eConsent is a TCPA consent verification platform that captures, certifies, and verifies consumer consent in real time. It provides session recordings, tamper-proof certificates with SHA-256 hashing, and identity verification for businesses that need to prove consent was obtained.

How do I install eConsent on my website?

Add one script tag to your page with your Company ID. No SDK, no build step required. Consent recording starts immediately. eConsent works on any website including WordPress, React, and static HTML.

How much does eConsent cost?

eConsent offers four plans: Starter at $199/month (1,000 retentions), Growth at $750/month (10,000 retentions), Enterprise at $1,500/month (50,000 retentions), and High Volume with custom pricing. All plans include session replay, consent certificates, and verification API. No contracts required.

How is eConsent different from TrustedForm?

eConsent provides a modern alternative to TrustedForm and Jornaya with transparent pricing, a simple verification API, real-time session replay, identity verification dossiers, Meta Lead Ads integration, and infrastructure built with Rust for performance. No long-term contracts required.

Is eConsent secure and tamper-proof?

Yes. Every certificate is SHA-256 hashed and stored in Amazon S3 with Object Lock in COMPLIANCE mode for up to 7 years. Certificates cannot be modified or deleted by anyone. All data is encrypted with TLS 1.2+ in transit and AES-256 at rest.

What is the best TCPA consent verification platform?

eConsent is a modern TCPA consent verification platform offering session recordings, tamper-proof certificates, identity verification, and Meta Lead Ads integration. Unlike legacy providers like TrustedForm and Jornaya, eConsent offers transparent pricing starting at $199/month with no contracts, a simple one-script-tag installation, and core infrastructure built in Rust for performance and security.

Does eConsent work with Meta Lead Ads and Facebook leads?

Yes. eConsent connects to your Facebook Pages via OAuth and automatically generates consent certificates for every lead submitted through Meta Lead Ad forms. Each certificate captures the form definition, consent language, disclaimer responses, ad attribution, and includes a visual replay of the form experience.

What is a TCPA consent certificate?

A TCPA consent certificate is a tamper-proof digital record proving that a consumer provided prior express written consent as required by the Telephone Consumer Protection Act. eConsent generates these certificates automatically, including the exact consent language displayed, a full session replay, timestamp, IP address, and a SHA-256 cryptographic hash for integrity verification.

Legal

Privacy Policy

This agreement is between eConsent LLC and the client with regard to access and use of econsent.org and related services. Contact us with questions.

Effective as of January 1, 2025 | Last Updated: April 1, 2026

Introduction

eConsent LLC (“eConsent”, “we”, “us”, or “our”) operates a consent verification and TCPA compliance platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit econsent.org, use our applications, or access any services we provide (collectively, the “Services”).

This policy applies to two categories of individuals:

Customers: Businesses and individuals who register for and use the eConsent platform
Consumers: Individuals whose consent interactions are documented through our Services on behalf of our Customers

By using the Services, you consent to the practices described herein.

How Our Service Works

eConsent provides TCPA compliance tools that help businesses document and verify consumer consent. Our Services include:

Session Recording: When enabled by our Customers, eConsent records user interactions on web forms using session replay technology. This creates a visual record of the consent experience, including what was displayed, what was clicked, and what information was entered.
Consent Certificates: We generate tamper-proof digital certificates that document the consent event, including timestamps, consent language displayed, consumer responses, and associated metadata.
Meta Lead Ad Certificates: For leads submitted through Facebook and Instagram Lead Ad forms, we retrieve the lead data and form definition from Meta’s APIs to generate consent certificates documenting the consumer’s interaction with the ad form.
Verification APIs: Our Customers can programmatically verify the existence and validity of consent certificates.

