Dekimu · anchored receipts docs

ACR — Anchored Consent Receipts

Cryptographic proof of a consent decision — what was consented to, by whom, and against which policy.

← All families

Purpose

An ACR provides a tamper-evident record of a consent lifecycle event. Each receipt is cryptographically bound to the consent policy in effect at the time of the event, enabling verifiers to confirm that consent was valid, what scope it covered, and whether it has since been modified or withdrawn.

Event types

KindLabelDescription
ar.consent.v1Consent givenInitial consent recorded.
ar.modification.v1Consent modifiedScope or conditions changed.
ar.withdrawal.v1Consent withdrawnConsent revoked by data subject.

Key fields

commitments — ordered list of commitments the data subject accepted. Each entry is a hash of the commitment text at the time of consent.

signing_ceremony — metadata about how the consent was expressed: channel, mechanism (checkbox, signature, verbal, etc.), and timestamp.

profiles — array of applicable regulatory profiles (e.g. gdpr-eu, ccpa-us). Drives which fields are required by the issuer.

Regulatory context

ACR receipts address the requirement under GDPR Art. 7 that controllers demonstrate consent was freely given, specific, informed, and unambiguous. Art. 8 provisions for child consent are supported via the signing_ceremony.parental_consent field. The withdrawal receipt (ar.withdrawal.v1) provides evidence that the Art. 7(3) right to withdraw was honoured.

Anchored Receipts are cryptographic provenance and privacy-lifecycle protocols; verify.dekimu.com is a reference implementation, not a qualified trust service under Regulation (EU) No 910/2014 (eIDAS) or successor.