Skip to content
Torqueflow Help

WhatsApp Consent and Opt-In

Summary

Section titled “Summary”

Torqueflow tracks customer consent for every type of communication separately, with a full audit trail that meets UK GDPR requirements. There are four consent categories - transactional, service reminders, marketing, and WhatsApp - and each one is managed per customer. This article explains how consent is captured, who can change it, what happens when consent is revoked, and how to handle Subject Access Requests.

Prerequisites

Section titled “Prerequisites”
  • You are an owner, manager, or service advisor.
  • For staff-side consent changes you need the customers.consent.manage capability. Technicians see consent as read-only.

Steps

Section titled “Steps”
Section titled “Understand the four consent categories”

Torqueflow tracks consent in four independent categories. A customer can opt in or out of each one separately:

CategoryCoversDefault for new customers
TransactionalWork order updates, appointment confirmations, completion notices, anything linked to an active job.On (always allowed when a work order exists, even if toggled off).
Service remindersProactive MOT reminders, service due reminders, seasonal check prompts.On
MarketingOffers, promotions, newsletters, unrelated to a specific work order.Off - GDPR requires explicit opt-in for marketing.
WhatsAppMaster switch for the WhatsApp channel. Disables all WhatsApp regardless of the other categories.On

These are stored in the CustomerConsent table with one row per customer per category.

Section titled “Set default consent preferences for new customers”
  1. Go to Settings > Communication.
  2. The Default Consent Preferences card has four toggle switches corresponding to the categories above.
  3. The Work order updates toggle is disabled - you cannot turn this off. It is a transactional necessity.
  4. Offers & promotions is off by default for GDPR compliance. Only turn it on if you are certain your business has a lawful basis and you have a suitable consent capture flow.
  5. Click Save Changes.
  6. These defaults only apply to new customers created after the change. Existing customers keep their current consent state - changes do not apply retroactively.
Section titled “See consent capture at customer creation”
  1. When a new customer is created (via the customer directory, a work order, or a portal signup), four CustomerConsent rows are created automatically using the current defaults.
  2. Each row records source: 'org_default' so you can tell it was set by org defaults rather than explicit customer choice.
  3. Four matching audit log entries are created at the same time, stamping the initial consent state.
  4. If a customer is created before the org has any default settings (unusual edge case), the system falls back to hardcoded safe defaults: transactional=on, service_reminders=on, marketing=off, whatsapp=on.
Section titled “View and change consent on a customer record (staff)”
  1. Open any customer profile.
  2. The Communication Preferences card shows each category with:
    • Current status (granted or not granted).
    • Source of last change (for example “Set by customer via portal”, “Set by staff”, or “Default”).
    • Last updated timestamp.
  3. If you have the customers.consent.manage capability, each toggle is editable. Staff-initiated changes are logged with source: 'staff_entry' and your user ID as performed_by_id.
  4. Technicians see the card but all toggles are read-only.
Section titled “How customers manage their own consent (portal)”
  1. Customers log into the portal and click Communication Preferences from their profile page.
  2. Four toggles with human-friendly labels are shown:
    • Work order updates - disabled/always on when the customer has an active work order, with a tooltip explaining why.
    • Service & MOT reminders - toggleable.
    • Offers & promotions - toggleable.
    • WhatsApp messages - toggleable.
  3. Toggling immediately persists the change via a server action. A success toast confirms it.
  4. Each change creates a ConsentAuditLog entry with:
    • source: 'portal_preference'
    • The customer’s IP address
    • The user agent string
    • The previous value
    • A timestamp
Section titled “See consent captured via WhatsApp OTP verification”
  1. When a customer first sends a WhatsApp message to your garage, Torqueflow may prompt them with an OTP verification flow to confirm phone ownership.
  2. Successful OTP verification captures whatsapp consent with source: 'otp_verification'.
  3. This is treated as explicit consent under UK GDPR because the customer actively initiated communication and confirmed they own the phone.

