Consent Management

Consent management allows you to manage your subscription policies and tracks any changes to consents for every customer. The main features of consent management in Exponea are:

  • Defining your own consent categories that customers can subscribe to
  • Setting subscriptions based on a legitimate interest
  • Lifetime overview of the whole consent history for every customer - see who, when and where gave or withdrew a consent
  • Customizable consent management page for your customers

Enabling consents management

Consents management should be by default enabled for all newly created projects. Projects created before 01-05-2018 use campaign groups instead of consents and consent categories. You can enable the new consent management by going to Project settings > Privacy management > Consents. Once consents are enabled, the campaign groups are automatically mapped and migrated to consent categories. In the following pictures, you can see how will your consent groups seem after the migration.

Once you enable consents in your production project, you will not be able to trigger any campaign that was historically connected to a campaign group. Firstly, you need to load valid consents in order to trigger these campaigns. You will also not be able to reverse the campaign groups functionality once you enable consent categories.

Consent categories

Consent categories allow you to manage and organize data into multiple groups with each with different consent status and a different approach to data processing and communication. Thanks to the categories you will be able to approach each of your customers in the way to which the specific customer consented or for which you have a legitimate interest. There are three types of categories available in the application:

Category type


General consent

This is a system setting in Exponea that allows you to send campaigns to all your customers even without consents or those who already opted out. This is only to allow you to send transactional emails or important warnings and need to be used carefully.


As per GDPR, consent has to be freely and actively given by a customer. You can define multiple consent categories (such as "Newsletter", "Push notifications" etc.). Consents need to be tracked/imported for every customer. Learn how.

Legitimate interest

Processing data under legitimate interest is more flexible in comparison to the active consents. It enables you to process personal data without actively asking your customers to provide consent. Hence in Exponea, you can define a legitimate interest group by creating an automatic filter based on a customer's behavior (such as having a purchase etc.)

There is only one General consent type category, however, it is for you to define the specific consent and legitimate interest type categories. You can configure settings for all of them in Project settings > Privacy management > Consents. After you set the consent and legitimate interest categories which you will be able to every time when you will be launching a campaign as in the image below:

General consent

General consent should be used only in very few instances. The reason is that when it is used customer consent preferences are ignored and this may result in approaching customers without any legal basis for doing so. Therefore, permission to use General consent should be very limited. The best practice is to disable it altogether and re-enable it only for some very specific and good purpose where you are sure its use is legal. In Project settings > Privacy management > Consents you choose in which channels can the General consent be used.

If you decide to disable a channel you can also see in 'Check dependencies' which of your campaigns and scenarios have been using General consent so that you know what campaigns need adjustments in their Consent category. General consent will only be disabled after the adjustments to the running campaigns are made.


You can create custom consent categories based on the specific consent you received from your customers. It is preferable to have multiple consent categories, firstly, because different customers probably gave you consent for different things, and secondly, it is preferable to allow customers to opt-out only from some of your communication they had previously consented to receive instead of them withdrawing their consent to all communication.




Distinguish between consent categories with different colors.

Consent category

This field is used for mapping the consent category to the tracked consent event.. This field needs to have the same value as the attribute category in the consent event. We recommend using a simple lowercased word in English for easy troubleshooting. This will not be visible to your customers.


This is a human-readable name of the consent category that will also be visible to your customers on the consent page.


Description of the consent category that will also be visible to your customers on the consent page.

Public API

By default, new consent categories have tracking of consents from public API disabled. In practice, this means that consent events with property source=public_api will be ignored or invalid. We strongly recommend leaving this option disabled, because it is preventing attackers to change user consents at will by obtaining public API token. As an alternative, we recommend using either consent double opt-in or tracking of consents by API with a private key, which will be tracked as source=private_api.

Consent category name translation

If you use the same consent categories for multi-language audiences you can set up translations for their names so that the correct translation is shown to a particular customer. To set it up open the consent category as in the image below:

Legitimate interests

Legitimate interest has the same configuration as consents except for the ‘Applies on’ the setting. The remaining ones are the same as in the table above.



Applies on

Use this setting to define on what segment of customers you want to apply this legitimate interest.
All customers - every customer in Exponea has this legitimate Interest
Filtered customers - only segment of customers defined by filter has the legitimate interest

Note that this filter is not static, but always reflects the actual state based on customers' behavior.

Managing consents in the customer profile

You can monitor and manage consents for each individual customer in their profile, where they also show as an attribute. The overview in their profile shows you the consents granted and revoked, the current status of every consent given by the particular customer with the whole history and details such as the source of the consents and their expiration dates. Below you can see how you can update consents for a customer:

Updated 6 months ago

Consent Management

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close