-
-
Notifications
You must be signed in to change notification settings - Fork 24
User Consent
When user registration is enabled, Panopticon requires all users to explicitly consent to the Terms of Service and Privacy Policy before they can access the application. This helps comply with GDPR and similar data protection regulations.
- User logs in with their credentials (and completes MFA if required).
-
Panopticon checks if the user has previously consented (stored as
consent.tosin their user parameters). -
If consent is missing, the user is redirected to the consent page (
index.php?view=userconsent). The main navigation menu is disabled during this captive flow. -
On the consent page, the user can:
- Review the Terms of Service and Privacy Policy (displayed in expandable accordion sections)
- Open the full policy pages in a new tab
- Click "I Agree" to record their consent and proceed to the application
- Click "I Decline (Log Out)" to be logged out immediately
- Export their personal data (see PII Self-Management)
- Delete their account (see PII Self-Management)
- Once consent is given, the timestamp is recorded and the user is not prompted again on future logins.
The consent flow is only active when user registration is enabled (i.e., the user_registration configuration setting is set to admin or self). When user registration is disabled, the consent flow is skipped entirely.
When upgrading an existing Panopticon installation:
- Existing users who have never consented will be prompted on their next login (if user registration is enabled).
- The initial admin account created during setup automatically receives consent, as the administrator implicitly accepts the terms by setting up the application.
- Users can access the ToS and Privacy Policy pages without logging in, so they can review the policies before deciding whether to register or consent.
While the consent flow is active, the user can still access these views without being redirected:
-
userconsent(the consent page itself) -
policies(public ToS/Privacy Policy pages) -
login/logout -
cron/check setup-
passkeys/captive/mfamethods -
users(only forpwreset,confirmreset,register,activatetasks)
- Consent is stored in user parameters as
consent.tos(boolean) andconsent.timestamp(Unix timestamp). - The consent check runs in
Application::conditionalRedirectToConsent(), which executes after MFA verification but before other captive setup redirects (CRON setup, passkey setup). - The
userconsentview requires any logged-in user (*ACL privilege) and is included in the MFA allowed views list.
Documentation Copyright ©2023–2025 Akeeba Ltd.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
You can also obtain a copy of the GNU Free Documentation License from the Free Software Foundation
- Overview pages
- Working with sites
- Site Overview
- Backup Management with Akeeba Backup Pro
- Security Management with Admin Tools Pro
- Core File Integrity Check
- Scheduled Update Summary
- Scheduled Action Summary
- Backup Tasks
- Scanner Tasks
- System Configuration
- Managing Sites
- Mail templates
- Web Push Notifications
- Legal Policies
- Users and Groups
- Tasks
- Log files
- Update Panopticon
- Database Backups
- Fixing your session save path
- The .htaccess file
- Advanced Customisation (user code)
- Plugins
- Custom CSS
- Custom Templates
- Advanced Permissions
- .env For Configuration
- API Overview
- Sites endpoints
- Stats & Site Status endpoints
- System configuration endpoints
- Tasks endpoints
- Self-update endpoints