Consent capture, per-buyer consent metadata, opt-out scrubbing, and an audit log on every lead touch. Built for the 2023 FCC one-to-one consent ruling and designed to support the compliance work your counsel requires.
Per buyer
Consent metadata
IP + UA + time
Captured at intake
Every touch
Audit trail
The Rules
The Telephone Consumer Protection Act (47 U.S.C. § 227) governs marketing calls, auto-dialed calls, and SMS to consumer phones. These are the obligations that land on every lead operator.
Prior express written consent. Marketing calls and SMS to cell phones using an automatic telephone dialing system or a prerecorded voice require prior express written consent from the consumer. The consent has to be clear, conspicuous, and tied to a specific disclosure about what the consumer is agreeing to receive.
Specifically-named seller. The FCC's 2023 declaratory ruling (FCC 23-107) made the seller-naming requirement explicit. Consent has to be tied to a named seller, not a generic list of unspecified marketing partners. This one change effectively ended the shared-consent lead model that the industry ran on for years.
National and internal DNC scrubbing. Numbers on the federal Do-Not-Call registry cannot receive telemarketing calls. Every seller also has to maintain an internal DNC list of consumers who asked that company to stop contacting them. Both lists have to be honored before a call goes out.
Calling-hours restrictions. Telemarketing calls are restricted to 8am through 9pm in the local time of the called party. Lead routing that ignores the caller timezone produces calls that violate this window, and state-law variations are often tighter.
Damages. TCPA is a private right of action. Statutory damages run $500 per violation and up to $1,500 per willful violation, with no cap. Plaintiffs' firms aggregate violations across class actions, which is how a compliance miss turns into a seven-figure exposure very quickly.
How Lead Router Helps
Six capabilities that support the compliance work your operation has to do. These are controls, not claims of compliance on your behalf.
Every submitted lead carries a consent timestamp, IP address, user agent, the exact consent language shown on the form, and the campaign ID. These fields are stored on the lead record and never overwritten. When a consent-defense question comes up months later, the record already has what you need to answer it.
The 2023 FCC one-to-one consent ruling shifted the industry away from shared-consent lists. Lead Router supports buyer-specific consent metadata so each sale can be tied to the specific seller the prospect agreed to be contacted by. If a prospect agreed to a list of five named buyers, the lead can carry that list into routing.
Buyer-level and platform-level suppression lists filter leads before routing. SMS STOP replies are processed and recorded. National DNC integration points let you plug in a scrubbing provider and apply the result to every routed lead. Internal do-not-contact lists are honored across campaigns and buyers.
Campaigns can gate delivery by local time using the area code or the submitted zip to infer the prospect timezone. The default 8am to 9pm calling window maps to TCPA restrictions. Buyers that miss their window see the lead routed to the next eligible buyer instead of being delivered out of hours.
Every lead event (ping, sale, delivery, return, scrub, dispute) is written to an append-only log with the actor, timestamp, and payload. This is what a subpoena response looks like: pull the lead, pull the log, export the consent fields, done. Nothing is silently mutated behind the scenes.
Full lead records including consent metadata, routing decisions, and the event log export as JSON or CSV. When counsel asks for the record on a specific prospect, the export is one query. No screen-scraping, no reconstructing state from logs, no data stuck in a vendor format you cannot read.
Consent Certificates
Consent-certificate products sit upstream of the routing platform. Lead Router is designed to carry their output, not replace it.
Many buyers, especially in insurance and financial services, require a TrustedForm certificate or an equivalent consent-proof artifact on every lead they buy. TrustedForm is an ActiveProspect product that records a session on the intake page and issues a certificate URL the buyer can inspect later.
If your buyers require TrustedForm, integrate ActiveProspect or LeadConduit upstream of Lead Router. The certificate URL can be captured on the intake form as a custom field and passed into Lead Router on lead submission. Lead Router stores the certificate URL on the lead record, forwards it to buyers that expect it in delivery, and preserves it in the audit log.
