Terms & Conditions Consent Log

Article 7.1 of the GDPR demands more than a boolean: the defensible consent record needs the timestamp, the IP, the user agent, the document version in force at that moment and the exact text the user was shown.

Terms & Conditions Consent Log fills that gap for any acceptance checkbox on your site, with or without WooCommerce. Every accepted consent — at the WooCommerce checkout, in a Contact Form 7 form, in a WPForms form, in the WordPress comments form, on the WordPress / WooCommerce login or registration form, or in a stand-alone shortcode/block — writes a row to a dedicated indexed table, sealed with a SHA-256 hash of the accepted text so any later change is detectable. From a clean admin screen you can filter, search, export to CSV, integrate with the native WordPress Privacy Tools, and open a one-page printable A4 certificate per record (your browser saves it as PDF in one click).

Works with or without WooCommerce

The admin menu lives under Users → Consent log on every install, with or without WooCommerce. The WooCommerce-specific bits (checkout capture, order metabox, “Consent” column on the orders list, optional consent line in the order emails) load only when WooCommerce is active; everything else (Records, Settings, CSV export, PDF certificate, Privacy Tools integration) works the same way on any WordPress site.

Sources of consent

• WooCommerce checkout (auto when WC is active): captures the native terms checkbox.
• Contact Form 7 (auto): detects [acceptance] fields automatically and the first email field of the form. Stored as cf7_form_{ID}, one type per form. No snippets required. On by default; turn off in Settings if it does not apply.
• WPForms (auto): detects GDPR Agreement fields automatically and the first email field of the form. Stored as wpforms_form_{ID}, one type per form. Works with WPForms Lite and Pro. No snippets required. On by default; turn off in Settings if it does not apply.
• WordPress comments (auto): logs the native wp-comment-cookies-consent checkbox (introduced in WP 4.9.6) when the visitor opts in. Stored as comment_consent. On by default; turn off in Settings if your site uses Disqus, Jetpack or another third-party comments system.
• WordPress login and registration (auto): captures successful logins and registrations through wp-login.php when a consent checkbox is ticked on the form. Stored as wp_login and wp_register. Registration is on by default; login is off by default (a normal login form has no consent checkbox, so login only matters for re-consent flows). The “Remember me” checkbox is excluded by design (ePrivacy / cookie preference, not GDPR consent).
• WooCommerce login and registration (auto when WC is active): same idea for the My Account page. Stored as wc_login and wc_register. Registration is on by default; login is off by default, like the WordPress rows above. An opt-in toggle can inject the consent checkbox into the WC register form, since WooCommerce does not ship one natively.
• [tccl_consent_box] shortcode and Gutenberg block: drop a self-contained consent checkbox in any page, post or widget area as a stand-alone block. Submission posts to a REST endpoint and writes a record. Always available.

For anything else (Gravity Forms, Fluent Forms, Elementor Forms, Forminator, custom flows), call tccl_save_consent() from the appropriate hook.

Why a dedicated table

Storing thousands of consent records in wp_postmeta is wasteful and slow. The plugin uses its own indexed table and exposes a public function (tccl_save_consent) that you can call from anywhere to log additional consents in the same place.

Main features

• Records timestamp UTC, IP, user agent, document version, source URL and full consent text per acceptance.
• Custom database table with the right indexes (no wp_postmeta bloat).
• Tamper-evident: each record is sealed with a SHA-256 hash. Any later change to the stored text is detected and reported as TAMPERED in the records list.
• Printable A4 certificate per record, with a built-in “Print / Save as PDF” button — the browser exports the certificate to PDF natively, no external library bundled.
• Native Privacy Tools integration: Tools > Export Personal Data and Tools > Erase Personal Data both include consent records (erasure anonymises rather than deletes — the record itself is the lawful basis to keep it).
• WooCommerce checkout texts are optional — leave them empty and the WooCommerce native text is shown to the customer and stored verbatim.
• Automatic version bump when the text changes (suggests MAJOR.MINOR-YYYY-MM-DD).
• Optional opt-out of IP and/or user agent tracking.
• Configurable retention with a one-click anonymise button (records kept; PII scrubbed).
• Live partial-match filters (email, order, date range, type, full-text search inside the accepted text) + filtered CSV export with UTF-8 BOM (opens cleanly in Excel).
• (When WooCommerce is active) Order metabox with the consent summary, integrity badge and outdated-version indicator. “Consent” column on the orders list (legacy and HPOS) with a quick visual status. Optional consent line in the New order email (admin) and the order confirmation email (customer) — both off by default.
• Optional delete_data_on_uninstall setting (off by default) — uninstalling does not destroy consent evidence unless you explicitly opt in.
• HPOS (custom order tables) compatible.
• Public tccl_save_consent() function to log consents from anywhere.

Translation ready

All strings use the terms-conditions-consent-log text domain. Translations are managed through translate.wordpress.org.

Support

Need help or have suggestions?

• Official website
• WordPress support forum
• YouTube channel
• Documentation and tutorials

Love the plugin? Please leave us a 5-star review and help spread the word!

About AyudaWP.com

We are specialists in WordPress security, SEO, AI and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.