Appearance
Consent & Authorization Log Requirements
Document ID: PLCY-CON-001
Version: 1.2
Effective Date: January 21, 2026
Last Review: January 21, 2026
Owner: Hop And Haul Team
CONFIDENTIAL
This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.
1. Purpose
This document defines the consent and authorization logging requirements for Hop And Haul, ensuring all transport matches are based on explicit opt-in and that a complete audit trail exists for every transaction.
2. Consent Principles
2.1 Core Requirements
| Principle | Implementation |
|---|---|
| Affirmative consent | Driver must explicitly accept offer |
| Informed consent | Relevant details shown before acceptance |
| Revocable consent | Acceptance can be withdrawn until pickup |
| Documented consent | All consent actions logged with timestamp |
2.2 Why This Matters
- Prevents coercion claims
- Protects against "forced passenger" liability
- Critical for insurance underwriting
- Required for labor law compliance
3. Consent Flow
3.1 Request Phase
Requesting Driver (Passenger) Consent:
| Step | Action | Logged |
|---|---|---|
| 1 | Driver opens transport request | Request initiated |
| 2 | Driver enters pickup/dropoff details | Details captured |
| 3 | Driver submits request | Affirmative consent to be matched |
| 4 | System confirms submission | Request ID assigned |
Logged Fields:
{
"event_type": "request_submitted",
"driver_id": "[tokenized]",
"timestamp": "ISO8601",
"pickup_location": "[lat/long]",
"dropoff_location": "[lat/long]",
"time_window_start": "ISO8601",
"time_window_end": "ISO8601",
"reason_code": "[enum]",
"consent_type": "request_transport",
"consent_method": "app_submission",
"device_id": "[hashed]",
"ip_address": "[masked]"
}3.2 Offer Phase
Pickup Driver Consent:
| Step | Action | Logged |
|---|---|---|
| 1 | System identifies potential match | Match candidate created |
| 2 | Offer presented to pickup driver | Offer sent timestamp |
| 3 | Driver reviews offer details | Offer viewed timestamp |
| 4 | Driver accepts OR rejects | Decision logged |
Offer Details Shown (Pre-Acceptance):
- "Company driver needs transport"
- Approximate pickup point (fuzzed 1-2 miles)
- Drop-off direction (city/region only)
- Estimated delay impact
- Safety badge indicators
Logged Fields:
json
{
"event_type": "offer_decision",
"offer_id": "[uuid]",
"request_id": "[uuid]",
"offered_driver_id": "[tokenized]",
"offer_sent_at": "ISO8601",
"offer_viewed_at": "ISO8601",
"decision": "accepted|rejected|expired",
"decision_at": "ISO8601",
"consent_type": "accept_pickup",
"consent_method": "samsara_message|voice_acceptance|app_button",
"response_channel": "samsara_message|voice",
"raw_response_hash": "[hash of driver's response text]",
"offer_details_hash": "[hash of details shown]"
}Consent Method Values:
| Method | Description |
|---|---|
samsara_message | Driver replied YES/NO via Samsara Driver App |
voice_acceptance | Driver confirmed verbally during voice call |
app_button | Driver tapped Accept/Decline in app (deprecated) |
Response Channel Values:
| Channel | Description |
|---|---|
samsara_message | Response received via Samsara Messages API |
voice | Response received via voice call (fallback) |
4. Authorization Logging
4.1 Pre-Pickup Authorization
Once match is accepted, system logs authorization status:
{
"event_type": "authorization_check",
"match_id": "[uuid]",
"requesting_driver_authorized": true,
"pickup_driver_authorized": true,
"vehicle_authorized": true,
"insurance_verified": true,
"hos_verified": true,
"all_checks_passed": true,
"authorization_timestamp": "ISO8601"
}4.2 Required Log Fields per Transaction
| Field | Description | Required |
|---|---|---|
| transaction_id | Unique ride identifier | Yes |
| request_driver_id | Tokenized requesting driver | Yes |
| pickup_driver_id | Tokenized pickup driver | Yes |
| offer_timestamp | When offer was sent | Yes |
| acceptance_timestamp | When offer was accepted | Yes |
| acceptance_method | How consent was given | Yes |
| revocation_window_end | When consent becomes irrevocable | Yes |
| match_completion_status | Final outcome | Yes |
5. Revocation Rights
5.1 Revocation Window
| Party | Can Revoke Until | Method |
|---|---|---|
| Requesting driver | Pickup confirmed | Cancel request in app |
| Pickup driver | Arrival at pickup | Cancel acceptance in app |
5.2 Revocation Logging
{
"event_type": "consent_revoked",
"transaction_id": "[uuid]",
"revoking_party": "requesting_driver|pickup_driver",
"revocation_timestamp": "ISO8601",
"revocation_reason": "[optional code]",