Information We Collect

Customer Data

We collect personally identifiable information that Customers voluntarily provide when registering for an account or using our Services:

Account information (name, email address, phone number, company name, job title)
Billing and payment information (processed by our payment provider; we do not store complete credit card numbers)
Usage data and platform interaction logs
Support communications

On behalf of our Customers, our Services process the following consent-related data:

Session recordings: Visual replays of form interactions captured using session replay technology (rrweb). Recordings may include page content, mouse movements, clicks, scroll behavior, and form inputs. Password fields are masked by default. Customers may configure additional field masking for any input they designate as sensitive.
Form data: By default, eConsent captures only core PII fields necessary for consent verification (name, email, phone number, address). Customers may expand the scope of data captured by whitelisting additional form fields through their property settings. Non-whitelisted field data is not captured unless the Customer explicitly enables it.
Consent language: The exact text of disclosures, terms, and consent checkboxes displayed to the consumer at the time of interaction.
Technical metadata: IP address, browser type, operating system, device information, approximate geographic location (derived from IP), referring URL, and page URL.
Timestamps: Precise date and time of each consent event.
Digital signatures: Cryptographic hashes used to verify certificate integrity and detect tampering.

Meta Lead Ad Data

When our Customers connect their Facebook Pages to eConsent, we process lead data retrieved from Meta’s Graph API:

Lead form responses (field_data) as submitted by the consumer
Custom disclaimer responses and consent checkbox states
Form definition including questions, privacy policy links, and disclaimer text
Ad attribution data (ad ID, campaign ID, ad set ID)
Platform identifier (Facebook or Instagram)
Advertiser-configured tracking parameters

This data is processed solely for the purpose of generating consent certificates on behalf of the Customer.

Derivative Data

Our servers automatically collect certain information when you access the Services, including your IP address, browser type, operating system, access times, pages viewed, and the pages you visited directly before and after accessing the Services.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your interactions with our Services. Our session recording technology uses JavaScript-based DOM observation to capture form interactions. You can control cookie preferences through your browser settings.

Session Recording and Third-Party Tracking Disclosure

eConsent deploys session recording technology on our Customers’ websites. This technology:

Captures a visual replay of the consumer’s interaction with web forms
Records mouse movements, clicks, scroll behavior, keystrokes (in form fields), and page content
Masks designated sensitive fields (passwords, SSN, credit card numbers) using cryptographic hashing so that masked data appears only as asterisks in replays
Operates as a third-party script loaded from eConsent’s content delivery network

Notice to Customers: If you implement eConsent’s session recording on your website, your privacy policy must clearly and conspicuously disclose the use of third-party session recording and tracking technology. You are responsible for providing appropriate notice to consumers visiting your website and for ensuring compliance with all applicable privacy laws regarding session recording and consent.

Notice to Consumers: If you are a consumer interacting with a website that uses eConsent’s technology, the website operator is responsible for disclosing the use of session recording in their privacy policy. If you have questions about how your consent data is being used, please contact the company whose website you visited.

Use of Information

Customer Information

We use Customer information to:

Create and manage accounts
Provide, operate, and maintain the Services
Process payments and fulfill subscriptions
Communicate about account status, updates, and service changes
Provide customer support
Analyze usage patterns and improve the Services
Monitor and prevent fraudulent activity
Comply with legal obligations

Consumer consent data processed through our platform is used exclusively to:

Generate consent certificates on behalf of our Customers
Create session recordings and replays for consent verification
Provide certificate verification through our APIs
Maintain tamper-proof records of consent events
Support our Customers’ TCPA compliance efforts

We do not sell consumer consent data. We do not use consumer consent data for our own marketing purposes. We do not use consumer consent data to build consumer profiles for advertising.

Data Processing Roles

As Data Processor

When processing consumer consent data on behalf of our Customers, eConsent acts as a data processor. Our Customers are the data controllers who determine the purposes and means of processing. The processing of such data is governed by our customer agreements and applicable Data Processing Addenda (DPA).

If you are a consumer whose data has been processed through our platform, please contact the company that collected your consent for information about their privacy practices.

As Data Controller

For data we collect directly from our Customers and website visitors (account information, usage data, support communications), eConsent acts as the data controller.

