Consent Management
Understanding how consent records are collected, stored, and managed.
How Consent Is Recorded
When a visitor interacts with your consent banner, Cookiewise records a consent receipt containing:
| Field | Description |
|---|---|
| visitor_id | Anonymous UUID assigned to the visitor (stored in a first-party cookie) |
| consent_data | Object mapping each category to true/false (e.g., { necessary: true, analytics: true, marketing: false }) |
| consent_method | How consent was given: accept_all, reject_all, or custom |
| timestamp | ISO 8601 datetime of when consent was given |
| ip_address | Visitor's IP address (hashed for privacy in some jurisdictions) |
| user_agent | Browser and device information |
Viewing Consent Records
Navigate to Consent Records in the dashboard to browse all consent events. You can filter by:
- Website - Select which domain's records to view
- Date range - Filter by start and end date
- Consent method - See only accept_all, reject_all, or custom records
Consent Lifecycle
- First visit - Banner appears, no non-essential cookies are set
- User interacts - Consent receipt is recorded, preferences are stored locally
- Return visits - Preferences are read from local storage, banner is not shown
- Preference change - User clicks the cookie settings button, updates are recorded as a new consent event
- Expiration - After the configured period (default: 12 months), consent expires and the banner reappears
Consent Storage
Consent preferences are stored in two places:
- Client-side - In the visitor's browser via
localStoragefor instant access on page load - Server-side - In the Cookiewise database for audit and compliance purposes
The server-side record is the authoritative record for compliance. It cannot be modified by the visitor.
Compliance Audit Trail
Every consent event creates an immutable record. These records serve as proof of consent under GDPR Article 7 and can be exported for regulatory audits. Records are retained for the lifetime of your account plus 3 years.
Cookiewise consent records satisfy GDPR Article 7(1): "Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented."