quikcue/calvana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bulletproof consent: Gift Aid (HMRC), email opt-in, WhatsApp opt-in with full audit trail

Browse Source 
GIFT AID (HMRC compliance):
- Exact HMRC model declaration text displayed and recorded
- Home address (line 1 + postcode) collected when Gift Aid is ticked
- giftAidAt timestamp recorded separately from the boolean
- Declaration text, donor name, timestamp stored in consentMeta JSON

EMAIL + WHATSAPP (GDPR/PECR compliance):
- Separate, granular opt-in checkboxes (not bundled, not pre-ticked)
- Each consent records: exact text shown, timestamp, consent version
- Consent checkboxes only appear when relevant contact info is provided
- Cron reminders gated on consent — no sends without opt-in
- Pledge creation WhatsApp receipt gated on whatsappOptIn

AUDIT TRAIL (consentMeta JSON on every pledge):
- giftAid: {declared, declarationText, declaredAt}
- email: {granted, consentText, grantedAt}
- whatsapp: {granted, consentText, grantedAt}
- IP address captured server-side from x-forwarded-for
- User agent captured client-side
- consentVersion field for tracking wording changes

EXPORTS:
- CRM CSV now includes: donor_address, donor_postcode, gift_aid_declared_at,
  is_zakat, email_opt_in, whatsapp_opt_in
- Gift Aid export has full HMRC-required fields

Schema: 6 new columns on Pledge (donorAddressLine1, donorPostcode,
giftAidAt, emailOptIn, whatsappOptIn, consentMeta)
This commit is contained in:
Omair Saleh
2026-03-03 07:38:51 +08:00
parent e6b7f325da
commit 865c5a1f93
10 changed files with 468 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pledge-now-pay-later/prisma/migrations/20260303_consent_fields/migration.sql Normal file
View File

@@ -0,0 +1,16 @@
-- Bulletproof consent: Gift Aid (HMRC), email opt-in, WhatsApp opt-in
-- Each consent is tracked with timestamp, exact declaration text, IP, user agent
-- Home address for HMRC Gift Aid claims
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "donorAddressLine1" TEXT;
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "donorPostcode" TEXT;
-- Gift Aid timestamp (when declaration was made)
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "giftAidAt" TIMESTAMP(3);
-- Communication consent (GDPR/PECR)
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "emailOptIn" BOOLEAN NOT NULL DEFAULT false;
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "whatsappOptIn" BOOLEAN NOT NULL DEFAULT false;
-- Consent audit trail (JSON blob — immutable evidence of what was shown + agreed)
ALTER TABLE "Pledge" ADD COLUMN IF NOT EXISTS "consentMeta" JSONB;