Consent Tracking
Track consent lifecycle across regions and products
Capture consent events, policy versions, and revocations in one consent ledger with tenant-level controls.
What it does
Centralizes consent status, legal text versioning, and downstream enforcement across applications.
Who it is for
Product compliance teams, growth operations, legal operations, and privacy officers.
Key workflows
- Capture and timestamp consent source events
- Version policy text and locale changes
- Enforce revocation in connected systems
- Prepare consent evidence packs for audits
Outcomes
Improve consent transparency, reduce policy drift, and simplify audit evidence collection.
Frequently asked questions
Consent management is the practice of capturing, storing, and honouring an individual's permission to process their data — including the ability to withdraw it. It covers what they agreed to, which version of the policy they saw, when they agreed, and what happened when they changed their mind.
No. Consent is one of six lawful bases under GDPR, and often not the right one. Processing needed to deliver a contract, or justified by legitimate interests, does not require consent. Asking for consent you do not need creates an obligation to honour a withdrawal you did not have to accept.
It must be freely given, specific, informed, and unambiguous — an affirmative action, not a pre-ticked box or continued browsing. It must be as easy to withdraw as it was to give, and you must be able to demonstrate that it was obtained.
Processing that relied on that consent must stop, and the withdrawal must propagate to every downstream system that received the data. The hard part is not the button — it is proving, months later, that the withdrawal actually reached the marketing platform, the analytics tool, and the data warehouse.