AI Consent Flow Design
A reusable pattern for designing transparent, auditable AI consent flows in production applications. This recipe walks through capturing user opt-in, scoping data usage, and persisting consent decisions across sessions so your AI features stay compliant from day one.
1. Capture Granular Consent
Avoid blanket toggles. Split consent into discrete scopes: model training, prompt logging, third-party model routing, and analytics. Render each scope as an explicit checkbox with a one-line plain-English description so users know what they accept.
- Default every scope to OFF. Opt-in only.
- Show the model provider name (Anthropic, Azure, etc.) in the description.
- Render a link to your DPA inline, not buried in a footer.
2. Persist the Decision Server-Side
Client-only state is not auditable. Write the consent decision to your database with a timestamp, IP hash, and the exact wording the user saw. Treat the consent row as immutable history; new decisions create new rows rather than mutating old ones.
POST /api/consent
{
"user_id": "usr_...",
"scope": "model_training",
"granted": true,
"version": "2026-06-27",
"shown_text_hash": "sha256:..."
}3. Re-Prompt on Scope Changes
When you add a new model provider or change how data is routed, the old consent no longer covers the new scope. Bump the consent version and gate AI features until the user accepts the new terms. This is a feature, not a friction point.
Pair the re-prompt with a clear changelog entry so users see exactly what changed and why. Trust compounds when consent is treated as a living contract.