Consent categories


Consent categories allow you to manage and organize data into multiple categories, each with different consent status and a different approach to data processing and communication. Thanks to the categories, you will be able to approach each of your customers in the way to which the specific customer consented or for which they have a legitimate interest. There are three types of categories available in Exponea:

Category type


General consent

This is a system setting in Exponea that allows you to send campaigns to all your customers even without consents or those who already opted out. This is only to allow you to send transactional emails or important warnings and needs to be used carefully.


As per GDPR, consent has to be freely and actively given by a customer. You can define multiple consent categories (such as "Newsletter", "Push notifications" etc.). Consents need to be tracked/imported for every customer. Learn how.

Legitimate interest

Processing data under legitimate interest is more flexible in comparison to the active consents. It enables you to process personal data without actively asking your customers to provide consent. Hence in Exponea, you can define a legitimate interest group by creating an automatic filter based on a customer's behavior (such as having a purchase etc.)

Configuring the categories

You can create and configure consent categories in Project settings > Privacy management > Consents.

You can then select from these categories in the settings of each campaign you are about to launch. This will ensure that you will show e.g. a push notification only to customers who have given you the appropriate consent.

You can choose what category you want to apply in the settings of each campaign.You can choose what category you want to apply in the settings of each campaign.

You can choose what category you want to apply in the settings of each campaign.

In the following sections, we will go over each of the 3 main consent categories and how you can configure them.

General consent

General consent should be used only in very few instances. When it is used, customer consent preferences are ignored and this may result in approaching customers without any legal basis for doing so. Therefore, permission to use General consent should be very limited.

The best practice is to disable it altogether and re-enable it only for some very specific purposes where you are sure its use is legal and appropriate. In Project settings > Privacy management > Consents you choose in which channels can the General consent be used.

If you decide to disable a channel, you can also see which of your campaigns and scenarios have been using General consent in 'Check dependencies' so that you know what campaigns need adjustments in their Consent category. General consent will only be disabled after the adjustments to the running campaigns are made.


You can create custom consent categories based on the specific consent you received from your customers. It is preferable to have multiple consent categories. Firstly, because different customers will give you consent for different things, and secondly, it is preferable to allow customers to opt-out only from some of your communication they had previously consented to instead of them withdrawing their consent to all communication.




Distinguish between consent categories with different colors.

Consent category

This field is used for mapping the consent category to the tracked consent event.. This field needs to have the same value as the attribute category in the consent event. We recommend using a simple lowercased word in English for easy troubleshooting. This will not be visible to your customers.


This is a human-readable name of the consent category that will also be visible to your customers on the consent page.


Description of the consent category that will also be visible to your customers on the consent page.

Public API

By default, new consent categories have tracking of consents from public API disabled. In practice, this means that consent events with property source=public_api will be ignored or invalid.

We strongly recommend leaving this option disabled, because it is preventing attackers to change user consents at will by obtaining public API token. As an alternative, we recommend using either consent double opt-in or tracking of consents by API with a private key, which will be tracked as source=private_api.

Consent category name translation

If you use the same consent categories for multi-language audiences you can set up translations for their names so that the correct translation is shown to a particular customer. To set it up open the consent category as in the image below:

Legitimate interest

You can apply a legitimate interest to all your customers, or only a specific segment, using the filter in the "applies on" column.

Legitimate interest has the same configuration as consents except for the ‘Applies on’ in the settings. The remaining ones are the same as in the table above.



Applies on

Use this setting to define on what segment of customers you want to apply this legitimate interest.
All customers - every customer in Exponea has this legitimate Interest
Filtered customers - only segment of customers defined by filter has the legitimate interest

Note that this filter is not static, but always reflects the actual state based on customers' behavior.

Opting out from a legitimate interest

Customers have an option to opt-out from a legitimate interest in the same way as for consents. They are also visible on the consent page.

Updated 2 months ago

What´s next?

Learn how to track consents and opt-outs.

Tracking Consent

Consent categories

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close