"ride_status_at_revocation": "[status]",
"within_revocation_window": true
}5.3 Post-Revocation Actions
| Action | System Behavior |
|---|---|
| Request cancelled | Request returns to matching pool or closes |
| Acceptance revoked | Offer returns to other candidates |
| Both parties notified | Push notification sent |
| No penalty | Revocation does not affect rating |
5A. Driver Rights (per PLCY-COM-001 Section 7)
5A.1 Right to Decline
Drivers may decline any ride opportunity without explanation or penalty. This is logged as:
json
{
"event_type": "offer_declined",
"offer_id": "[uuid]",
"driver_id": "[tokenized]",
"decline_timestamp": "ISO8601",
"decline_method": "voice|samsara_message",
"penalty_applied": false,
"reason_required": false
}5A.2 Right to Pause
Drivers may request temporary removal from automated opportunity calls at any time. This is logged as:
json
{
"event_type": "driver_pause_requested",
"driver_id": "[tokenized]",
"pause_timestamp": "ISO8601",
"pause_duration": "indefinite|[duration]",
"request_method": "voice|app|support_call"
}Resume Logging:
json
{
"event_type": "driver_pause_ended",
"driver_id": "[tokenized]",
"resume_timestamp": "ISO8601",
"pause_duration_actual": "[duration]",
"resume_method": "driver_request|automatic"
}5A.3 Right to Review
Drivers may request a summary of their opportunity history upon request. This is logged as:
json
{
"event_type": "opportunity_history_requested",
"driver_id": "[tokenized]",
"request_timestamp": "ISO8601",
"date_range_requested": "[start]|[end]",
"request_method": "voice|app|support_call",
"fulfillment_timestamp": "ISO8601"
}6. Consent Audit Trail
6.1 Complete Transaction Log
For each ride, maintain chronological audit trail:
1. REQUEST_INITIATED - Driver submitted transport request
2. MATCHES_IDENTIFIED - System found compatible drivers
3. OFFER_SENT - Offer presented to candidate
4. OFFER_VIEWED - Candidate viewed offer details
5. OFFER_ACCEPTED - Candidate accepted offer
6. VALIDATIONS_PASSED - All pre-pickup checks cleared
7. PICKUP_CONFIRMED - Passenger in vehicle
8. RIDE_IN_PROGRESS - Tracking active
9. DROPOFF_CONFIRMED - Passenger delivered
10. RIDE_COMPLETED - Transaction closed6.2 Log Immutability
| Control | Implementation |
|---|---|
| Append-only | No modification of existing records |
| Timestamps | System-generated, not user-provided |
| Integrity | Cryptographic hash chain |
| Retention | 24 months minimum |
7. Legal & Compliance Framing
7.1 Labor Law Compliance
Voluntary Participation:
- Transport participation is never required
- Drivers may decline any offer without consequence
- No productivity metrics tied to acceptance rate
- No negative employment action for declining
Documentation:
- Consent logs demonstrate voluntary nature
- Revocation rights prove non-coercion
- No financial penalty for non-participation
7.2 Insurance Requirements
Consent logs provide evidence for:
- Mutual agreement to transport
- Awareness of transport terms
- Proper authorization chain
- No unauthorized passengers
8. Data Protection
8.1 PII in Consent Logs
| Field | Treatment |
|---|---|
| Driver IDs | Tokenized (reversible for ops) |
| Device IDs | Hashed (irreversible) |
| IP addresses | Masked (last octet removed) |
| Locations | Stored as coordinates only |
8.2 Access to Consent Logs
| Role | Access Level |
|---|---|
| Operations/Safety | Full |
| Drivers | Own records only |
| Auditors | Full (read-only) |
| Legal | On request with justification |
9. Reporting
9.1 Standard Reports
| Report | Frequency | Content |
|---|---|---|
| Consent rate | Weekly | Acceptance/rejection ratios |
| Revocation rate | Weekly | Cancellations by party |
| Authorization failures | Daily | Pre-pickup check failures |
| Audit completeness | Monthly | Log integrity verification |
9.2 Audit Queries
System supports queries for:
- All consent events for a driver (date range)
- All events for a transaction
- Aggregate consent patterns
- Authorization failure reasons
10. Document Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | [DATE] | [NAME] | Initial release |
| 1.1 | January 2, 2026 | Hop And Haul Team | Added new consent_method values for Samsara Messages integration: samsara_message, voice_acceptance. Added response_channel and raw_response_hash fields. Deprecated app_button method. |
| 1.2 | January 21, 2026 | Hop And Haul Team | Aligned with PLCY-COM-001 v3.0: Added Section 5A Driver Rights documenting Right to Decline, Right to Pause, and Right to Review per PLCY-COM-001 Section 7. Added logging specifications for each right. |