ConsentKeys
How It Works

Privacy by design, not by policy.

ConsentKeys sits between users and apps. It verifies identities once, then issues unique pseudonymous aliases — so apps never touch personal data.

01

User is verified once

Sign in with a magic link — no password, no form. ConsentKeys confirms they're a real person and their real identity never leaves ConsentKeys.

02

ConsentKeys generates an alias

For each app the user accesses, ConsentKeys creates a unique pseudonymous identifier — an “alias”. Different app, different alias. No PII is stored on the app's side.

03

Apps get the alias, never their real identity

The app receives a signed OIDC token. The ‘sub’ claim is the user’s alias, not their email. No PII is stored on the app’s side — nothing to breach, nothing to subpoena.

04

User stays in control

Revoke access to any app at any time from the ConsentKeys dashboard. The alias is invalidated instantly — the app loses access without knowing anything about the user.

Two audiences, one platform

The same flow, seen differently

For Consumers

  1. 01Click “Login with ConsentKeys” on any supported app
  2. 02Verify your identity once via magic link
  3. 03ConsentKeys issues a unique alias for that app
  4. 04You’re logged in — the app sees only your alias
  5. 05Manage or revoke app access from your dashboard
Try it free

For Developers

  1. 01Register your app and receive a client_id
  2. 02Redirect users to ConsentKeys /authorize
  3. 03Exchange the auth code for an id_token
  4. 04Decode the JWT — sub is a ck_u_… alias
  5. 05Build normally — zero PII ever stored
Read the docs

The Token

No PII. Not even by accident.

When your app decodes the ConsentKeys id_token, here is what you get. Notice what is missing — no email, no name, no date of birth, no phone number.

The sub claim is a stable, app-scoped alias. It uniquely identifies this user inside your app without revealing anything about who they are elsewhere.

id_token claims
{
"sub": "ck_u_8a3f…9c1b", // pseudonymous alias, unique per app"iss": "https://auth.consentkeys.com", // issuer"aud": "your_client_id", // your application"verified": true, // identity confirmed by CK"age_gate": "18+", // optional — claim without DOB// ← no email · no name · no phone · no DOB}

Zero PII stored

Not on your server, not on ours

Revocable anytime

Users invalidate aliases in one click

Standard OIDC

Drop into your existing auth stack

See it in action

How it applies to your industry

The alias model works across any vertical that handles user identity. Explore common patterns below.

Use Cases

Built for your industry

See how ConsentKeys solves privacy challenges across different verticals.

Connect buyers and sellers without exposing either

The Problem

Traditional marketplaces store mountains of PII—names, addresses, payment details—making them prime targets for breaches.

The Solution

ConsentKeys enables trust between parties using verified aliases. Users transact securely while you never touch their personal data.

Connect buyers and sellers without exposing either
100%

Seller Verification

0

PII Records

For Developers

Get your API credentials.

Free tier. No credit card. Start integrating in five minutes.

Start Free

For Businesses

Talk to our team.

Enterprise plans. Custom compliance. White-glove onboarding.

Book a Demo