Understand what the WhatsApp master switch does

Section titled “Understand what the WhatsApp master switch does”
  1. If a customer has whatsapp: false in their consent, no WhatsApp message is sent to them regardless of the other toggles.
  2. This applies to both automated messages (work order updates, reminders) and staff-initiated messages.
  3. Staff trying to send a WhatsApp message to an opted-out customer will see the channel disabled in the composer.
  4. The customer can still message you first - the opt-out only applies to outbound messages from the garage. If they message you, a conversation starts normally and the AI classifies it (subject to the window rules in whatsapp-ai/whatsapp-24-hour-session-window).

Respond to a Subject Access Request

Section titled “Respond to a Subject Access Request”
  1. Every consent change - whether by default seeding, staff edit, portal self-service, import, or OTP verification - is recorded in the ConsentAuditLog table.
  2. The log is immutable. No UPDATE or DELETE is allowed. Historical state can be reconstructed by replaying entries for a customer and category.
  3. Each entry includes: category, action (granted or revoked), previous value, source, IP address, user agent, performed_by_id (staff user if applicable), and an immutable created_at timestamp.
  4. To export a customer’s consent history for a SAR, contact Torqueflow support with the customer ID. An admin can run an export.

Expected Outcome

Section titled “Expected Outcome”
  • New customers get the org’s default consent settings on creation.
  • Customers can change their own preferences at any time from the portal.
  • Staff with the right capability can change consent on behalf of a customer.
  • Every change is audited with enough context to defend against a GDPR complaint.
  • Opted-out customers never receive WhatsApp messages from your garage.

Troubleshooting

Section titled “Troubleshooting”

Problem: I turned on “Offers & promotions” in the default settings but existing customers still have it off. Cause: Default changes do not apply retroactively. They only affect customers created after the change. Fix: Update existing customers individually via their profile, via a bulk consent capture campaign (separate feature), or ask them to opt in via the portal themselves.

Problem: A customer says they opted out of marketing but still received a work order message. Cause: The work order message is transactional, not marketing. Transactional messages are sent regardless of marketing opt-out - they are legally permitted and commercially necessary. Fix: Explain the difference to the customer. If they want to stop transactional messages entirely, they need to complete any active work orders and then opt out of transactional (staff override required).

Problem: Staff edits to consent are not being saved. Cause: Your role does not have the customers.consent.manage capability. Fix: Ask an owner to update your role, or escalate the consent change to an owner/manager.

Problem: A customer changed their preferences in the portal but the change is not reflected on their profile. Cause: Page caching. The customer profile page does not auto-refresh consent changes from the portal in real time. Fix: Refresh the customer profile page.

Problem: I need to prove a customer consented to WhatsApp at a specific point in time. Cause: Standard SAR request. Fix: Contact Torqueflow support with the customer ID. The consent audit log contains every grant and revoke event with source, IP, user agent, and timestamp.

Problem: “Offers & promotions” toggle is on by default for my new customers - that is wrong for GDPR. Cause: Your org default for marketing is set to on. This is dangerous - GDPR requires explicit opt-in for marketing. Fix: Go to Settings > Communication and turn the Offers & promotions default off immediately. Review any customers created while the setting was wrong and, if appropriate, revoke their marketing consent.

Notes

Section titled “Notes”
  • Consent records have RLS enabled, so only users in the correct organisation can see them.
  • The audit log is SELECT-only at the database level - nobody (not even an owner) can delete or modify historical entries. This is a GDPR compliance requirement.
  • WhatsApp consent captured via OTP verification is considered explicit consent under UK GDPR because the customer actively initiated the verification.
  • Transactional messages on an active work order are always allowed regardless of the transactional toggle. The toggle only matters when no work order is active.
  • Consent changes from the portal are stamped with IP address and user agent. Staff changes are stamped with the staff user ID. Default-seeded entries are stamped with source: 'org_default'.

Permissions

Section titled “Permissions”
  • settings.communication.manage - required to change org default consent preferences. Owners and managers by default.
  • customers.consent.manage - required to change consent on individual customer records. Owners, managers, and service advisors by default. Technicians cannot change consent.
torqueflow.app