eConsent is a TCPA consent verification platform that captures, certifies, and verifies consumer consent in real time. It provides session recordings, tamper-proof certificates with SHA-256 hashing, and identity verification for businesses that need to prove consent was obtained.

How do I install eConsent on my website?

Add one script tag to your page with your Company ID. No SDK, no build step required. Consent recording starts immediately. eConsent works on any website including WordPress, React, and static HTML.

How much does eConsent cost?

eConsent offers four plans: Starter at $199/month (1,000 retentions), Growth at $750/month (10,000 retentions), Enterprise at $1,500/month (50,000 retentions), and High Volume with custom pricing. All plans include session replay, consent certificates, and verification API. No contracts required.

How is eConsent different from TrustedForm?

eConsent provides a modern alternative to TrustedForm and Jornaya with transparent pricing, a simple verification API, real-time session replay, identity verification dossiers, Meta Lead Ads integration, and infrastructure built with Rust for performance. No long-term contracts required.

Is eConsent secure and tamper-proof?

Yes. Every certificate is SHA-256 hashed and stored in Amazon S3 with Object Lock in COMPLIANCE mode for up to 7 years. Certificates cannot be modified or deleted by anyone. All data is encrypted with TLS 1.2+ in transit and AES-256 at rest.

What is the best TCPA consent verification platform?

eConsent is a modern TCPA consent verification platform offering session recordings, tamper-proof certificates, identity verification, and Meta Lead Ads integration. Unlike legacy providers like TrustedForm and Jornaya, eConsent offers transparent pricing starting at $199/month with no contracts, a simple one-script-tag installation, and core infrastructure built in Rust for performance and security.

Does eConsent work with Meta Lead Ads and Facebook leads?

Yes. eConsent connects to your Facebook Pages via OAuth and automatically generates consent certificates for every lead submitted through Meta Lead Ad forms. Each certificate captures the form definition, consent language, disclaimer responses, ad attribution, and includes a visual replay of the form experience.

What is a TCPA consent certificate?

A TCPA consent certificate is a tamper-proof digital record proving that a consumer provided prior express written consent as required by the Telephone Consumer Protection Act. eConsent generates these certificates automatically, including the exact consent language displayed, a full session replay, timestamp, IP address, and a SHA-256 cryptographic hash for integrity verification.

How to Prove TCPA Consent in Court: The Evidence That Actually Holds Up

A consumer calls your company, provides their phone number, checks a consent box, and submits a form. Six months later, you get served with a TCPA lawsuit claiming you called without consent.

You know consent was given. The question is whether you can prove it.

This post covers what evidence courts actually accept in TCPA cases, why common approaches fail, and what kind of consent documentation survives litigation. If you are buying or selling leads, running outbound campaigns, or operating consent forms at any scale, this is the framework that matters.

The Burden of Proof Problem

In TCPA litigation, the burden of proof sits squarely on the defendant. The plaintiff says “I never consented.” You have to prove they did.

This is an asymmetric problem. The consumer does not need to prove a negative. They just need to credibly claim they did not consent, and you need to produce evidence that they did. If your evidence is weak, ambiguous, or easily challenged, you lose. At $500 to $1,500 per call, losing adds up fast.

Courts have been remarkably consistent in what they accept and reject. The pattern is clear enough to build a strategy around.

Evidence That Courts Reject

Database records and CRM entries

In Braver v. NorthStar Alarm Services (2021), the court found that internal database records showing a consumer had “opted in” were insufficient standing alone. A database entry proves that someone entered data into a system. It does not prove what the consumer saw, what they agreed to, or that they took any specific action.

The problem is provenance. Who created the record? When? Based on what? A defendant saying “our system shows they opted in” is essentially testifying about their own records, which a plaintiff’s attorney will immediately challenge as self-serving.

Static screenshots

Screenshots of consent forms are marginally better than database records, but courts have increasingly questioned their reliability. A screenshot shows what a page could have looked like. It does not show what a specific consumer saw at a specific time.

In practice, web pages change. A/B tests rotate. Disclosure language gets updated. A screenshot from “around the time” the consumer visited is not proof of what they experienced. And because screenshots can be created after the fact, they carry an inherent credibility problem.

IP address logs

Server logs showing an IP address submitted a form at a given timestamp prove that a request was made. They do not prove:

What page the consumer saw
Whether consent disclosures were visible
Whether the consumer actually clicked a consent checkbox
Whether the IP address corresponds to the specific individual who filed the complaint

IP logs are supporting evidence at best. Courts have never accepted them as standalone proof of consent.

Checkbox state without context

Some companies store whether a checkbox was checked at the time of form submission. This is slightly better than a bare database record, but it still lacks context. Was the checkbox pre-checked? Was the disclosure language visible? What did it say? A checkbox value without the surrounding experience is a data point, not proof.

Evidence That Courts Accept

The gold standard in TCPA case law is a complete record of the consent transaction. In Leyse v. Lifetime Entertainment Services and similar cases, courts have looked for:

The exact disclosure language the consumer saw. Not a template, not a “standard form,” but the specific text displayed during that consumer’s session.
A clear record of the consumer’s affirmative action. Evidence that the consumer actively did something to indicate consent, such as checking a box, clicking a button, or signing a form.
Timestamp and identity correlation. Proof tying the consent action to a specific individual at a specific time.
Chain of custody. Evidence that the consent record has not been modified since it was created.

When all four elements are present, defendants have a strong position. When any element is missing, plaintiffs find an angle of attack.

Session recordings as visual evidence

Session recordings have emerged as the strongest form of consent evidence in TCPA cases. A session recording captures the consumer’s actual interaction with the consent page: what was displayed, where they scrolled, what they clicked, and when they submitted the form.

