Developer reference
This document specifies the consent language and checkboxes required on the Care Planning Pro signup flow. It is not a legal document — it is a UI implementation reference to ensure what the user sees matches what the legal documents promise.
Required Signup Checkboxes
The signup form must include the following consent checkboxes. None of them can be pre-checked. All must be actively checked by the user before the “Create Account” button is enabled.
Checkbox 1 — Terms and Privacy Policy (Required)
Display text:
I have read and agree to the Terms of Service and Privacy Policy.
The phrases “Terms of Service” and “Privacy Policy” must be hyperlinks to the respective pages.
Stored field: consent_terms_privacy_accepted_at (timestamp)
Checkbox 2 — No PHI / Sensitive Health Info Acknowledgment (Required)
Display text:
I understand that Care Planning Pro is not HIPAA-compliant and is not designed for Protected Health Information, and I will not enter sensitive health information I do not want stored on the platform.
Stored field: consent_phi_acknowledgment_at (timestamp)
Why this checkbox: This serves three purposes simultaneously. (1) It strengthens the HIPAA disclaimer in our Privacy Policy by getting affirmative user acknowledgment. (2) It creates a paper trail under the Washington My Health My Data Act showing users were warned about PHI. (3) It reduces user-led claims based on the argument “you should have protected my health info.”
Checkbox 3 — Age Confirmation (Required)
Display text:
I am at least 18 years of age and located in the United States.
Stored field: consent_age_location_at (timestamp)
Checkbox 4 — Marketing Communications (Optional)
Display text:
I would like to receive occasional product updates and tips from Care Planning Pro. (You can unsubscribe anytime.)
Stored field: consent_marketing_at (nullable timestamp)
This checkbox must be unchecked by default. Pre-checked marketing consent violates CAN-SPAM best practices and several state laws. Leave it empty and let users opt in.
Storage Requirements
For each checkbox, store in the user record:
- Timestamp of when consent was given (ISO 8601 format)
- Version of the consent text shown at the time (if the text changes in the future, new users should see the new version and have it stored)
- IP address at time of consent (useful for dispute resolution)
Example schema additions in Supabase:
ALTER TABLE profiles ADD COLUMN consent_terms_privacy_accepted_at TIMESTAMPTZ;
ALTER TABLE profiles ADD COLUMN consent_phi_acknowledgment_at TIMESTAMPTZ;
ALTER TABLE profiles ADD COLUMN consent_age_location_at TIMESTAMPTZ;
ALTER TABLE profiles ADD COLUMN consent_marketing_at TIMESTAMPTZ;
ALTER TABLE profiles ADD COLUMN consent_version TEXT;
ALTER TABLE profiles ADD COLUMN consent_ip_address INET;Re-Consent Requirements
When any of the following documents is updated in a way that materially changes user rights or obligations, users must re-consent on next login:
Cosmetic updates (typo fixes, formatting, contact info changes) do not require re-consent.
Washington Users (Future)
When engineering bandwidth allows, add IP-based detection for Washington State residents. When a signup request comes from a Washington IP, display an additional consent screen before proceeding:
I understand that Care Planning Pro may process limited consumer health data as described in the Washington Consumer Health Data Privacy Policy, and I consent to that processing.
Until this is built, Washington users are covered by the general PHI acknowledgment checkbox plus the public Washington Consumer Health Data Privacy Policy.
Signup Flow Summary
Recommended order on the signup page:
- Name / email / password fields
- Checkbox 3 (age / location)
- Checkbox 2 (PHI acknowledgment) — prominent placement
- Checkbox 1 (Terms and Privacy)
- Checkbox 4 (marketing, optional, unchecked by default)
- “Create Account” button (disabled until 1, 2, and 3 are checked)