ConsentX.org  ·  Tech 4 Humanity Pty Ltd  ·  ABN 70 666 271 272 Real Journeys · 2026
Real People · Real Consent

What does
your consent
trail look like?

Five people. Five life stages. Five very different consent footprints — and five sets of risks most Australians don't know they're carrying.

People at different life stages
Troy
Troy, 47
Founder · Sydney
 Zara
Zara, 16
Student · Brisbane
 Marcus
Marcus, 34
Parent · Melbourne
 Helen
Helen, 71
Retiree · Adelaide
 Estate
James (estate)
Deceased · Legacy
Troy — Founder, 47
Troy, 47
Founder & Director · Sydney, NSW · NV2 Clearance

Troy runs a portfolio of 30 businesses across AI, health tech, and research. He uses 40+ SaaS tools, 12 banking relationships, holds security clearance, employs contractors, runs clinical research, and manages complex IP. He generates the highest consent volume of any profile — and until ConsentX, had zero visibility over it.

1,847
Consent events estimated annually
94
Active SaaS/platform consents
12
High-risk unrevocable consents
Key consent events this year
🏦
Open Banking — ANZ, Westpac, CBA, Bendigo
CDR data sharing consents across 4 institutions. Third-party access granted to transaction history, account balances, and payee lists. Expiry: variable. Revocation: portal-based, not automatically notified.
High RiskUntracked
🔬
AusIndustry R&D Registration — RDTI claim
Consent to submit R&D expenditure, participant data, and research methodology to ATO and DCCEEW. Includes ethics committee approvals for AI Sweet Spots research (11,241 participants).
High RiskTracked
☁️
AWS, Vercel, Supabase, GitHub ToS renewals
Annual or auto-renewed infrastructure agreements. Data processing addenda, GDPR SCCs, sub-processor lists. Most accepted without review. None tracked centrally.
MediumUntracked
👥
Contractor agreements — IP assignment, confidentiality
Multiple SOWs, NDAs, and IP assignment clauses across 30 business units. Some contractors have signed conflicting agreements. IP chain completeness: 0% confirmed by audit.
High RiskPartial
🛡️
AGSVA NV2 Security Clearance — ongoing data obligations
Consent to ongoing background monitoring, foreign contact disclosure, financial disclosure. Annual obligations. No automated reminder system in place.
High RiskManaged
🤖
AI platform usage — Claude, Gemini, GPT, Perplexity
Data shared with multiple AI providers through daily use. Includes business strategy, financial data, code, and client information. Training opt-outs: partial. Data retention: unknown.
High RiskUntracked
Troy's top 4 consent risks right now
AI platform data sharing — business-sensitive content entered into models with unknown training data policies
Open banking third-party access — 4 banks, active CDR consents, no central revocation dashboard
IP assignment gaps — contractor agreements with conflicting or missing IP clauses across 30 businesses
Research participant consents — 11,241 participants, ethics renewal dates distributed across 9 studies
Zara — Student, 16
Zara, 16
Year 11 Student · Brisbane, QLD · School Sport Captain

Zara is a high-achieving student, sport captain, and active social media user. She consented to 11 platforms before her 14th birthday — most via parental proxy. She now uses 6 platforms independently but cannot revoke her childhood data. Her school holds signed consent forms in filing cabinets.

284
Consent events this year
11
Platform consents she cannot revoke
0
Platforms where she's read the ToS
Key consent events this year
📱
TikTok, Instagram, Snapchat, YouTube — ToS age verification
Age declared as 13+ at account creation (ages 12–13). Parental consent not obtained. Shadow profiles built pre-account from device fingerprinting. Data now held in US and EU servers with no AU deletion mechanism.
High RiskIrrevocable
🏫
School photo & video release — annual paper form
Signed by parent each year. Covers school website, social media, local media, and "educational purposes". Scope undefined. Duration: indefinite. No digital record held by parent.
MediumPaper only
School sport registration — medical treatment consent
Authorises school staff to consent to medical treatment on behalf of parent. Signed once at enrolment. Not reviewed since 2019. Medical information and emergency contacts may be outdated.
High RiskOutdated
🏥
Sexual health clinic — Gillick competence self-consent
Accessed GP independently at 15 under Gillick competence. Consent record held by GP clinic, not shared with parent. Medicare number linked — creates government data trail without parental awareness.
MediumAppropriate
Zara's top consent risks
Childhood platform data — irrevocable profiles built before age of understanding, now held offshore
School medical consent — outdated authorisation covering emergency medical decisions
Photo/video release — indefinite scope, no digital copy, no expiry date
Biometric data — Face ID enrolled on 3 devices, fingerprint on 2, location always-on for 4 apps
Marcus — Parent, 34
Marcus, 34
Project Manager · Melbourne, VIC · Father of 2

Marcus works in construction project management and has two children aged 4 and 7. He manages consent for himself, his wife, and his children — often while rushing through school forms, app updates, and banking renewals. He has signed over 200 consents this year without reading them.

