Consent records
Every time a visitor makes a choice on the banner, OptSens writes a consent record. The record is the unit of proof: it captures what the visitor chose, when, and the context around it. This page covers what is in a record and what you can do with it.
What a record holds
| Field | Meaning |
|---|---|
| Visitor ID | The visitor's unique identifier |
| Categories | Which categories were granted or denied (necessary, functional, analytics, advertising, performance) |
| Action | Accept all, reject all, or a custom selection |
| Consented at | Timestamp of the choice |
| Expires at | When the consent lapses and the visitor is re-asked |
| Country and language | Where the visitor was and which banner language they saw |
| Banner mode | GDPR, CCPA, IAB or Basic |
| GPC detected / honored | Whether a Global Privacy Control signal was applied |
| Framework strings | TCF, Google AC and GPP strings where present |
| Device and browser | The visitor's platform and browser |
| Page URL | The page where the choice was made |
| Receipt ID | The identifier used on the consent proof |
Turn on detailed logging
Without detailed logging, each choice is stored as a minimal record holding only the action, the time and the visitor identifier. Turn on Consent logging in Privacy Settings to capture the full context (device, browser, country, framework strings) for each event. This is the data you need for proof of consent.
Where to find them
The consent logs page lists records for the selected domain. From there you can:
- Search by consent ID, user ID or country.
- Filter by date range.
- Open a record to see its full details.
- Export the list as CSV or PDF.
- Generate a consent proof PDF or open the visitor's receipt.
Programmatic access
On Business and Custom plans the REST API exposes consent records:
| Action | What it returns |
|---|---|
| Get consent status | The current valid consent for one visitor |
| List consents | A paginated list of all records, including expired ones |
| Export consents | A JSON or CSV download for a period |
| Consent proof | A signed PDF for one visitor |
| Delete consent | Erases all consent records for a visitor (right to erasure) |
Personal fields such as the IP address and user agent are stripped from API responses. The consent proof PDF shows the IP address in masked form and contains no browser or device details. The export endpoint is the bulk path. The delete endpoint supports the GDPR right to erasure and is audit-logged.
Privacy of the records themselves
Consent records exist to prove a choice. They are kept beyond their expiry as an audit trail, for the consent log retention period of your plan (see data retention). IP addresses are stored encrypted, API responses exclude direct identifiers, and the proof document shows the IP address only in masked form. To remove a visitor entirely, use the delete endpoint or handle it through a DSAR. For how long platform data is kept overall, see data retention.