13

I wondered if anyone could advise on the best way of storing a users acceptance of the Terms and Conditions in the database. I am in the UK if this changes anything.

I have had the T&Cs drawn up by a UK Lawyer so don't need any advice on that part!

At the moment I am thinking at the time of signup having a checkbox saying "I agree to the [linked] terms and conditions" and making sure this is checked to sign them up. In the database I will have a boolean saying True and also a Timestamp along with the email address they used to signup.

Is this enough, if a user ever decided they wanted to challenge their acceptance is this recognised as proof? I have been able to find very little, if no, information about this on the web.

bateman_ap
  • 239

3 Answers3

13

The documents may change when time passes. They get clarifications and modifications. Since this is a legal document, I would store the actual time of acceptance and link the acceptance to exact document version that was accepted. This prevent any ambiguities due the fact that users that registered on 2010 accepted version 1.2 and users registered later accepted version 1.3.

Also it does not hurt to store the actual documents to the database.

Juha Syrjälä
  • 984
6

In case someone ends up on this post as I did, here are some a bit more up-to-date ideas in the era of GDPR :

The way I would do it is by saving the timestamp of agreement and the IP address of the user. I would also write down the "version" of the ToS the User has accepted (timestamp of last update works), so that I could easily retrieve a list of people I need to notify of a change, or ask them for their approval on the changes.

To me the combination of IP + timestamp is helpful because in most cases you can link that to an Internet connection/location/person with the help of internet providers (highly unlikely that you would need to go that far but it will probably seduce the GDPR compliance inspector).

Martin Vandersteen
  • 71
  • 1
  • 3
3

Usually T&C acceptance is a one-time event, so I don't see a need to handle a situation where users will want to revert their choice. If the T&C changes, you could always prompt the user to re-agree with the new terms, and go from there.