runbookify
← All plans
Marketing Operations / Email List & Newsletter Ops

Double Opt-In & Consent Tracker: Prove How Every Subscriber Said Yes

A subscribe flow with double opt-in plus a tamper-evident consent ledger — the exact wording, timestamp, source, and confirmation click for every subscriber — so you can actually prove CASL, CAN-SPAM, and GDPR compliance.

IntermediateA weekendBuilds onNext.jsSupabaseResend
What you'll build

A web tool with a public subscribe form and a private admin console: signups trigger a confirmation email, the click confirms and writes a consent record (verbatim wording, timestamp, source, IP), an admin approves the consent wording and any legacy bulk import before contacts become confirmed, and you can export a confirmed list plus a full consent-ledger CSV on demand.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A Supabase account (free)
  • A Vercel account (free)
  • A Resend account (free) with a verified sending domain
  • A CSV of your existing/legacy subscribers (optional, for the import path)
  • Claude Code or any AI coding agent

The problem this kills

A regulator, a client, or your own lawyer asks one simple question: "Show me how this person consented to receive your email." For most marketing teams, the honest answer is a shrug. The signup happened on a form that's since been redesigned, the consent checkbox wording changed three times, the timestamp lives somewhere in an export nobody can find, and half the list came from a spreadsheet a coworker imported two jobs ago with no record of where it came from.

Under CASL, CAN-SPAM, and GDPR, "we definitely got permission" is not a defense — you have to be able to prove it: the exact wording the person agreed to, when they agreed, where they signed up, and (for double opt-in) that they clicked a confirmation link to verify the address was really theirs. The good news is that proof is entirely buildable. You just need a subscribe flow that confirms the address and a ledger that records the consent verbatim and never loses it. You do not need to be a developer to build that.

What you'll build

A small internal tool with two faces. The public side is a subscribe form: email, a consent checkbox showing your exact consent wording, and a hidden record of the source (which page or campaign sent them). Submitting sends a confirmation email; clicking the link confirms the subscriber and writes a permanent consent record capturing the verbatim wording they agreed to, the timestamp, the source, and the IP. Unconfirmed signups stay in a separate "pending" state — they never count as subscribers until they click.

The private side is an admin console. An admin reviews and approves the active consent wording before it goes live, and reviews any bulk import of legacy contacts — which must carry an attested basis for their consent — before those contacts are added as confirmed subscribers. From there you can export a clean confirmed-subscriber list and a full consent-ledger CSV (every record, with wording and timestamps) whenever someone asks you to prove it.

What's inside the Implementation Plan

The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — how people subscribe today, what your current consent wording says, which jurisdictions you have to satisfy, where your existing list came from and whether you can attest to its consent basis, your double opt-in expiry rules, and the messy edge cases (re-subscribes, role addresses, suppressions). It reads a short spec back to you for a thumbs-up, then builds the tool around your answers — your wording, your rules, your jurisdictions — instead of a generic template. From there it walks the agent through the data model, the subscribe form, the double opt-in confirmation flow, the consent ledger, the admin approval gates, the legacy-import path, and the two CSV exports. Every step ends with a ready-to-copy prompt.

The governance it includes (this is the point)

This isn't a toy. The plan builds in the controls a real, audit-ready marketing function needs: login so only your team reaches the admin console, row-level security so you only ever see your own organization's subscribers, and a complete audit trail of every action — wording changes, confirmations, imports, approvals, and exports — recorded with who, what, and when. There's a hard human-approval gate so the active consent wording and every legacy bulk import are reviewed and signed off by a person before anything is written to your confirmed list. And there are duplicate guards: a lowercased-email key so re-subscribes update an existing record instead of creating a second one, and an import guard so the same file can't be processed twice. The audit trail is append-only — the whole point is that you can hand it to a regulator.

Who it's for

Marketing ops leads, newsletter owners, and founders who collect email addresses but couldn't prove, today, how or when any given subscriber said yes. If you can describe how people sign up and what your consent checkbox says, you can build this.

You've got this — open the plan, paste the first prompt, and you'll have a defensible, double-opt-in list with a real consent ledger by the end of the weekend.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.