Proof of Consent: A Field Guide to TrustedForm and Jornaya for Lead Buyers

Why a consent record matters more than the consent itself

Here is the uncomfortable truth most of us learn the hard way: getting a consumer to check a box is the easy part. The hard part is proving, months or years later, exactly what that consumer saw and agreed to. A verbal "yes, they opted in" does nothing for you when a plaintiff's attorney, a lead buyer's compliance team, or a regulator asks you to produce the evidence.

Think about the three audiences who will eventually ask you to show your work:

• A plaintiff or their attorney, building a TCPA claim and betting you can't reconstruct the opt-in.
• A lead buyer, who won't pay (or will claw back) for leads they can't independently verify.
• A regulator or auditor, who wants the paper trail, not your recollection of it.

If you can't reproduce what the consumer saw at the moment they consented, you effectively don't have consent — you have a story. A consent record turns that story into something you can put on the table.

What a defensible consent record actually contains

Vendors differ, but the anatomy of a strong record is consistent. When you evaluate any proof-of-consent approach, look for these elements:

• The disclosure language shown — the exact opt-in/consent text the consumer was presented, word for word.
• A timestamp — when the interaction and submission happened.
• The originating URL or form — where it happened, so the page can be tied to a specific campaign and offer.
• An identifier tying the record to the consumer — so the record isn't an anonymous artifact floating free of the lead.
• A replay or snapshot of the form — ideally a reconstruction of the page as it appeared, not just a description of it.

The last one is what separates a real record from a log entry. Anyone can store "user agreed at 3:42 PM." Being able to show the actual page, with the actual disclosure in its actual visual context, is what makes a record persuasive.

How this ties to TCPA prior express written consent

For telemarketing and autodialed/prerecorded calls, the federal standard you'll hear about most is prior express written consent. Under the FCC's rules at 47 CFR 64.1200(f)(9), it means "an agreement, in writing, bearing the signature of the person called" that clearly authorizes the seller to deliver telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice, plus the specific phone number authorized.

The rule also requires that the written agreement carry a clear and conspicuous disclosure telling the signer that (a) by signing they authorize those calls, and (b) they aren't required to sign as a condition of buying anything. "Signature" expressly includes an electronic or digital signature where valid under applicable law.

Read those requirements again and notice what they imply: to prove compliance you have to show the disclosure was present, that it was clear and conspicuous, and that this consumer agreed to it. That is exactly the gap proof-of-consent technology tries to fill.

The two products operators reach for

Two independent, third-party services dominate this category. Neither is a substitute for sound consent practices — they document the interaction; they don't bless it.

ActiveProspect TrustedForm. TrustedForm works by adding a JavaScript snippet (the Certify Web SDK) to your form. As the consumer interacts with the page, it generates a certificate and writes a certificate URL into a hidden field that travels with the lead data on submission. Per ActiveProspect's documentation, TrustedForm Certify provides independent documentation of lead events, records when and where prior express written consent was obtained, and supports viewing session replays on demand across web and mobile. Certificates can be retained and shared with buyers as independent proof. ActiveProspect notes that unretained certificates are available only briefly unless you retain them, at which point they're stored long-term — so retention is a step you have to actively take.

Jornaya (now Verisk Marketing Solutions / LeadiD). Jornaya issues a unique LeadiD token at the lead event that serves as a persistent reference for that consumer's journey. Through its TCPA Guardian product, Jornaya documents the consumer's interaction and the disclosures presented, and lets buyers request compliance reporting — including visual playback of the lead event — as proof of what the consumer was shown. Its documentation describes authenticating that TCPA disclosures were present and matched the expected profile at the moment of consent.

How to put this to work

• Decide what you must be able to reproduce for each lead, then check your record actually captures it.
• Test the capture, don't assume it. Submit a real lead and confirm a certificate or token is generated and stored.
• Match the record to the standard. If you're relying on prior express written consent, your record should surface the disclosure as shown.
• Agree on proof format with counterparties up front, so a buyer's verification step doesn't surprise you after the sale.

Good documentation won't win every argument for you. But walking into one without it is a choice — and usually the wrong one.