892
Consent events (family, incl. children)
6
Seconds avg spent per consent
3
Active loan covenants he's forgotten
Key consent events this year
🏠
Home loan refinance — Westpac variable rate
182-page mortgage document. Loan covenant includes restrictions on renting rooms, commercial activity, and major renovations without lender consent. Marcus signed in 12 minutes at a broker's office.
High RiskUnread
🧒
Children's school enrolment — proxy consent ×2
Annual re-enrolment consent covering data sharing with state education department, third-party EdTech platforms (Seesaw, Schoolbox), excursion authorisation, and emergency medical treatment.
MediumPaper only
Junior football club registration — 2 children
Includes Working With Children check consent for coaches, medical treatment authorisation, photo consent, and privacy policy. Processed via a PDF emailed to the club secretary. No record held by family.
MediumLost
🏗️
Employment — contractor surveillance consent
Signed consent to employer monitoring of work devices, email scanning, and location tracking on company phone. Includes consent to share performance data with third-party HR analytics platforms.
High RiskUntracked
Marcus's top consent risks
Mortgage loan covenants — signed restrictions on property use that may already be breached
Children's proxy consents — no digital record, cannot demonstrate what was authorised for his kids
Employer surveillance — unknown scope of monitoring on personal device used for work email
Sport club records — medical treatment authorisation held by volunteer secretary, not the family
Helen — Retiree, 71
Helen, 71
Retired Teacher · Adelaide, SA · Widowed 2021

Helen retired in 2018 and lost her husband in 2021. Since then she's navigated estate administration, aged pension applications, and healthcare decisions alone. Her GP recently flagged early cognitive changes. Her adult daughter is increasingly making financial decisions on her behalf — informally, without legal authority.

347
Consent events this year
0
Advance care directives in place
1
Informal carer making decisions without PoA
Key consent events this year
🏥
My Health Record — opt-out review
Helen's My Health Record is on the default opt-in. GP, specialists, pharmacist, and emergency departments can access. Helen is unaware which documents are uploaded or who has viewed them.
High RiskUnreviewed
💊
Polypharmacy consent — 6 medications, 3 specialists
Each specialist prescribing without full visibility of other medications. Helen has signed separate consent forms at each clinic. No central medication consent record. Drug interaction risk unmanaged.
High RiskFragmented
🏦
Superannuation fund — informal daughter access
Daughter informally calls super fund on Helen's behalf. Fund is not legally authorised to deal with daughter. No formal PoA. Helen signs whatever her daughter brings. No record of what was authorised.
High RiskIllegal
🏠
Residential aged care — consent to transition discussions
Aged care provider conducted intake assessment. Helen consented verbally to sharing her assessment with the My Aged Care portal. She does not know what was recorded or who can see it.
High RiskVerbal only
Helen's top consent risks
No Advance Care Directive — if capacity is lost, her wishes for medical treatment are legally unknown
No formal Power of Attorney — daughter's informal financial decisions expose both to legal liability
My Health Record unreviewed — unknown parties have accessed sensitive mental and physical health records
Polypharmacy — six medications consented to across three specialists with no coordinated consent record
James — Estate
James (deceased)
Estate Administrator · Died 2023, age 58 · Sydney, NSW

James died suddenly in 2023. He left a will but no digital estate plan. His family cannot access his email, cryptocurrency wallet, cloud storage, or subscription services. His LinkedIn profile is still active. His bank accounts are frozen. His executor — his wife Sarah — is navigating a legal system with no framework for digital consent after death.

43
Active digital accounts at time of death
0
Platforms with a legal process for executor access
18
Months estimated to resolve estate digitally
Consent failures after death
📧
Gmail / Google account — 20 years of email, Drive, Photos
Google's Inactive Account Manager was never configured. Sarah cannot access. Google requires a court order. Australian courts have no standard process. 20 years of family photos, financial records, and business documents — inaccessible.
CriticalBlocked
Cryptocurrency wallet — seed phrase unknown
James held ~$47,000 in cryptocurrency across two wallets. Hardware wallet found but PIN unknown. Seed phrase not in will or accessible storage. Funds are permanently inaccessible. No legal recourse.
CriticalPermanent Loss
📸
Social media profiles — still active, being messaged
LinkedIn, Facebook active. Former colleagues sending messages to a dead account. Family cannot memorialise or delete without platform-specific bereavement process — each different, none automatic.
MediumActive
💳
Subscription services — still charging the estate
Netflix, Adobe, Spotify, gym membership still billing. Bank accounts frozen so charges failing — creating debt records. Each platform requires separate cancellation with death certificate. Sarah has contacted 12 companies.
MediumOngoing Cost
What James's ConsentX wallet would have enabled
A single digital estate plan with executor access credentials, stored in a verifiable consent wallet
Pre-authorised platform legacy instructions — memorialise, delete, or transfer — executed automatically
Subscription registry with executor cancellation authority built in at consent time
Cryptocurrency access protocol — separate from wallet seed, legally binding, executor-triggered

See the Westpac integration demo

ConsentX wired to Westpac open banking — real CDR consent capture, wallet recording, and revocation dashboard. Marcus's mortgage example, fully live.

View Westpac Demo →

What does
your trail look like?

Install the ConsentX browser extension and start capturing your consent footprint — every click, every form, every agreement — in real time.

Get the Capture App Why It Matters