What it means
An opt-in is a clear, affirmative action by the customer that says: yes, I agree to receive WhatsApp messages from your business. The exact form depends on the jurisdiction, but the principles are universal: it must be unambiguous, it must be recorded with a timestamp, it must be revocable at any time, and the channel and purpose must be clear at the moment of opt-in.
Examples of valid opt-in mechanisms: a checkbox on a sign-up form (NOT pre-ticked), an 'agree' tap inside a WhatsApp Flow, a verbal confirmation in a call that is logged, or replying YES to a confirmation message.
The opposite is opt-out: an easy, one-click way for the customer to stop receiving messages, present in every broadcast.
Why it matters
Opt-in discipline protects three things at once: legal exposure (PDPA, GDPR, DNC), Meta account health (quality rating drops with non-consenting recipients), and brand reputation.
The cost of skipping it is real. Quality drops, account suspensions, fines under data laws, and (worst) customer trust erosion. The cost of doing it right is one extra checkbox at sign-up.
Example
A fitness studio runs Click-to-WhatsApp ads. Every lead who arrives through the ad must explicitly tap an 'agree to receive marketing messages' button before being added to the broadcast list. Two months later, regulators audit a competitor; the studio's audit trail (timestamps, consent text shown, lead source) protects them entirely. The competitor without records gets fined.