Consent Architecture
- Executive Summary
- Working Knowledge
- Technical Spec
Consent is one of the most misunderstood areas of data privacy law — and one of the most dangerous to get wrong. In an enterprise coaching context, the employer-employee power imbalance means that "consent" from an employee is often not freely given, which makes it legally invalid under GDPR. ReGenesis addresses this by using a layered lawful basis strategy: contractual necessity and legitimate interest handle the core coaching service, while explicit consent is reserved specifically for sensitive personal data (emotional, health-adjacent, and deeply personal content).
The enterprise client (employer) is the data controller; ReGenesis is the data processor. This distinction is critical for contracts, liability, and data subject rights. The consent management module records, timestamps, and versions every consent interaction, providing a complete audit trail that satisfies both regulators and enterprise legal teams.
The consent architecture is designed for the real-world complexity of enterprise coaching: onboarding flows that clearly explain data handling, granular permission controls for Sasha's AI capabilities, easy withdrawal mechanisms that do not penalize the coachee, and consent refresh cycles for long engagements. This is not a cookie banner — it is a sophisticated, user-friendly system that builds trust with every interaction.
The Three Lawful Bases Used
GDPR requires a "lawful basis" for every data processing activity. There are six possible bases; ReGenesis uses three:
1. Contractual Necessity (Primary Basis)
When it applies: For everything that is necessary to deliver the coaching service.
The enterprise client signs a service agreement with ReGenesis. The coachee's employer enrolls them in the coaching program as part of their employment benefits or development program. Processing their coaching data is necessary to perform the contract.
What it covers:
- Storing session transcripts and coaching notes
- Generating AI coaching insights (Sasha's core function)
- Coach-coachee communication
- Progress tracking and goal management
- Session scheduling and logistics
Why this is important: This basis does not require the coachee to "consent" — the processing is necessary for the service they are enrolled in. This avoids the power imbalance problem (an employee cannot freely consent to something their employer requires).
2. Legitimate Interest (Secondary Basis)
When it applies: For processing that is not strictly necessary for the contract but serves a legitimate business purpose, balanced against the individual's rights.
What it covers:
- Aggregated analytics for executive dashboards (with anonymization)
- Security monitoring and fraud detection
- Product improvement using anonymized usage patterns
- Internal compliance monitoring
Requirement: Each legitimate interest use must pass a Legitimate Interest Assessment (LIA) — a documented balancing test showing the interest is legitimate, the processing is necessary, and the individual's rights are not overridden.
3. Explicit Consent (For Sensitive Data Only)
When it applies: When processing special category data — health, mental health, emotional content, deeply personal reflections.
What it covers:
- Processing content flagged as sensitive personal data
- Deep personal development content that touches on therapy territory
- Health-related discussions in coaching sessions
- Enhanced Sasha analysis of sensitive content
ReGenesis deliberately avoids over-reliance on consent as a lawful basis in the enterprise context. GDPR regulators have made clear that consent from employees is problematic due to the power imbalance. Consent is used only where it is legally required (sensitive data); contractual necessity or legitimate interest covers everything else. This is legally more robust and better for coachees.
Controller vs. Processor: Who Is Who?
| Role | Who | Responsibilities |
|---|---|---|
| Data Controller | Enterprise client (employer) | Determines why and how personal data is processed. Responsible for lawful basis, privacy notices to employees, responding to DSRs. Signs DPA with ReGenesis. |
| Data Processor | ReGenesis | Processes data only on the controller's instructions. Provides DPA template. Implements technical and organizational security measures. Assists controller with DSRs. |
| Sub-Processor | Anthropic, AWS, etc. | Engaged by ReGenesis with controller's prior authorization. Subject to equivalent data protection obligations. Listed in sub-processor register. |
| Data Subject | Coachee (employee) | The individual whose data is processed. Has rights under GDPR/CCPA. Interacts directly with the platform but DSR requests flow through the controller. |
The Consent Management Module
When Consent Is Collected
Consent is collected at specific, well-defined moments — not as a blanket "accept all" at signup:
| Moment | What's Consented To | Type | Revocable? |
|---|---|---|---|
| Onboarding | Platform terms, coaching service, standard data processing | Contractual (not consent) | N/A — part of service |
| First Session | Sensitive content processing — "I understand this platform may process personal and emotional content" | Explicit consent | Yes, at any time |
| Sasha Activation | AI observation and analysis permissions — observe/analyze/act modes | Explicit consent | Yes, per-permission |
| Feedback Surveys | Use of feedback data for program analytics | Legitimate interest (with opt-out) | Opt-out available |
| Data Export | Sharing data with third parties (if requested) | Explicit consent | Yes, per-request |
| Engagement End | Retention period preference — how long to keep data post-engagement | Informed choice | Can request deletion anytime |
Consent Withdrawal
A coachee can withdraw consent at any time without penalty. Here is what happens:
- Coachee clicks "Manage Privacy Settings" in their profile
- They see their active consents with clear "Withdraw" buttons
- On withdrawal, a confirmation dialog explains consequences
- Withdrawal is recorded with timestamp and reason (optional)
- Processing stops for that specific consent within 24 hours
- Data already processed under consent is retained (lawful at time of processing) unless deletion is also requested
- Coach is notified that certain Sasha capabilities are now restricted for this coachee
The platform must not degrade the coaching experience punitively when consent is withdrawn. Core coaching functionality (sessions, notes, goal tracking) continues under the contractual basis. Only the specific sensitive-data or AI capabilities that required explicit consent are affected.
Power Imbalance Considerations
In enterprise contexts, the employer enrolls employees in coaching programs. This creates a power dynamic:
- The employee may feel they cannot refuse if their manager recommended coaching
- GDPR regulators say consent is not freely given when there is a "clear imbalance" between the data subject and controller
- The ReGenesis approach: Use contractual necessity as the primary basis, so the coachee is not put in a position of "consenting" to something their employer requires
Safeguards:
- Coachees are informed that their individual coaching content is never shared with their employer (only anonymized aggregates)
- The platform prominently displays the data visibility model (what the coachee sees vs. what the coach sees vs. what the admin sees)
- Consent for sensitive data processing is presented as a genuine choice with no negative consequences for declining
- Annual consent refresh reminds coachees of their rights and options
When enterprise legal and procurement teams evaluate ReGenesis, the consent architecture is one of the first things they examine. Having a clear controller/processor distinction, granular consent management, and documented power-imbalance safeguards dramatically accelerates the procurement cycle.