Knowledge Hub / Governance & Compliance

Consents & Compliance

A comprehensive guide to MyAthlete's legal agreement management system. Learn how to deploy version-controlled policies, enforce digital non-repudiation, and automate your club's compliance groups.

The Consents app replaces fragile paper trails and basic "checkboxes" with a robust compliance and legal agreement system. It is built to handle the complexities of club-level consent requirements with high legal integrity and zero-admin automation.

1. Centralized Definitions & Precision Targeting

Not every member needs to sign every policy. MyAthlete allows you to define high-level consent requirements (e.g., "Photography Consent", "Medical Waiver") and scope them dynamically.

  • Entity Scoping: Target agreements specifically at direct Users/Members (staff, coaches), individual Athletes, or Families (parents responsible for multiple dependents).
  • SmartGroup Resolution: Link a consent requirement to a SmartGroup. The app resolves the audience in real-time—meaning a "National Squad Travel Waiver" only appears for athletes who actually qualify for the National Squad.

2. Version Lifecycle & Expiry Logic

As club policies evolve, your tracking system must keep up without losing historical data.

  • Draft vs. Published: Create newer versions (e.g., "2026 Update") as drafts. Members only interact with the latest Published version, integrating directly with DuckDocs for long-form content.
  • Force Re-acceptance: Administrators can trigger an expire_previous_versions flag, instantly invalidating old responses and requiring members to sign the new terms upon their next login.
  • Advanced Expiry: Deploy Rolling Expiry (valid for 12 months from the date of signature) or Fixed Date Expiry (all club consents expire universally at the end of the competitive season).

Absolute Security: Digital Signatures & Non-Repudiation

To ensure total legal enforceability, the system captures a forensic digital footprint for every "GIVEN" response. It logs the signer's IP address and User Agent. Crucially, the engine generates a SHA-256 Signature Hash that permanently binds the consent content, target entity, timestamp, and IP. Any database manipulation of these variables would immediately break the hash validation, ensuring absolute non-repudiation.

3. Automated Group Compliance

The ConsentGroupConfig engine acts as an automated compliance officer, linking consent status directly to group membership through two distinct modes:

  • Mandatory (Informational) Mode: Flags the requirement on user dashboards for tracking expectations, maintaining a clear audit trail without enforcing hard technical blocks.
  • Assignment (Active Inclusion) Mode: Automatically ADDS members to a specific operational group once they provide consent (e.g., populating the "Photography Permissions" gallery group). If the consent expires or is revoked, the system instantly purges them from the group.

4. The Bottom Line: Legacy vs. MyAthlete Consents

Feature Legacy Standard MyAthlete OS
Legal Enforceability Simple boolean checkboxes in a database. SHA-256 hashed digital signatures with IP/User Agent tracking.
Policy Updates Overwriting old text; losing historical consent records. Multi-version support with automated forced re-acceptance.
Targeting Manual lists or "everyone must sign." Dynamic SmartGroup resolution.
Access Control Manual checking of who signed what. Automated Assignment Mode syncing based on live consent status.