Terms & Conditions Consent Log

Article 7.1 of the GDPR demands more than a boolean: the defensible consent record needs the timestamp, the IP, the user agent, the document version in force at that moment and the exact text the user was shown.

Terms & Conditions Consent Log fills that gap for any acceptance checkbox on your site, with or without WooCommerce. Every accepted consent — at the WooCommerce checkout, in a Contact Form 7 form, in the WordPress comments form or in a stand-alone shortcode/block — writes a row to a dedicated indexed table, sealed with a SHA-256 hash of the accepted text so any later change is detectable. From a clean admin screen you can filter, search, export to CSV, integrate with the native WordPress Privacy Tools, and open a one-page printable A4 certificate per record (your browser saves it as PDF in one click).

Works with or without WooCommerce

If WooCommerce is active, the menu lives under WooCommerce → Consent log and the checkout is captured automatically. If it is not, the menu lives under Users → Consent log and the rest of the plugin (Records, Settings, CSV export, PDF certificate, Privacy Tools integration) keeps working the same way.

Four sources of consent

• WooCommerce checkout (auto when WC is active): captures the native terms checkbox.
• Contact Form 7 (opt-in): detects [acceptance] fields automatically and the first email field of the form. Stored as cf7_form_{ID}, one type per form. No snippets required.
• WordPress comments (opt-in): logs the native wp-comment-cookies-consent checkbox (introduced in WP 4.9.6) when the visitor opts in. Stored as comment_consent.
• [tccl_consent_box] shortcode and Gutenberg block: drop a self-contained consent checkbox in any page, post, widget area or HTML field of a form builder. Submission posts to a REST endpoint and writes a record. Always available.

For anything else (Gravity Forms, WPForms, Fluent Forms, custom flows), call tccl_save_consent() from the appropriate hook.

Why a dedicated table

Storing thousands of consent records in wp_postmeta is wasteful and slow. The plugin uses its own indexed table and exposes a public function (tccl_save_consent) that you can call from anywhere to log additional consents in the same place.

Main features

• Records timestamp UTC, IP, user agent, document version, source URL and full consent text per acceptance.
• Custom database table with the right indexes (no wp_postmeta bloat).
• Tamper-evident: each record is sealed with a SHA-256 hash. Any later change to the stored text is detected and reported as TAMPERED in the records list.
• Printable A4 certificate per record, with a built-in “Print / Save as PDF” button — the browser exports the certificate to PDF natively, no external library bundled.
• Native Privacy Tools integration: Tools > Export Personal Data and Tools > Erase Personal Data both include consent records (erasure anonymises rather than deletes — the record itself is the lawful basis to keep it).
• WooCommerce checkout texts are optional — leave them empty and the WooCommerce native text is shown to the customer and stored verbatim.
• Automatic version bump when the text changes (suggests MAJOR.MINOR-YYYY-MM-DD).
• Optional opt-out of IP and/or user agent tracking.
• Configurable retention with a one-click anonymise button (records kept; PII scrubbed).
• Live partial-match filters (email, order, date range, type) + filtered CSV export with UTF-8 BOM (opens cleanly in Excel).
• (When WooCommerce is active) Order metabox with the consent summary, integrity badge and outdated-version indicator. “Consent” column on the orders list (legacy and HPOS) with a quick visual status. Optional consent line in the New order email (admin) and the order confirmation email (customer) — both off by default.
• Optional delete_data_on_uninstall setting (off by default) — uninstalling does not destroy consent evidence unless you explicitly opt in.
• HPOS (custom order tables) compatible.
• Public tccl_save_consent() function to log consents from anywhere.

Translation ready

All strings use the terms-conditions-consent-log text domain. Translations are managed through translate.wordpress.org.

Support

Need help or have suggestions?

• Official website
• WordPress support forum
• YouTube channel
• Documentation and tutorials

Love the plugin? Please leave us a 5-star review and help spread the word!

About AyudaWP.com

We are specialists in WordPress security, SEO, AI and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.