Consent Tracking
How Consent Tracking Works
When a consumer visits a page with the eConsent script installed, three things happen automatically:
- Session recording begins — eConsent captures the full DOM state, mouse movements, clicks, scrolls, and form interactions using rrweb technology
- Consent language is detected — The script identifies TCPA disclosure text on the page using your configured consent selector
- Certificate is generated on submission — When the consumer submits the form, eConsent creates a tamper-proof consent certificate
Session Recording
eConsent records the consumer’s entire session as a series of DOM snapshots and incremental changes. This is not a video — it’s a pixel-perfect reconstruction of what the consumer saw and did.
Recordings capture:
- Mouse movements and clicks with millisecond precision
- Scroll behavior — how far they scrolled, what was visible
- Form inputs — only whitelisted PII fields (name, email, phone, address by default)
- Page content — the exact consent language, disclaimers, and form layout
Privacy Controls
- Password fields are automatically masked in every recording
- Customers can mark any field as sensitive — it appears as asterisks in replays
- Additional fields beyond core PII require explicit whitelisting
- No data is persisted on the consumer’s device beyond a session identifier
Consent Detection
eConsent identifies the TCPA disclosure language on your page using a consent selector — a CSS selector that points to the element containing your consent text.
Configuring the Consent Selector
- Navigate to your property settings in the dashboard
- Enter the CSS selector for your consent language element (e.g.,
#tcpa-disclosure,.consent-text) - Use the Inspector tool to verify eConsent detects the correct text
The Inspector loads your live page and highlights which fields are captured, masked, or ignored — and shows the exact consent language detected.
Multi-Consent Support
eConsent supports pages with multiple consent disclosures. If your form includes separate TCPA consent, marketing consent, and partner sharing consent, each can be captured independently using multiple consent selectors.
Certificate Generation
When a form is submitted, eConsent generates a consent certificate containing:
| Field | Description |
|---|---|
| Certificate ID | Unique identifier for this consent event |
| Timestamp | Exact date and time of consent (UTC) |
| IP Address | Consumer’s IP address at time of consent |
| Consent Language | The exact TCPA disclosure text displayed |
| Form Data | Whitelisted PII fields (name, email, phone, etc.) |
| Session Recording | Link to the full session replay |
| SHA-256 Hash | Cryptographic hash for tamper detection |
| Page URL | The URL where consent was captured |
Immutable Storage
Certificates are stored in Amazon S3 with Object Lock in COMPLIANCE mode. Once archived:
- They cannot be modified or deleted — by anyone, including eConsent
- Retention period is configurable up to 7 years
- Each certificate includes a SHA-256 hash for integrity verification
Field Mapping
Use the Inspector tool to map form fields on your page to eConsent’s expected field names. This ensures the correct data appears on certificates.
The Inspector shows:
- Green — Field is being captured
- Amber — Field is masked (sensitive data)
- Grey — Field is ignored (not captured)
Verification Dossier
Certificates can be enriched with additional verification signals:
- OTP Verification — Confirm phone ownership via SMS one-time passcode
- Identity Verification — Match submitted PII against known records
- Carrier Lookup — Verify mobile vs. landline and carrier details
- Fraud Detection — Score the session for fraud risk
These results appear in the Verification Dossier section of the consent certificate, creating a comprehensive proof of legitimate consent.
Need Help?
- Use the Inspector to debug field capture issues
- Review Script Installation for setup details
- Contact support@econsent.org for assistance
Did this answer your question?
