1. What is the single biggest mistake companies make with call compliance?

The most common and costly mistake is calling or texting a wireless number for marketing purposes using an automated system without first obtaining prior express written consent. Simply having a business relationship is not enough; the standards for automated marketing are extremely high.

2. How long do I need to keep proof of consent?

You should keep detailed records of consumer consent for at least five years. The statute of limitations for a TCPA claim is four years, and keeping records for five years provides a safe buffer to defend against any potential lawsuits.

3. Can I legally call a lead I bought from a third party provider?

Yes, but only if the lead provider obtained prior express written consent that is legally sufficient and specifically names your company as a recipient of that consent. You must perform due diligence and validate that the consent is real and documented.

4. How can I ensure compliance with call consent rules on an ongoing basis?

The best approach involves a combination of technology, training, and process. Use systems that have compliance built in, conduct regular staff training on all relevant rules, maintain meticulous records of consent and opt outs, and perform regular audits of your practices. Staying on top of regulatory changes is also crucial.

5. What’s the difference between the National DNC Registry and my company’s internal DNC list?

The National DNC Registry is a federal list for consumers who don’t want to receive telemarketing calls from any company they don’t have an established business relationship with. Your internal DNC list is specific to your company; it contains the numbers of anyone who has directly asked your business to stop contacting them. You must honor both.

How to Document Consent for Inbound Leads — And Why It Matters

When a lead fills out your web form and you call them back within seconds, the last thing on your mind is documentation. You’re focused on getting them on the phone before they call someone else.

But if you ever get a complaint — even a baseless one — the first question anyone asks is: “Can you prove they consented to be contacted?”

Most businesses can’t answer that confidently. Here’s how to make sure you can.

Why Consent Documentation Is Different for Inbound Leads

There’s a common misconception that consent documentation is only a problem for companies doing outbound cold calling. It’s not.

Any time you follow up with a lead — even one who submitted your form — you’re initiating contact. The TCPA gives consumers the right to dispute that contact. The burden of proof is on you to show they consented.

The good news is that inbound leads are already in a stronger consent position than cold call targets. They came to your website. They filled out a form. They asked to be contacted. The documentation piece is about making sure you can prove that — not about manufacturing permission you don’t have.

What Consent Documentation Actually Requires

A checkbox on your form and a row in your database aren’t enough. If a consumer disputes a call, “we have a record they submitted the form” is a weak defense without supporting evidence.

Strong consent documentation for inbound leads includes:

The exact moment of submission. A timestamp accurate to the second, including time zone, recording when the form was submitted.

The language the person agreed to. A record of the exact consent disclosure shown on the form at the time of submission — not a generic version of your current form language, but what they actually saw.

Visual evidence. A screenshot or session record of the form as it appeared to the lead. This matters because forms change. If you update your consent language six months from now, you need to be able to show what the form said on the day a specific lead submitted it.

IP address. A record of the IP address associated with the submission, which helps establish that a real person submitted the form from a specific location.

Storage duration. The TCPA has a four-year statute of limitations. Keep consent records for at least five years to be safe.

Assembling all of this manually is impractical. It’s also error-prone. One missed record, one form update without version tracking, and your documentation has a gap.

This Is Exactly What TrustedForm Does

TrustedForm is a consent documentation tool built by ActiveProspect. It runs quietly in the background of your web form and creates a certificate at the exact moment a lead submits — capturing everything listed above automatically.

Each TrustedForm certificate includes:

A precise timestamp of the submission
The consent language the lead saw on the form
A visual replay of the form session
The IP address of the submission
A shareable URL you can access if a compliance question ever arises

Certificates can be retained for up to five years. If a complaint comes in about a specific lead, you pull up the certificate for that submission and have everything you need in one place.

Leverly works with TrustedForm and helps clients get it implemented on their forms. If you’re already using a comparable consent documentation tool, Leverly works with that too. If you’re not using anything yet, getting TrustedForm in place is one of the first things worth doing before you scale your lead response volume.

Your Form Language Has to Hold Up

TrustedForm captures what your form says — but it can’t fix form language that’s legally insufficient. Before you rely on documented consent, make sure the consent language on your form is actually doing its job.

