Keepface
Sign up

The consent vault, how it works

The consent vault stores every grant and revoke as append-only rows with timestamp, channel, scope, and source. Marketing outreach only runs against contacts with a current grant.

The consent vault is the privacy backbone of Customer + Employee Advocacy.

How it works

Every consent action, grant, revoke, expire, writes a row to consent_records. The table is append-only: revoke doesn’t delete the grant, it adds a revoke event on top.

This means you can answer “did this person consent to X on Y date?” with verifiable evidence, critical for GDPR/CCPA audits.

Fields per record

  • contact_id, the customer/employee/influencer
  • scope, what they consented to (marketing email, UGC repost, etc.)
  • state, granted / revoked / expired
  • channel, how (web form, magic link, employment contract, etc.)
  • source, the originating system (Shopify checkbox, BambooHR field, manual)
  • timestamp, exact moment

Where it surfaces

  • Workspace settings → Consents, the audit grid, filterable + CSV-exportable
  • Per-contact view, every customer/employee record shows their consent history inline
  • Marketing-send dry runs, Keepface refuses to send to contacts without a current grant
Was this article helpful?