eConsent is a TCPA consent verification platform that captures, certifies, and verifies consumer consent in real time. It provides session recordings, tamper-proof certificates with SHA-256 hashing, and identity verification for businesses that need to prove consent was obtained.

How do I install eConsent on my website?

Add one script tag to your page with your Company ID. No SDK, no build step required. Consent recording starts immediately. eConsent works on any website including WordPress, React, and static HTML.

How much does eConsent cost?

eConsent offers four plans: Starter at $199/month (1,000 retentions), Growth at $750/month (10,000 retentions), Enterprise at $1,500/month (50,000 retentions), and High Volume with custom pricing. All plans include session replay, consent certificates, and verification API. No contracts required.

How is eConsent different from TrustedForm?

eConsent provides a modern alternative to TrustedForm and Jornaya with transparent pricing, a simple verification API, real-time session replay, identity verification dossiers, Meta Lead Ads integration, and infrastructure built with Rust for performance. No long-term contracts required.

Is eConsent secure and tamper-proof?

Yes. Every certificate is SHA-256 hashed and stored in Amazon S3 with Object Lock in COMPLIANCE mode for up to 7 years. Certificates cannot be modified or deleted by anyone. All data is encrypted with TLS 1.2+ in transit and AES-256 at rest.

What is the best TCPA consent verification platform?

eConsent is a modern TCPA consent verification platform offering session recordings, tamper-proof certificates, identity verification, and Meta Lead Ads integration. Unlike legacy providers like TrustedForm and Jornaya, eConsent offers transparent pricing starting at $199/month with no contracts, a simple one-script-tag installation, and core infrastructure built in Rust for performance and security.

Does eConsent work with Meta Lead Ads and Facebook leads?

Yes. eConsent connects to your Facebook Pages via OAuth and automatically generates consent certificates for every lead submitted through Meta Lead Ad forms. Each certificate captures the form definition, consent language, disclaimer responses, ad attribution, and includes a visual replay of the form experience.

What is a TCPA consent certificate?

A TCPA consent certificate is a tamper-proof digital record proving that a consumer provided prior express written consent as required by the Telephone Consumer Protection Act. eConsent generates these certificates automatically, including the exact consent language displayed, a full session replay, timestamp, IP address, and a SHA-256 cryptographic hash for integrity verification.

What is TCPA Consent Verification? A Complete Guide for Lead Generation Companies

Every time a lead form is submitted, someone is giving you permission to call them. Or at least, that is what your database says. But when a TCPA lawsuit shows up, “our database says they opted in” is not a defense. You need to prove that consent actually happened.

TCPA consent verification is the process of capturing, documenting, and preserving evidence that a consumer gave prior express written consent before you contacted them. It is the difference between having a record and having proof.

This post breaks down what the TCPA requires, what counts as valid consent evidence, why most lead generation companies are exposed, and what a defensible consent verification system actually looks like.

What the TCPA Actually Requires

The Telephone Consumer Protection Act (47 U.S.C. § 227) restricts telemarketing calls and text messages to consumers. Under the statute and the FCC’s implementing rules, you need prior express written consent before making a telemarketing call or sending a marketing text to a consumer’s phone number using an automatic telephone dialing system or prerecorded voice.

Prior express written consent means, specifically:

A written agreement (including electronic signatures under the E-SIGN Act)
That clearly authorizes the seller to deliver telemarketing messages
Using an automatic telephone dialing system or prerecorded voice
To a specific telephone number
That includes the consumer’s signature

The FCC’s 2012 rule amendments eliminated the “established business relationship” exception and required an affirmative, non-pre-checked consent mechanism. The consumer has to take a deliberate action.

In 2024, the FCC adopted the one-to-one consent rule, requiring consent to a single identified seller rather than a blanket list of partners. This rule was struck down in early 2025, but the direction is clear: the standard for valid consent keeps tightening.

Before getting into what works, it helps to name what does not.

Consent verification is not a checkbox on a form. A checkbox is a consent mechanism. But the checkbox itself is not proof of anything after the fact, because there is no independent record of what the consumer saw or what disclosure language surrounded it.

It is also not a timestamp in your CRM. A row showing “opted_in: true” is a business record. It does not tell a court what the consumer experienced.

The distinction matters because TCPA litigation puts the burden of proof on the defendant. The consumer says “I never agreed to be called.” You have to prove otherwise. Self-referencing records from your own systems do not meet that bar.

Not all consent records carry the same weight. Here is how courts and regulators evaluate the most common types of evidence.

Weak evidence

Database flags. A boolean field recording that consent was given, without any supporting context. Easily challenged as self-serving.
Screenshots of forms. A screenshot shows what a form could have looked like. It does not show what a specific consumer saw at a specific time. Forms change. A/B tests rotate. Disclosure language gets updated.
IP address logs. Server logs prove that a request came from an IP address. They do not prove who was behind the keyboard, what was displayed on the page, or whether a consent checkbox was checked.
Signed terms of service. General terms that bury TCPA disclosure language inside paragraphs of legalese. Courts have found this insufficient because the consent was not “clear and conspicuous” as required under FCC rules.

Strong evidence

Session recordings. A recording of the consumer’s actual interaction with the consent page, showing what was displayed, where they scrolled, and what they clicked. This is the strongest single piece of consent evidence because it removes ambiguity entirely.
Consent certificates. A structured document generated at the moment of consent, containing the exact disclosure language shown, the consumer’s identifiers, the timestamp, and a cryptographic hash proving the record has not been altered.
Hashed artifacts. SHA-256 hashing applied to recordings and certificates creates a tamper-evident seal. If the data changes after the fact, the hash breaks. This establishes chain of custody that holds up under legal scrutiny.

