Record consent for your contacts

Consent is an agreement between you and your contacts about how you use their personal data.

Gareth Burroughes avatar
Written by Gareth Burroughes
Updated over a week ago

You want to know, in no uncertain terms, that the content you are sending to your contacts is what they agreed to when they opted in. This helps you to make sure that contacts appreciate and engage with your content, and that they do not ignore it, or worse, put it in their spam folder. Otherwise, you risk affecting your sender reputation.

Consent is both a requirement of the GDPR and best practice.

We let you to store consent information for your contacts in a free insight data collection called ConsentInsight.


Learn more in Using insight data.

Unlike billable insight data, ConsentInsight does not count towards your data storage limit.

Store data types in ConsentInsight

A single ConsentInsight record consists of the following fields:

Consent field



What the contact has consented to. Use this field to record information like:

  • Whether your contacts want to receive your communications, and from which channels.

  • What you do with contact data you’ve collected.

  • How often your contacts want to be contacted by you.


The date and time that your contacts consented to the contents of the Text field.


The URL that contacts gave you their consent from. For example, the URL of a signup form.


The IP address of the device your contacts used when they gave you their consent.


The type of web browser that your contacts used when they gave you their consent.

You can also store a contact's marketing preferences in combination with ConsentInsight when you collect this data either in a page and form or a signup form, or when uploading contacts in a file that contains both consent and preferences.

The contact's preferences, as given at that point, get recorded as part of the ConsentInsight record.

Subsequent updates to a contact’s marketing preferences do not change the existing ConsentInsight record.

The following fields can be included for each marketing preference:

Marketing preference field



The private name of the preference - this doesn't get shown to contacts.


The public name of the preference - this gets displayed on preference centres, signup forms, and surveys.


The name of the category that the preference belongs to, if it belongs to one.


Indicates whether the contact is opted in or or out of the preference.

For every ConsentInsight record, a DateTimeCreated field is automatically created and given the value of the date and time, in UTC+00:00, that the ConsentInsight record was created.

You can store multiple ConsentInsight records against one contact, but we only display the five most recent ConsentInsight records, both in-app and in the ConsentInsight JSON file when you export a contact.

Upload a ConsentInsight record for a contact

You can upload a ConsentInsight record for a contact both at the time of opt-in and at any point after initial opt-in.

You can upload a ConsentInsight record:

If you want to upload multiple ConsentInsight records for a contact at the same time, you can do so only by using the following API call:

If you want to upload a ConsentInsight record by importing contacts via an Excel or CSV file, you need to map your columns names to the following consent fields:






Values for ConsentInsight fields are limited to 1,000 characters. To find out more about the restrictions for insight data values, check out the section JSON data representation.

After you've uploaded a ConsentInsight record for a contact, you can view that record by going to the Insight data tab of the Single customer view, and selecting the ConsentInsight collection from the dropdown.

Understand double opt-in and consent

Double opt-in is an important way to verify that the consent you've obtained has been given by a contact who genuinely wants to hear from you. Otherwise, you're leaving yourself vulnerable to the potential of malicious signups, spam complaints, or worse.

Best practice says that, after collecting consent from new signup in a form, you then send a double opt-in email to your new signup with a confirmation link in it. When your contact opens the email and clicks the link to confirm their opt-in, their contact record is verified as a double opt-in. This process confirms the validity of their sign-up and their giving of consent.

If you don't implement double opt-in, then you can't be sure that someone else - maybe a spam bot, for instance - isn’t signing up email addresses and giving consent to data they don't own. By implementing double opt-in, you can be sure: this is why it's best practice.


  • You can remind a contact what they consented to by using Liquid to add the latest Text of a ConsentInsight record in an email campaign: ####{{ contact.insight.ConsentInsight[0].Text }}

  • You can segment contacts by what they consented to, for example, by using the Contains filter on the consent text to find contacts who consented to different channels.

Did this answer your question?