TrustedForm Retain

Learning Objectives

• You will understand what TrustedForm Retain is.
• You will see how it is used in practice to safeguard consumer consent documentation.
• You will be able to explain its benefits, common questions, and various retention methods confidently.

Overview

Summary:
TrustedForm Retain is a service that securely stores and makes accessible TrustedForm certificates—immutable digital records capturing a consumer’s consent event, complete with metadata, session replay, and consent language details.

Why It Matters:
By retaining these certificates, marketers and lead buyers obtain verifiable proof that consent was given, supporting legal compliance (e.g., TCPA), streamlining audits, and reducing the risk of disputes over consumer consent.

Practical Examples

Example 1: Using the Auto‑Retain Method
A publisher verifies ownership of their domain through TrustedForm. Once verified, they enable Auto‑Retain on their dashboard. When a consumer submits a lead form from that domain, the TrustedForm Certify Web SDK automatically creates a certificate and stores it in the publisher’s TrustedForm account for up to 5 years.

Example 2: Manual Retain via API Call
A company not enabled for Auto‑Retain manually retains a certificate by sending an API POST request with the certificate URL and additional parameters (such as phone and email for fingerprint matching). The API validates that the certificate’s data meets consent standards and then retains the certificate in the account, returning an outcome of “success,” “failure,” or “error” based on the validation results.

Example 3: Retain via LeadConduit Flow
A company using both TrustedForm and LeadConduit retains certificates automatically by adding the TrustedForm Add-on step to their LeadConduit flow. When a lead enters the flow, LeadConduit reads the trustedform_cert_url field and sends the retain request on the customer’s behalf.

If the TrustedForm step returns success or failure (e.g., a page-scan failure), LeadConduit will still retain the certificate for the retention period configured in the customer’s account (default: 5 years).
If the TrustedForm step returns error (e.g., expired certificate, invalid URL, missing certificate), the certificate cannot be retained and the flow may be filtered or stopped based on customer configuration.

Implications & Applications

Key Takeaways:

• TrustedForm Retain provides a secure, long-term record of consumer consent, protecting against legal and regulatory risks.
• Retained certificates include detailed session replay, consent language, and lead data fingerprints that help prove compliance.
• Certificates can be retained in several ways: through Auto-Retain (domain-verified), manual API operations, UI-based Click-to-Retain, or LeadConduit’s TrustedForm add-on. This provides flexibility for different operational and technical needs.

Practical Applications

• Legal Audits and Compliance: Use retained certificates as immutable proof of consent during disputes or regulatory reviews.
• QA and Vendor Management: Regularly review retained certificates to verify that consent language and fingerprint data match lead information, ensuring vendors adhere to prescribed standards.
• Workflow Integration: Incorporate TrustedForm Retain in lead acquisition flows to automate certificate retention and seamlessly integrate consent verification with CRM systems and marketing platforms.

Frequently Asked Questions (FAQ)

Q: What exactly is TrustedForm Retain?
A: TrustedForm Retain is the service that captures, validates, and stores TrustedForm certificates for long-term reference, providing an auditable record of a consumer’s consent event.

Q: How long are retained certificates stored?
A: By default, retained certificates are stored for up to 5 years, though this duration may be adjusted based on contractual agreements or regulatory requirements.

Q: What is the difference between Auto‑Retain and manual API retention?
A: Auto‑Retain automatically stores certificates from verified domains when a lead is submitted, while manual API retention involves sending an API request with the certificate URL and accompanying lead data (such as email and phone), allowing for additional validations like fingerprint matching.

Q: How do I know if a certificate has been successfully retained?
A: After a lead submission, wait about 15 minutes and then check the TrustedForm certificate URL. A successfully retained certificate will be accessible through your TrustedForm account and will show retention details.

Q: Do I need to validate the certificate before retaining it?
A: It is best practice to verify that the certificate URL is correctly formatted and that the certificate’s content meets your consent and fingerprint criteria before triggering retention.

Q: Can retained certificates be used to audit lead quality?
A: Yes, retained certificates document precise user interactions and consent language, making them invaluable for auditing lead generation practices and ensuring compliance.

Q: Can I retain the same certificate more than once?
A: No, TrustedForm Retain will only allow you to retain a certificate one time. Legacy products offerings have allowed this behavior so make sure you are specifically using TrustedForm Retain to store your certificates.

Q: What’s the average response time for a TrustedForm retain request?
A: The average response time for a TrustedForm Retain request is very fast. In fact, 99% of requests finish in under 500 milliseconds.

Glossary