Customer Consent and Privacy
Customer Consent and Privacy
Cockato tracks individual marketing consent for each customer across three channels, ensuring compliance with GDPR, CCPA, and other privacy regulations.
Consent Channels
| Channel | Permission Covers | Required For |
|---|---|---|
| Email Marketing | Promotional emails, newsletters | Email campaigns |
| SMS Marketing | Text message campaigns | SMS campaigns |
| Push Marketing | Wallet push notifications | Push campaigns |
All marketing features respect these consent flags. A customer will never receive a campaign on a channel they have not opted into.
How Consent Is Collected
During Signup
When customers register through your signup form:
- Consent checkboxes are displayed for each channel.
- All checkboxes default to unchecked (opt-in model).
- Customers actively choose which channels to allow.
- Consent timestamps are recorded for audit purposes.
⚠️ Important: Consent defaults to opt-in (unchecked) to comply with GDPR and similar regulations. Pre-checked consent boxes are not permitted under most privacy laws.
Terms and Conditions
If your signup form includes terms acceptance:
| Data Recorded | Purpose |
|---|---|
| Acceptance timestamp | Legal proof of agreement |
| Terms version | Which version was accepted |
| IP address | Geographic compliance verification |
Customer Self-Management
Customers can update their consent preferences at any time through the Customer Portal:
- Customer visits the portal link.
- Verifies identity via email OTP code.
- Toggles their communication preferences on/off.
- Changes take effect immediately.
- A
consent_updated_attimestamp is recorded.
💡 Tip: Include a link to the Customer Portal in your email footers so customers can easily manage their preferences.
Admin View
In Customer Management, each customer's consent status is visible:
| Information | Location |
|---|---|
| Email consent status | Customer detail dialog |
| SMS consent status | Customer detail dialog |
| Push consent status | Customer detail dialog |
| Last consent update | Customer detail dialog |
| Terms accepted date | Customer detail dialog |
⚠️ Important: Admins cannot override customer consent choices. Only customers themselves can change their marketing preferences through the portal. This is by design for regulatory compliance.
Impact on Campaigns
Consent is enforced automatically at every level:
| Stage | How Consent Is Applied |
|---|---|
| Segment creation | Consent can be used as a filter criterion |
| Recipient estimation | Only consented customers are counted |
| Campaign sending | Non-consented customers are excluded |
| Analytics | Metrics reflect only consented recipients |
Example
If you send an email campaign to a segment of 500 customers, but only 350 have email consent:
- Estimated recipients: 350
- Emails sent: 350
- The 150 without consent are silently excluded
Data Retention and Audit Trail
Cockato maintains a complete consent audit trail:
| Data Point | Retention |
|---|---|
| Current consent status | Always current |
| Consent update timestamp | Stored permanently |
| Terms acceptance timestamp | Stored permanently |
| Signup date and method | Stored permanently |
This data is available for regulatory audits and customer data requests.
Compliance Features
GDPR (Europe)
- Explicit opt-in consent model
- Right to withdraw consent at any time
- Data portability (customer data export)
- Right to erasure (account deletion)
CCPA (California)
- Do Not Sell compliance
- Right to know what data is collected
- Right to delete personal information
General Best Practices
- Never pre-check consent boxes on signup forms
- Provide easy opt-out via Customer Portal links in every communication
- Honor requests promptly — consent changes take effect immediately
- Document everything — timestamps provide your compliance evidence
- Review regularly — audit consent rates to ensure healthy opt-in percentages
Ready to get started?
Try Cockato for free and see how it can help grow your business.
Get Started Free