Consent Record
Number, act, exact language version, attribution, integrity hash, lifecycle. If the record cannot show what the subscriber saw, it is testimony, not evidence.
Think of a consent record as a small evidence file assembled at the moment of opt-in. The complete anatomy:
- Identity: phone number (and name/email where collected).
- The act: checkbox state and the form interaction, ideally session-recorded.
- The language: the exact disclosure text and form version displayed — not a reference to the current version.
- Attribution: timestamp (timezone-fixed), IP address, page URL, user agent, geolocation where captured.
- Integrity: a cryptographic hash or append-only storage proving the record has not been edited since capture.
- Lifecycle: linked revocation events and the record's verification endpoint.
The most common defect is language drift: the form changed in 2025, the record points at "the consent form," and nobody can produce what the subscriber actually saw in 2024. Version pinning is what separates a record from a recollection.
Frequently asked questions
Related glossary terms
An audit trail is the chronological, tamper-evident record of consent events — capture, modifications, revocations — that lets a sender reconstruct and prove the consent state of any number at any point in time.
Consent proof is the evidentiary record that a recipient explicitly opted in to SMS — typically a timestamped, IP-logged, hash-locked record of what the user saw and when they consented.
Session replay records the exact UI interactions during an opt-in (mouse, scroll, clicks, form fields) so the consent moment can be re-watched as evidence in a TCPA dispute.