Lead Router does not issue TrustedForm certificates, and it does not replace TrustedForm. The two systems sit together: ActiveProspect proves the consent happened, Lead Router routes the lead and keeps the proof attached to the record downstream.
Honest Limits
TCPA compliance is a shared-responsibility model. These are the parts that sit outside the routing platform.
TrustedForm certificates are issued by ActiveProspect. Lead Router accepts and stores the certificate URL if your intake form captures one, but it does not issue certificates itself.
DNC scrubbing is an integration point. Lead Router supports plugging in a scrubbing provider and applying the result, but it does not maintain its own DNC data set or scrub by default.
The consent language, checkbox placement, and disclosure on your intake page are your responsibility. Lead Router records what the form says the prospect saw, but it cannot validate that the form itself is TCPA-compliant.
TCPA is actively litigated and the regulatory landscape shifts. Lead Router gives you the architectural controls to support compliance. Your qualified TCPA counsel decides what compliance looks like for your operation.
FCC 23-107
What changed, and why the industry spent the last year rebuilding intake.
In December 2023, the FCC issued a declaratory ruling (FCC 23-107) that closed what the Commission called the lead-generator loophole. The ruling required that prior express written consent be given to one specific seller at a time, not to an unnamed list of marketing partners on a generic comparison site.
The practical effect: the shared-consent model where one checkbox authorized contact from dozens of unspecified buyers is no longer defensible. Compliant intake has to name the buyer or buyers the consumer is agreeing to be contacted by, and the lead operator has to carry that named-seller data through to the call or SMS that actually goes out.
Lead Router supports this model by storing per-buyer consent metadata on the lead record. When a prospect consents to a named list of buyers, the lead carries that list into routing, and routing only considers buyers on the list. The architecture is in place. The consent language on your intake page is still the piece your counsel has to sign off on.
Frequently Asked
The questions buyers and operators ask before running traffic through Lead Router.
Is Lead Router TCPA compliant?
Lead Router captures the consent metadata and audit log that TCPA defense depends on, and it supports the per-buyer consent model required by the 2023 FCC one-to-one ruling. TCPA compliance itself is a shared-responsibility model across the lead operator, the routing platform, and the intake page. Your counsel decides what compliance looks like for your operation. Lead Router gives you the controls.
Does Lead Router provide TrustedForm?
No. TrustedForm is an ActiveProspect product. If your buyers require TrustedForm certificates, integrate ActiveProspect or LeadConduit upstream of Lead Router on your intake form. Lead Router accepts the TrustedForm certificate URL as a custom field, stores it on the lead record, and forwards it in delivery so the buyer has the proof attached.
What consent data does Lead Router capture?
Every lead carries a consent timestamp, the IP address of the submitting device, the user agent string, the consent language that was shown on the form, the campaign ID, and the list of buyers the consent covers when the intake supplies it. These fields are stored on the lead record, included in the audit log, and exported in full on data export.
How does Lead Router handle the 2023 FCC one-to-one ruling?
Lead Router supports per-buyer consent metadata on every lead. When a prospect consents to a named list of sellers, the lead carries that list into routing, and only buyers on the named list are eligible. This lets operators align routing to the specific sellers the consumer agreed to. The intake-page consent language itself is still the operator responsibility.
What about DNC list scrubbing?
Lead Router has built-in support for internal suppression lists at the buyer and platform level, and SMS STOP replies are recorded automatically. National DNC registry scrubbing is supported through integration with a scrubbing provider. Lead Router does not maintain its own national DNC data, so operators plug in a scrubbing service and the result is applied to every routed lead.
Legal Disclaimer
This page is informational and does not constitute legal advice. TCPA is an actively litigated area of federal and state law, and the regulatory landscape continues to shift. Operators running marketing traffic should consult qualified TCPA counsel before relying on any architectural control, vendor, or platform for compliance defense. Lead Router provides technical capabilities that support compliance work; it does not certify any operator as compliant.
Built for the New Rules
Consent metadata on every lead, per-buyer consent fields, an audit log your counsel can pull on demand, and data export in a format a legal team can actually use.
No credit card required. All features included from day one.