Record consent for your contacts

Learn how and why you should be recording consent for your contacts.


Consent is an agreement between you and your contacts about your intentions with their personal data.

We let you to store this consent in a free Insight data collection called ConsentInsight.

You can also store a contact's marketing preferences when using them in combination with ConsentInsight - for instance, either in a survey or in a signup form, or when uploading contacts in a file that contains both consent and preferences. The contact's preferences, as given at that point, get recorded as part of the ConsentInsight record.

Unlike billable Insight data, ConsentInsight does not count towards your data storage limit, which you can find in the 'Usage' tab of your account settings.


Recording consent

You should want to know, in no uncertain terms, that the content you are sending your contacts is what they want and agreed to when they opted in. This way, you can make sure that contacts engage with and appreciate your content, and that they do not ignore it or worse (if it's an email campaign), put it in their spam folder. Otherwise, you risk affecting your sender reputation.

Consent is both a requirement of the GDPR and best practice.

Storing data types in ConsentInsight

A single ConsentInsight record consists of the following fields that you can provide the values for:

  • Text: What contacts consented to. Use this field to record the answers to questions, such as:
    • Do your contacts want to receive your communications, and from which channels?
    • Do your contacts know what you do with their data?
    • Do you know how often your contacts want to be contacted by you?
  • DateTimeConsented: The date and time that your contacts consented to the contents of the Text field
  • URL: The URL that contacts gave you their consent from. For example, the URL of a signup form.
  • IPAddress: The IP address of the device your contacts used when they gave you their consent
  • UserAgent: The type of web browser that your contacts used when they gave you their consent

If you're using in combination with marketing preferences, then the following fields can be included for each preference:

  • PrivateName: The private name of the preference (that doesn't get shown to contacts)
  • PublicName: The public name of the preference (that gets displayed on preference centres, signup forms, and surveys)
  • Category: The name of the category that the preference belongs to (if it belongs to one)
  • State: Indicates whether the contact is opted in or or out of the preference
Please note: For every ConsentInsight record, a DateTimeCreated field is automatically created and given the value of the date and time, in UTC+00:00, that the ConsentInsight record was created.

You can store multiple ConsentInsight records against one contact, but we guarantee to display only the latest five ConsentInsight records, both in the app and in the ConsentInsight.json file when you export a contact.

Uploading a ConsentInsight record for a contact

You can upload a ConsentInsight record for a contact in the following ways:

If you want to upload multiple ConsentInsight records for a contact at the same time, you can do so only by using the following API call: 

If you want to upload a ConsentInsight record by importing contacts via an Excel or CSV file, you need to map your columns names to the following consent fields:


After you've uploaded a ConsentInsight record for a contact, you can view that record by going to the 'Insight data' tab of the 'Manage contact' page, and selecting the ConsentInsight collection from the dropdown. 

Limits for the values of ConsentInsight fields

Values are limited to 1,000 characters.

Find out more about the restrictions for Insight data values.


  • Remind a contact what they consented to by using advanced personalisation to add the latest Text of a ConsentInsight record in an email campaign: {{ contact.insight.ConsentInsight[0].Text }}
  • Segment contacts by what they consented to, for example, by using the 'contains' filter on the consent text to find contacts who consented to different channels

Understanding double opt-in

Double opt-in is an important way to verify that the consent you've obtained has been given by a contact who genuinely wants to hear from you. Otherwise you're leaving yourself vulnerable to the potential of malicious signups, spam complaints, or potentially worse.

Best practice goes that, after collecting consent from new signup in a form, you then send a double opt-in email to your new signup with a confirmation link in it. When your contact opens the email and clicks this link, confirming it was them, they'll be verified as a double opt-in. This process confirms the veracity of their signing up and their giving of consent, and thus they're added to your contacts.

If you don't implement double opt-in, then you can't be sure that someone else (or a spam bot, for instance) is signing up email addresses and giving consent to data they don't own.

By implementing double opt-in, you will be sure: this is why it's best practice.

We provide you with the tools to implement verified double opt-in

Read more about it:

Did you find this article helpful?

Can we help?

Thanks for using Dotdigital. If you need more help or support, then contact our support team.