quikcue/calvana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bulletproof consent: Gift Aid (HMRC), email opt-in, WhatsApp opt-in with full audit trail

Browse Source 
GIFT AID (HMRC compliance):
- Exact HMRC model declaration text displayed and recorded
- Home address (line 1 + postcode) collected when Gift Aid is ticked
- giftAidAt timestamp recorded separately from the boolean
- Declaration text, donor name, timestamp stored in consentMeta JSON

EMAIL + WHATSAPP (GDPR/PECR compliance):
- Separate, granular opt-in checkboxes (not bundled, not pre-ticked)
- Each consent records: exact text shown, timestamp, consent version
- Consent checkboxes only appear when relevant contact info is provided
- Cron reminders gated on consent — no sends without opt-in
- Pledge creation WhatsApp receipt gated on whatsappOptIn

AUDIT TRAIL (consentMeta JSON on every pledge):
- giftAid: {declared, declarationText, declaredAt}
- email: {granted, consentText, grantedAt}
- whatsapp: {granted, consentText, grantedAt}
- IP address captured server-side from x-forwarded-for
- User agent captured client-side
- consentVersion field for tracking wording changes

EXPORTS:
- CRM CSV now includes: donor_address, donor_postcode, gift_aid_declared_at,
  is_zakat, email_opt_in, whatsapp_opt_in
- Gift Aid export has full HMRC-required fields

Schema: 6 new columns on Pledge (donorAddressLine1, donorPostcode,
giftAidAt, emailOptIn, whatsappOptIn, consentMeta)
This commit is contained in:
Omair Saleh
2026-03-03 07:38:51 +08:00
parent e6b7f325da
commit 865c5a1f93
10 changed files with 468 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pledge-now-pay-later/src/app/api/cron/reminders/route.ts
View File

@@ -62,8 +62,8 @@ export async function GET(request: NextRequest) {
const daysSince = Math.floor((now.getTime() - pledge.createdAt.getTime()) / 86400000)
try {
// WhatsApp channel
if (channel === "whatsapp" && phone && whatsappReady) {
// WhatsApp channel — only if donor consented
if (channel === "whatsapp" && phone && whatsappReady && pledge.whatsappOptIn) {
const result = await sendPledgeReminder(phone, {
donorName: pledge.donorName || undefined,
amountPounds: (pledge.amountPence / 100).toFixed(0),
@@ -96,8 +96,8 @@ export async function GET(request: NextRequest) {
}
}
}
// Email channel (exposed via webhook API for external tools like n8n/Zapier)
else if (channel === "email" && email) {
// Email channel — only if donor consented
else if (channel === "email" && email && pledge.emailOptIn) {
// Generate content and store for external pickup
const payload = reminder.payload as Record<string, string> || {}
const bankDetails = pledge.paymentInstruction?.bankDetails as Record<string, string> | null