Consent Logging Policy

This Consent Logging Policy establishes the standards and procedures for capturing, recording, storing, and protecting user consent related to: End User Website Agreement (EUWA), Privacy Policy, Terms of Service, Data Collection Policy, optional data permissions (geolocation, timezone), marketing communications, and any future legally binding digital agreements.

This policy ensures that electronic consent obtained through EduVerse™ is legally valid, auditable, tamper-resistant, and enforceable under: IT Act 2000 (India), Indian Contract Act 1872, Evidence Act §65B (India), and GDPR (for international users).

This policy applies to:

• All registered users (students, tutors, administrators)
• Minor users where parental consent is required
• All platform interfaces where consent is collected
• All employees and contractors handling consent data
• All systems storing or processing consent records

EduVerse™ uses Clickwrap Consent — the highest legally defensible method of digital agreement.

Consent is considered valid only when:

1. The user is presented with the full EUWA text (scrollable, accessible).
2. The user affirmatively selects a mandatory checkbox confirming review and acceptance.
3. The checkbox is not pre-selected.
4. The system prevents access until consent is recorded.
5. The user completes an explicit action (clicking "I AGREE — Continue to EduVerse™").

Upon user acceptance, the system automatically logs the following:

5.1 — User Identification

5.2 — Agreement Information

5.3 — Technical Metadata

5.4 — System Integrity Data

1. Each agreement must be versioned (v1.0, v1.1, etc.).
2. A document snapshot must be preserved for each version (in /docs/).
3. A SHA-256 hash must be generated for every version and stored in the codebase.
4. When material changes occur, users must be required to re-consent.
5. Previous consent records must never be overwritten or deleted.

Triggers for Mandatory Re-Consent

• Terms materially change
• Data collection scope expands
• Payment terms are altered
• Jurisdiction or governing law changes
• Arbitration clauses are introduced or modified

7.1 — Firestore Collection

Consent records are stored in the user_consents collection:

/user_consents/{consentId}

• Records are append-only — no edits, no overwrites.
• Admin edits to consent logs are strictly prohibited.

7.2 — Retention Period

• For the lifetime of the user account, and
• For a minimum of 7 years after account termination, or
• Longer if required by applicable law.

Because the EUWA is presented on the public landing page before sign-up:

1. Phase 1 — Anonymous consent logged at acceptance time (with IP, user agent, timestamp, geo).
2. Phase 2 — After sign-up, the consent record is updated via PATCH /api/consent/log to link the user's userId, email, and fullName.

The consentId is stored in localStorage under key eduverse_euwa_consent_id to bridge the two phases.

Where applicable:

1. Users under 18 must provide verifiable parental or guardian consent.
2. The system logs: isMinor: true, parentalConsentObtained, and parent/guardian email.

The consent log is queryable from the EduVerse™ Owner Dashboard under App Settings → Web Settings → EUWA & Consent.

For legal proceedings, records can also be exported from Firestore Console: Firebase Console → Firestore → user_consents collection → Export.

EduVerse™ recognizes electronic acceptance via Clickwrap as legally binding and equivalent to a handwritten signature under IT Act 2000 §5 (India) and Electronic Transactions Act (international jurisdictions). The verbatim consent statement text and timestamp constitute the electronic signature record.