:
Verification and Intent: Single Opt-in or Double Opt-in
Scope: what type of messages the contact has consented to receive
Channel: which channel the opt-in applies to (WhatsApp, RCS...)
These three dimensions are completely independent of each other. The type of opt-in (single or double) does not determine the scope of messages, and neither is tied to a specific channel.
Dimension 1: Verification and Intent
This dimension answers the question: "Is this really their number, did the consent genuinely come from them, and did they actively and knowingly choose to subscribe?"
Single Opt-in (SOI)
The contact performs one action, such as submitting a form, ticking a checkbox, or entering their phone number via thank you page widget. You have their stated consent, but no proof that the number they entered actually belongs to them, that they control it, or that they were fully aware of what they were signing up for. Typos, fat-fingered numbers, someone entering a colleague's number, pre-checked boxes, bots: all of that sails through a Single Opt-in.
Examples of Single Opt-in collection:
Ticking a checkbox on a booking form
Submitting a phone number at checkout
Being imported via CSV with a pre-confirmed opt-in flag
Double Opt-in (DOI)
After the initial sign-up, a confirmation message is sent to that exact number, for example "reply YES to confirm" or "enter the 6-digit code sent to your number", and the subscription only activates once the contact completes that second step inside the channel they are subscribing to.
This is the key point: the DOI confirmation always happens in the actual channel. This proves two things at once:
Verification: the number is real, reachable, and controlled by that person
Intentionality: the person consciously and actively chose to subscribe, inside the exact channel they are signing up for, leaving no room for accidental sign-ups or third-party submissions
A Single Opt-in cannot guarantee either. The DOI step removes ambiguity because only the real owner can complete it, and completing it is an unambiguous, conscious act.
DOI and GDPR
Double Opt-in is the strongly recommended approach for full GDPR compliance. Under GDPR, consent must be freely given, specific, informed, and unambiguous.
A DOI provides a clear, timestamped confirmation trail showing that the contact actively confirmed their subscription from their own device, in their own channel. This makes your consent records far more robust and significantly reduces legal exposure in case of a complaint.
A clean way to remember it: Single vs. Double = "Is this really your number, and did you actively and knowingly choose to subscribe?"
Dimension 2: Scope
This dimension answers the question: "What type of messages can we send to this contact?"
Scope is entirely independent of the opt-in method. You can collect a Single Opt-in for marketing, or a Double Opt-in for transactional messages only. The checkbox or confirmation message simply needs to clearly state what the contact is signing up for.
Common scope types:
Transactional: messages directly tied to a transaction or service, such as appointment updates, order confirmations, or shipping notifications
Marketing: promotional messages, offers and campaigns
Custom: a brand-defined scope combining or extending the above
Dimension 3: Channel
This dimension answers the question: "Which channel is this consent valid for?"
Best practice is to collect separate opt-ins per channel, because:
Verification methods differ per channel (a WhatsApp DOI confirmation happens in WhatsApp; an RCS DOI confirmation happens in RCS)
Regulatory requirements and platform policies may differ per channel
A contact may want to receive WhatsApp messages but not SMS, or vice versa
Examples of channel-specific opt-ins: WhatsApp, RCS, Email, SMS.
All combinations are valid.
Verification | Scope | Channel | Valid? |
Single Opt-in | Transactional | Yes | |
Single Opt-in | Marketing | Yes | |
Double Opt-in | Transactional | Yes | |
Double Opt-in | Marketing | Yes | |
Double Opt-in | Marketing | RCS | Yes |
Single Opt-in | Transactional | Yes |
Points that are often confused
Single Opt-in does not mean transactional only. It describes how consent was collected, not what messages you can send.
Adding marketing language to a checkbox does not turn it into a Double Opt-in. A checkbox is always a Single Opt-in, regardless of what it says.
Double Opt-in is not only for marketing. It is the recommended approach for any use case where strong consent, verification, and GDPR alignment matter.
A single opt-in does not automatically cover every channel. Best practice is to collect a separate opt-in per channel.
A checkbox can be enough for consent in some cases, but a Double Opt-in provides a stronger and more defensible record.
Summary
Dimension | Question it answers | Options |
Verification & Intent | Is this really their number, and did they knowingly subscribe? | Single Opt-in / Double Opt-in |
Scope | What did they consent to receive? | Transactional / Marketing / Custom |
Channel | Which channel does it apply to? | WhatsApp / RCS / Email / SMS... |
Bottom line: Double Opt-in is the recommended approach for WhatsApp. It provides the strongest verification and intentionality signal, the best GDPR position, and stronger protection for your deliverability and quality rating. When in doubt, go with Double Opt-in.