This is qualitatively different from any other type of evidence because it does not require interpretation. A judge can watch the recording and see for themselves whether consent was obtained. There is no ambiguity about what the page looked like, whether the disclosure was visible, or whether the consumer took an affirmative action.

The key requirements for session recordings to be effective as evidence:

Complete DOM capture. The recording must show the full page state, not just a screen capture. This includes text content, form fields, checkboxes, and any dynamic elements.
Timestamped and correlated. The recording must be tied to the specific consumer and the specific consent event, not just a generic demo of what the form “usually” looks like.
Immutable storage. The recording must be stored in a way that prevents post-hoc modification. If a plaintiff can argue the recording was edited, its value collapses.

A consent certificate is a structured, cryptographically signed document generated at the moment of consent. It serves as the formal record of the consent transaction, analogous to a notarized document.

An effective consent certificate includes:

Consumer identifiers. Phone number, email, IP address, user agent string.
Consent timestamp. UTC time of the consent event.
Disclosure content. The exact TCPA disclosure language displayed, or a hash of the page content at the time of consent.
Consent action. Description of the affirmative action taken (e.g., “clicked Submit button,” “checked consent checkbox”).
Seller identification. The specific company the consumer consented to hear from, satisfying the FCC one-to-one requirement.
Cryptographic hash. A SHA-256 hash of the entire certificate, creating a tamper-evident seal. Any modification to the certificate data changes the hash, making alterations detectable.
Associated session recording. A link to the immutable session recording of the consent event.

The cryptographic hash is what transforms a consent certificate from a business record into a legal artifact. It provides the chain of custody that courts look for. The certificate either matches its hash (proving it has not been altered) or it does not (proving tampering occurred). There is no gray area.

The MP4 Question: Why Video Format Matters

Some consent verification approaches store session data as raw event logs or proprietary formats that require specific software to replay. This creates a problem in litigation: you need the opposing party, the court, and potentially a jury to be able to view the evidence.

An MP4 video file is universally playable. It can be opened on any computer, attached to a legal filing, played in a courtroom, and reviewed by anyone without specialized software. It is also a sealed artifact. Unlike a replay rendered from raw event data, which could theoretically be manipulated by altering the replay engine, an MP4 is a fixed recording.

eConsent generates immutable MP4 recordings of every consent session. The video is rendered server-side from DOM capture data, hashed with SHA-256, and stored with seven-year retention. The result is a court-ready video file that plays anywhere and proves exactly what happened.

Based on the patterns in TCPA case law, here is what a defensible consent record looks like:

Capture the full session. Record the consumer’s entire interaction with the consent page, including page load, scrolling, form interaction, and submission.
Generate a certificate at the moment of consent. Do not reconstruct consent records after the fact. Generate the certificate in real time, as the consent event occurs.
Hash everything. Apply SHA-256 hashing to both the consent certificate and the session recording. This creates a verifiable chain of custody from the moment of consent forward.
Store immutably. Use storage that prevents modification. Seven-year retention covers the longest state statutes of limitations and gives you a comfortable margin.
Make evidence portable. Consent proof should be accessible to anyone in the chain: lead buyers, legal counsel, regulators. If proof requires logging into a proprietary system with special credentials, it is harder to use in litigation.
Tie identity to consent. The consent record should include enough identity signals to conclusively link the consent event to the specific consumer who claims they did not consent.

What Happens When You Have the Right Evidence

The strongest position in a TCPA case is not winning at trial. It is never going to trial.

When you respond to a demand letter with a consent certificate showing the consumer’s phone number, IP address, the exact disclosure they saw, the action they took, a SHA-256 hash proving the record is unaltered, and a link to a video showing the entire interaction, the calculus changes. Plaintiff’s attorneys evaluate cases based on expected outcomes. Strong consent evidence makes the expected outcome unfavorable, which means the case settles quickly or gets dropped entirely.

eConsent provides this complete evidence package for every consent event: session recordings rendered as immutable MP4 files, consent certificates with SHA-256 attestation, and seven-year retention. When a TCPA challenge arrives, you respond with proof, not arguments.

The Bottom Line

Courts are not getting more lenient on TCPA consent evidence. The FCC one-to-one consent rule has raised the bar. Class action plaintiff’s firms are getting more sophisticated. The window for “good enough” consent documentation has closed.

The companies that survive TCPA litigation are the ones that invested in consent verification before the lawsuit arrived. Session recordings, cryptographic hashing, immutable storage, and structured consent certificates are not optional safeguards. They are the baseline for any business that contacts consumers at scale.

See how eConsent’s consent certificates and session recordings work. Start for free or schedule a walkthrough with our team.

How to Prove TCPA Consent in Court: The Evidence That Actually Holds Up

The Burden of Proof Problem

Evidence That Courts Reject

Database records and CRM entries

Static screenshots

IP address logs

Checkbox state without context

Evidence That Courts Accept

Session recordings as visual evidence

The MP4 Question: Why Video Format Matters

What Happens When You Have the Right Evidence

The Bottom Line

Protect every lead. Prove every consent.

Stay ahead on TCPA compliance

How to Prove TCPA Consent in Court: The Evidence That Actually Holds Up

The Burden of Proof Problem

Evidence That Courts Reject

Database records and CRM entries

Static screenshots

IP address logs

Checkbox state without context

Evidence That Courts Accept

Prior express written consent documentation

Session recordings as visual evidence

Consent certificates as legal artifacts

The MP4 Question: Why Video Format Matters

Building a Defensible Consent Record

What Happens When You Have the Right Evidence

The Bottom Line

Protect every lead. Prove every consent.

Stay ahead on TCPA compliance

Before you go...