Consent Events and Data Flow

How Consent Events Are Captured

When a visitor interacts with the consent banner: 1. The SDK captures the visitor's choices (which categories were accepted/rejected) 2. A consent event is sent to /api/sdk/events with: - Site ID - Hashed IP address (SHA-256, not the raw IP) - User agent - Consent choices per category (essential, analytics, marketing, functional) - Banner version that was shown - Timestamp 3. The event is stored in the consent_events table

Consent Event Structure

json
{
  "site_id": "uuid",
  "ip_hash": "sha256...",
  "user_agent": "Mozilla/5.0...",
  "banner_version": "v2.1",
  "choices": {
    "essential": true,
    "analytics": true,
    "marketing": false,
    "functional": true
  },
  "created_at": "2026-03-05T12:00:00Z"
}



Consent Storage on the Client

The SDK stores the visitor's consent preferences in a first-party cookie (

lb_consent`) on the visitor's device. This cookie:

Is a first-party cookie (set on your domain)

Contains the consent choices as a JSON-encoded string

Has a configurable expiration (default: 365 days)

Is used to restore consent state on subsequent visits without showing the banner again

Exporting Consent Logs

Go to any site in the dashboard and click Export consent logs to download a CSV file containing all recorded consent events. The CSV includes: timestamp, IP hash, user agent, banner version, and per-category choices.

Retention

Consent events are retained based on your plan: | Plan | Retention | |------|-----------| | Free | 7 days | | Starter | 1 year | | Pro | 5 years | Events beyond the retention window are automatically purged.

Privacy Considerations

IP addresses are hashed before storage (the raw IP is never stored)

Consent events contain no personally identifiable information beyond the IP hash and user agent

The hashing algorithm (SHA-256) is one-way - the original IP cannot be recovered from the hash