Consent Attestation
What is Consent Attestation?
Consent attestation is the cryptographic proof that eConsent generates for every consent certificate. It goes beyond a simple timestamp or IP log by tying together multiple independent pieces of evidence about what the consumer saw, how they interacted with the page, and when the consent event occurred.
Every certificate includes an attestation section that provides defensible evidence for litigation and compliance audits.
What the Attestation Captures
Each attestation includes the following evidence:
| Evidence | Description |
|---|---|
| Consent disclosure text | The exact TCPA disclosure language shown to the consumer |
| Full page content | The entire rendered page at the moment of consent |
| Form field values | The submitted form data (phone, email, name) |
| Partner disclosures | If multiple parties are named in the disclosure, each is individually extracted |
| Interaction chain | Mouse movements, clicks, scrolls, and form interactions leading to consent |
| Visibility proof | Whether the consent language was actually visible in the consumer’s viewport |
| WCAG accessibility score | Contrast ratio and font size assessment of the disclosure |
| Language detection | The detected language of the consent disclosure |
Understanding SHA-256 Hashes
Every attestation includes multiple SHA-256 hashes. SHA-256 is a cryptographic hash function that produces a unique 64-character fingerprint of any content. If even a single character changes, the hash is completely different.
What the hashes prove
- Disclosure hash — Proves the exact wording shown to the consumer. If you change your TCPA disclosure text, the hash changes, creating a new version.
- Page content hash — Captures the full rendered page, proving the surrounding context (layout, other disclosures, form structure) at the time of consent.
- Form data hash — Proves the integrity of the submitted PII (phone, email, name) without exposing the raw data.
How to verify a hash
On any certificate page, you can see the SHA-256 hashes in the Attestation section. These hashes are computed at capture time and stored immutably. If you have the original content, you can independently compute the SHA-256 hash and compare it to the certificate’s hash to confirm the content has not been altered.
Reading the Attestation on a Certificate Page
When you open a certificate in your dashboard or via the certificate URL, the attestation section shows:
- Content Hashes — The SHA-256 hashes for disclosure text, page content, and form data
- Visibility Proof — Whether the consent disclosure was visible in the consumer’s viewport at submission time, including scroll position and viewport dimensions
- Interaction Chain — A summary of the consumer’s interactions (clicks, scrolls, form inputs) leading up to the consent event
- Accessibility Score — WCAG 2.1 contrast and readability assessment (AAA, AA, or Fail)
- Language — The detected language of the disclosure text
- Template Match — If the disclosure hash matches a registered consent template, the template name and version are shown
Why Attestation Matters
In TCPA litigation, the burden of proof falls on the business to demonstrate that consent was obtained properly. A simple log entry showing “user clicked submit” is often insufficient. eConsent’s attestation provides:
- Cryptographic proof that the disclosure text has not been altered since capture
- Visual proof that the disclosure was visible and readable
- Behavioral proof that the consumer actively interacted with the form
- Versioning proof that links the consent to a specific disclosure version
Learn More
- See the full Consent Attestation documentation for technical details
- Learn about Consent Versioning and how templates work with attestation
- Contact support@econsent.org for questions
Did this answer your question?
