HoopAI provides the tools for compliance — but compliance itself is your responsibility. Consult with a legal professional for jurisdiction-specific requirements.
Recording consent
Consent custom fields
Create custom fields to track consent status and source for each contact:Create consent fields
Go to Settings → Custom Fields and create fields such as:
- Consent Status (dropdown: Opted In, Opted Out, Pending)
- Consent Source (text: form, verbal, import, etc.)
- Consent Date (date field)
- Legal Basis (dropdown: Consent, Legitimate Interest, Contract, Legal Obligation)
Consent checkboxes on forms
Add a consent checkbox to every form where you collect personal data:- In the form builder, add a Checkbox element
- Set the label to your consent text (e.g., “I agree to receive marketing communications from [Company Name]”)
- Map the checkbox to your Consent Status custom field
- Make it a required field if consent is mandatory
Managing opt-in and opt-out
Opt-in channels
Track consent per communication channel using the contact’s DND (Do Not Disturb) settings:| Channel | DND setting | Effect |
|---|---|---|
| DND Email ON | No marketing or bulk emails sent | |
| SMS | DND SMS ON | No SMS messages sent |
| Phone | DND Call ON | No outbound calls |
| DND WhatsApp ON | No WhatsApp messages | |
| All | DND All ON | No communication on any channel |
Processing opt-outs
- Automatic: Email unsubscribe links and SMS STOP replies automatically update DND
- Manual: Update DND in the contact record under the DND section
- Workflow: Use the “Update DND” action in workflows to set opt-out status programmatically
- Bulk: Use bulk actions to update DND for multiple contacts at once
Data subject requests
GDPR gives individuals rights over their personal data. Here is how to handle each request type in HoopAI:Right of access (SAR)
When a contact requests a copy of their data:Export their data
Open the contact record and click Export Contact Data (or use the API to pull all fields).
Right to erasure (right to be forgotten)
Delete the contact
Delete the contact from HoopAI. This removes their personal data from the platform.
Check integrations
Delete their data from any connected third-party tools (Zapier, Google Sheets, etc.) where data may have been synced.
Right to rectification
Update incorrect data on the contact record. The contact can also update their own information through forms or the client portal.Right to restrict processing
Set DND on all channels for the contact. Add a tag like “Processing Restricted” to prevent accidental re-enrollment in workflows.Audit trail
HoopAI logs activity on contact records, which can serve as part of your audit trail:- Activity log — shows when fields were changed, who changed them, and what the old/new values were
- Consent fields — custom fields you set up to track consent date, source, and legal basis
- Workflow history — shows which automations the contact was enrolled in and when
- Communication history — full record of emails, SMS, and calls
Data Processing Agreement (DPA)
If you need a DPA with HoopAI (required under GDPR when using a data processor), contact HoopAI support to request the standard DPA.Best practices
Always record the source of consent
Always record the source of consent
Track where and when each contact opted in — form name, date, IP address if possible. This is your proof of consent if challenged.
Use double opt-in for email marketing
Use double opt-in for email marketing
Send a confirmation email after form submission requiring the contact to click a link to confirm their subscription. This is considered best practice under GDPR.
Review consent regularly
Review consent regularly
GDPR consent does not last forever. Consider re-confirming consent periodically, especially for contacts who have not engaged recently.
Train your team
Train your team
Ensure all team members understand how to handle data subject requests and where to find consent records in HoopAI.