Compliant consent language for inbound lead forms needs to:

Name your business specifically. Vague language like “you may be contacted by our partners” is no longer sufficient under current TCPA interpretations. The form needs to name the company that will be calling.

Disclose that automated technology may be used. If Leverly AI might call the lead, the form should say that calls may be made using automated technology.

State that consent is not a condition of purchase. The lead needs to know they don’t have to agree to be contacted in order to receive your services.

Be clear and visible. The consent language can’t be buried in fine print below a submit button. It needs to be readable and proximate to where they’re giving consent.

A simple, plain-language version: “By submitting this form, you agree that [Business Name] may contact you by phone, including using automated technology, about your inquiry. This is not a condition of purchase.”

If your current form doesn’t say something close to that, update it before you scale anything.

What Happens After the Form Submits

Once consent is documented, the follow-up itself needs to respect a few rules regardless of how fast you’re moving.

Call during permitted hours. Calls to leads should only go out between 8 a.m. and 9 p.m. in the lead’s local time zone. Leverly handles this automatically.

Honor opt-out requests immediately. If a lead asks not to be contacted again, that request needs to be processed instantly and suppressed across all your systems — not added to a spreadsheet someone reviews on Fridays.

Disclose if calls are recorded. If Leverly or your team records calls, the lead should hear a brief disclosure at the start of the call. Federal law requires one-party consent, but roughly a dozen states including California and Florida require all parties to agree. A simple opening statement covers both.

The Recovery Report as Your Ongoing Audit Trail

Consent documentation covers the front end — proving a lead asked to be contacted. But compliance also requires knowing what happened after that.

Every morning, Leverly delivers a Recovery Report covering the previous day’s inbound activity. It shows which leads were contacted, which appointments were recovered, which calls need follow-up, and what’s still open. That’s not just useful for your team — it’s a documented record of your follow-up activity that answers the second compliance question: not just “did they consent?” but “what did you do after they did?”

Together, TrustedForm on the front end and the Recovery Report on the back end give you a complete paper trail from form submission to outcome.

A Practical Consent Documentation Checklist

Before you scale your inbound lead volume, make sure these are in place:

Web forms have clear, specific consent language naming your business
Consent language discloses automated technology and states it’s not a condition of purchase
TrustedForm (or comparable tool) is implemented and capturing certificates at submission
Consent certificates are being retained for at least five years
Your team knows how to access a specific lead’s consent certificate if needed
Opt-out requests are processed automatically and immediately
Calls go out only during permitted hours in the lead’s local time zone
Call recording disclosures are included at the start of recorded calls

Frequently Asked Questions

Do I need TrustedForm to use Leverly? No — TrustedForm is not required to use Leverly. It’s a separate tool by ActiveProspect that Leverly recommends and helps clients implement. If you already have a comparable consent documentation solution in place, that works too. If you have nothing currently documenting consent at form submission, TrustedForm is worth setting up before you increase your lead response volume.

What if my form doesn’t currently have compliant consent language? Update it before you scale. The consent language on your form is the foundation of your documentation. TrustedForm captures what your form says — if the language is insufficient, the certificate won’t protect you. A plain-language disclosure that names your business, mentions automated technology, and states consent isn’t a condition of purchase is a solid baseline.

How long do I need to keep consent records? The TCPA has a four-year statute of limitations. Most compliance advisors recommend keeping records for five years to be safe. TrustedForm certificates can be retained for up to five years.

What counts as a valid opt-out request? Any clear request to stop being contacted — whether said on a call, sent via text, or submitted through a form. You cannot require a lead to use a specific channel to opt out. The request needs to be honored immediately and suppressed across all your systems.

Can Leverly help me set up TrustedForm? Yes. Leverly works with TrustedForm and helps clients implement it as part of the onboarding process. Bring it up when you book your demo and we’ll walk you through what’s needed for your specific setup.

If your team is missing leads because they can’t always get to the phone, that’s a fixable problem. Hear a real call to see how Leverly AI sounds — or hit the button below to book a 15-minute walkthrough.