Guides
Start typing to search…

Consents

Before retrieving an individual’s information, you must provide proof of their consent.

Why Providing Consent Is Required

Consent is a mandatory requirement. Before retrieving any data on a specific individual, we must ensure that they have explicitly authorized us to access their information on their behalf.

This ensures compliance with data protection regulations and builds trust across all parties — the individual, the client, and the data source. Consent must be informed, specific, and documented, meaning the user must understand what data is being accessed, for what purpose, and must actively agree to it.

By capturing and submitting proper consent, you help ensure:

  • Legal and regulatory compliance
  • Transparency in data usage
  • Protection of user rights
  • Continued access to valuable data sources

Please note: our Data Partners will only authorize access if we can clearly demonstrate that the individual has explicitly agreed to share their information. Without valid consent, access to the requested data will be denied.


What You Need to Provide

When creating a consent, include the following:

  • Privacy Policy URL: A link to the privacy notice that your users and/or potential customers have expressly accepted, which must explicitly identify income-related data as a category of personal data collected.
  • IP Address: The IP address at the time of consent. This can be the IP address of your server or of the user, depending on your architecture.

🗺️

The ip_address helps demonstrate that consent was collected transparently and with traceability. If you’re unable to capture the user’s IP address, we recommend at least submitting a proxy IP (such as the server’s IP). However, we strongly encourage collecting the actual user’s IP when possible for compliance purposes.


This data allows us to demonstrate compliance by showing:

  • What terms were accepted
  • When the consent was given
  • From where the consent was given (IP address)

Reuse of Consent

Once created, a consent:

  • Can be reused for future verifications related to the same individual
  • Expires after 365 days

This means you only need to create consent once per identifier (CURP or RFC) per year.


Example Payload

{
  "identifier": "XXXX010101XXX",
  "privacy_policy_url": "https://yourdomain.com/privacy",
  "ip_address": "203.0.113.1"
}

You can learn more about consents by reviewing the Consents API Endpoints

Updated 2 months ago