The gap between weak and strong evidence is the gap between losing and winning a TCPA case.

Why Session Recordings Matter

A session recording captures the consumer’s actual experience on your consent page. Not a reconstruction, not a template, not a generic demo. The specific page, the specific consumer, the specific interaction.

For lead generation companies, this solves several problems at once.

In insurance lead gen, a consumer fills out a health insurance quote form with a TCPA disclosure and consent checkbox. Six months later, they claim they never agreed to receive calls. A session recording shows them checking the box and clicking submit. Case closed.

In solar lead gen, a homeowner submits a form that distributes to multiple installers. A plaintiff attorney argues the consumer did not know who would call. A session recording showing the exact seller disclosure and the consumer’s affirmative action defeats that argument.

In home services, a consumer requests roofing quotes through a comparison site. The consent page names specific contractors. A session recording tied to that consumer’s phone number proves they saw who would contact them and agreed to it.

Without a recording, each scenario becomes a “he said, she said” dispute where the company works uphill against the burden of proof.

Session recordings are visual evidence. A judge does not need to interpret database schemas or correlate log entries. They watch a video and see what happened. Courts have consistently treated session recordings as the strongest available evidence in TCPA consent disputes.

A consent certificate is a structured record generated at the exact moment a consumer gives consent. Think of it as a digital notarization of the consent event.

A well-constructed consent certificate includes:

Consumer identifiers - phone number, email address, IP address, user agent string
Consent timestamp - the exact UTC time the consent action occurred
Disclosure content - the specific TCPA disclosure text that was displayed during that session
Consent action - what the consumer did to indicate consent (checked a box, clicked a button)
Seller identification - the specific company or companies the consumer agreed to hear from
Cryptographic hash - a SHA-256 hash of the entire certificate, creating a tamper-proof seal
Associated session recording - a link to the immutable recording of the consent interaction

The cryptographic hash is what makes a consent certificate different from a business record. Either the data matches the hash, or it does not. There is no room for dispute about whether the record was altered.

For lead buyers, consent certificates solve a persistent problem: you have no visibility into how a third-party generator captured consent. A consent certificate gives you an independently verifiable artifact, without having to trust the lead seller’s word.

The Retention Problem

There is no specific federal retention requirement for consent records under the TCPA. But state statutes of limitations range from one to six years, and lawsuits often arrive long after the original consent event. If you cannot produce your records when a case is filed, having captured them originally does not help.

Seven-year retention is the practical standard. It covers the longest state limitation periods with margin. And consent evidence needs to live in immutable storage, not your CRM or marketing platform, where records get overwritten, databases get migrated, and vendors go out of business.

What This Looks Like in Practice

The workflow looks like this:

Consumer visits your lead form. A session recording begins, capturing the full DOM state and the consumer’s interactions.
Consumer checks the consent box and submits. The system captures the exact disclosure language displayed, the state of the consent checkbox, and the consumer’s identifiers.
A consent certificate is generated. The certificate is created in real time, hashed with SHA-256, and stored in immutable storage alongside the session recording.
The lead is distributed with the certificate. When the lead is sold or transferred, the consent certificate travels with it, giving the buyer independently verifiable proof of consent.
A lawsuit or regulatory inquiry arrives. You pull the consent certificate, provide the session recording, and demonstrate the chain of custody through the cryptographic hash.

eConsent automates this entire process. A lightweight script on your lead form captures session recordings, generates consent certificates with SHA-256 attestation at the moment of consent, renders immutable MP4 recordings, and stores everything with seven-year retention. When a TCPA challenge shows up, you respond with evidence instead of arguments.

The Cost of Getting This Wrong

TCPA statutory damages are $500 per violation, trebled to $1,500 for willful violations. A single lead gen campaign can produce thousands of leads. If consent verification is missing across those leads, exposure multiplies fast.

The math is simple. Capturing consent evidence costs a fraction of a cent per lead. A single TCPA lawsuit without that evidence can reach seven figures.

Getting Started

If you are running lead forms today without session recordings and consent certificates, you are accumulating liability with every form submission. The consent checkbox is doing its job. The question is whether you can prove it six months or six years from now.

Audit your current consent capture process. What evidence do you actually have for a lead generated last quarter? Could you produce it in response to a subpoena? Would a judge find it convincing?

If the answers are uncertain, it is time to fix that.

See how eConsent captures consent evidence for every lead. Start for free or schedule a walkthrough with our team.

What is TCPA Consent Verification? A Complete Guide for Lead Generation Companies

What the TCPA Actually Requires

Weak evidence

Strong evidence

Why Session Recordings Matter

The Retention Problem

What This Looks Like in Practice

The Cost of Getting This Wrong

Getting Started

Protect every lead. Prove every consent.

Stay ahead on TCPA compliance

What is TCPA Consent Verification? A Complete Guide for Lead Generation Companies

What the TCPA Actually Requires

What Consent Verification Is Not

Weak vs. Strong Consent Evidence

Weak evidence

Strong evidence

Why Session Recordings Matter

How Consent Certificates Work

The Retention Problem

What This Looks Like in Practice

The Cost of Getting This Wrong

Getting Started

Protect every lead. Prove every consent.

Stay ahead on TCPA compliance

Before you go...