Consent Management v2

Organizations managing user consents across multiple applications need a reliable, auditable, and GDPR-ready solution. Consent Management v2 provides centralized consent management as a standalone microservice of the OneWelcome Identity Platform.

Key capabilities

• Document lifecycle management: Track consent documents (privacy policy, terms of service, cookie policy, and custom types) through a structured DRAFT -> SCHEDULED -> ACTIVE -> SUNSET -> ARCHIVED lifecycle, with transitions driven by dates rather than manual status changes.

• Multi-version versioning: Maintain multiple versions of each document with content lineage tracking. Only new legal content triggers re-consent, translation-only updates do not.

• Multi-language support : Store localizations for any number of languages per document version. A content lineage model (NEW_CONTENT vs DERIVED) determines whether a language update requires users to re-consent.

• Immutable audit trail: Every consent action is appended to an insert-only ledger table, providing a tamper-proof compliance record for GDPR audits.

• Batch consent operations: Register up to 50 document consents in a single API call, designed for high-throughput login flows.

• Re-consent campaigns: Automated grace periods allow users to continue accessing services during a document transition, with a configurable deadline after which access is blocked until the user accepts the new version.

• Multi-tenancy: Full data isolation at the PostgreSQL schema level. Each tenant has an independent document library and consent ledger.

• Consent Management console: A dedicated web interface for administrators to manage documents, versions, and localizations, and to query the consent ledger.

Use cases

GDPR compliance: Consent Management v2 helps organizations meet GDPR requirements by:

• Requiring users to explicitly consent to Terms of Service, Privacy Policy, and other mandatory documents before accessing services.
• Storing a dated, immutable record of each consent event, including the exact document version and language the user consented to.
• Enabling compliance teams to query and export consent records filtered by user, document, date range, or status.

Login-time consent enforcement: During login, your backend calls the Runtime API to check whether a user has outstanding documents requiring consent. If mandatory documents are outstanding, access is blocked until the user accepts them. Optional documents (such as marketing consents) can be presented without blocking access.

Document update and re-consent: When the legal content of a document changes, a new document version is published with NEW_CONTENT lineage. Users who consented to the previous version are automatically identified as having outstanding consents. A grace period can be configured to allow existing users continued access while they review and accept the new version.

Multi-language rollout without re-consent: When a document is translated into a new language without changing the legal content, the new localization is marked as DERIVED from the original. Users who consented to the original language are considered compliant for the translated version, and no re-consent is required.