Disclosure of Information

Third-Party Service Providers

We share information with service providers who perform services on our behalf, including:

Cloud infrastructure providers (Amazon Web Services)
Payment processing (Stripe)
Email delivery (SendGrid)
Analytics services
Content delivery networks

These providers are contractually obligated to use information only as necessary to provide services to us and are bound by confidentiality obligations.

By Law or to Protect Rights

We may disclose information when required by law, in response to legal process (subpoena, court order, or government request), to investigate potential violations, or to protect the rights, property, and safety of eConsent, our Customers, or others.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or asset sale, information may be transferred to the successor entity. We will notify affected parties of any change in ownership or control.

With Customer Direction

We may disclose consumer consent data at the direction of the Customer on whose behalf the data was collected, in accordance with our customer agreement.

Meta Platform Data

Lead data retrieved from Meta’s APIs is processed and stored solely for certificate generation purposes. We do not sell, share, or repurpose Meta lead data beyond the scope of creating consent certificates for the Customer who connected their Facebook Page. Our use of Meta data complies with Meta’s Platform Terms and Developer Policies.

Data Retention

Consent certificates and associated session recordings are retained in accordance with the Customer’s subscription plan and configured retention period. Customers may configure retention periods appropriate for their compliance needs.

Certificate data stored in our long-term archival storage (Amazon S3 with Object Lock) is retained for up to seven (7) years in compliance mode to support TCPA statute of limitations requirements. This data cannot be modified or deleted during the retention period.

Customer Account Data

Customer account data is retained for as long as the account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Upon account termination, we retain data as necessary for legal compliance and then securely delete or anonymize it.

Session Recordings

Session recordings stored on our servers are retained according to the Customer’s configured retention policy. Recordings may be uploaded to long-term archival storage based on the Customer’s plan. Local copies are deleted after archival upload is confirmed.

Data Security

We implement administrative, technical, and physical security measures to protect information, including:

AES-256-GCM encryption for sensitive data at rest (such as access tokens)
TLS encryption for all data in transit
SHA-256 cryptographic hashing for certificate integrity verification
HMAC-SHA256 signatures for webhook payload verification
Access controls and authentication requirements
Regular security assessments

Despite reasonable efforts, no security measures are perfect or impenetrable. No method of data transmission can be guaranteed against interception or misuse.

No Recording Guarantee

eConsent uses commercially reasonable efforts to capture and record consent interactions. However, due to the nature of web technologies, browser configurations, network conditions, ad blockers, and other factors outside our control, we cannot guarantee that every session will be recorded or that every recording will be complete. eConsent is not liable for sessions that fail to record or for incomplete recordings.

Policy for Children

eConsent does not knowingly solicit information from or market to children under the age of 13. If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete that information promptly.

Do-Not-Track Signals

No uniform technology standard for recognizing and implementing Do-Not-Track (“DNT”) signals has been finalized. We do not currently respond to DNT browser signals.

Your Rights

Account Holders

You may review, update, or delete your account information at any time by logging into your account settings or contacting us. You may opt out of marketing communications using the unsubscribe link in our emails.

Consumers

If you are a consumer whose consent data was processed through our platform, please contact the company that collected your consent to exercise your rights. As a data processor, we will assist our Customers in responding to verified consumer requests in accordance with applicable law.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose
Delete your personal information, subject to certain exceptions
Opt-out of the sale or sharing of your personal information
Non-discrimination for exercising your privacy rights
Correct inaccurate personal information

We do not sell or share personal data as defined by the CCPA. We do not use or disclose sensitive personal information other than for business purposes permitted under the CCPA.

To exercise your rights, contact us at privacy@econsent.org or support@econsent.org.

International Users

If you are accessing the Services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Services, you consent to the transfer of information to the United States.

Changes to This Privacy Policy

We may update this Privacy Policy at any time. We will notify you of significant changes by posting the updated policy on our website, sending an email, or providing notice within the Services. Continued use after notification constitutes acceptance of the modified policy.

Contact Us

eConsent LLC 1637 East Valley Parkway #237 Escondido, California 92027

Email: support@econsent.org Privacy inquiries: privacy@econsent.org