Prove it on demand
A regulator or auditor can demand proof of lawful consent for any (category, purpose) at any time. Logs you could have edited prove nothing.
A driver's license for data access. The data never leaves you; Agreely proves the consent, on demand, and honors revoke and erasure.
Quebec's Law 25 turned consent into an obligation you must defend. An organization has to show, after the fact, that consent was given for a specific (category, purpose), that it was honored while active, and that it stopped the moment it was withdrawn. A checkbox in a database cannot prove any of that.
A regulator or auditor can demand proof of lawful consent for any (category, purpose) at any time. Logs you could have edited prove nothing.
Consent lives as a boolean in an app database: easy to overwrite, impossible to prove untouched, and disconnected from the code that touches the data.
Withdrawal of consent has to take effect on the very next use, and the right to erasure has to actually destroy the readable claim, not just promise to.
Law 25 requires consent asked for each purpose, presented distinctly from any other information. A single "I accept all" is without effect, and proving otherwise is on you.
An individual concerned can ask for access to their information, a copy, and its release in a structured, commonly used technological format. You have 30 days to answer, after which the request is deemed refused.
Faced with a confidentiality incident, you must assess the risk of serious injury, notify the Commission and the individuals concerned with diligence, and keep a register. Without a reliable record of who consented to what, scoping it is guesswork.
Law 25 places personal-information protection in the hands of a named person in charge, whose contact details are public, and puts the burden of proof on the enterprise. Accountability is not a promise: it is a person who must answer, article in hand.
Agreely covers every step of an information's life cycle: disclosure at collection (art. 8), consent asked for each purpose (art. 14), proof on demand, withdrawal and erasure (art. 23), governance through the responsable and the register, then audit through a tamper-evident access log. Your information stays with you: Agreely is the proof and accountability layer, not a new data store.
Every step leaves proof bound to the article it satisfies.
Versioned, signed documents carry the purposes, means, rights, and withdrawal.
Law 25 art. 8 / 14Consent is asked for each purpose, separately.
Law 25 art. 14Withdrawal is honored on the very next check.
Law 25 art. 8 al. 1 (4)Every access and disclosure is recorded, anchored, and verifiable by the regulator.
Law 25 art. 18 al. 2 / 27Erasure destroys the key that makes the claim readable.
Law 25 art. 23Signed receipts demonstrate lawful consent, after the fact.
Law 25 art. 3.1Agreely delivers what Law 25 truly demands: a tamper-evident access log, versioned consent documents, attested offline consent, and a complete governance suite.
Named responsable, confidentiality-incident register, and privacy policy, in one suite. Proof, audit, and accountability; your information never leaves your systems.
Agreely turns a yes-or-no consent question into a signed, anchored proof anyone can check later. The synchronous check stays off-chain; the chain only ever carries the proof.
Define the (category, purpose) cells your product needs consent for.
Ask the citizen for exactly those cells with a request your company key signs.
The citizen consents on their own device, producing a signed receipt.
The commitment is anchored so the record is tamper-evident forever.
Wrap any data use in a single check(). It resolves one (customer, category, purpose) to a synchronous allow or deny, reading a single indexed record. First-party SDKs for TypeScript and PHP, plus a CLI.
import { Agreely } from "@agreely/sdk";
const agreely = new Agreely({ apiKey: process.env.AGREELY_API_KEY! });
// One call. Fail-closed by default.
const ok = await agreely.check("cust_8812", "Phone number", "Billing");
use Agreely\Client;
$agreely = new Client(getenv('AGREELY_API_KEY'));
// One call. Fail-closed by default.
$ok = $agreely->check('cust_8812', 'Phone number', 'Billing');
export AGREELY_API_KEY=agr_live_xxx # the only setup an agent needs
agreely check cust_8812 "Phone number" "Billing" --json
# -> {"decision":"allow","status":"active"} exit 0
curl -s https://api.agreely.ca/v1/check \
-H "Authorization: Bearer $AGREELY_API_KEY" \
-H "Content-Type: application/json" \
-d '{"customerId":"cust_8812","category":"Phone number","purpose":"Billing"}'
If Agreely cannot be reached, the answer is deny. A revoked, expired, erased, or never-granted cell is always false.
One env var and --json gives pure JSON on stdout with stable exit codes that separate an outage from a denial.
One synchronous read of a single indexed cell. Fail-closed with stable exit codes.
Show, don't ask to be trusted. For each relevant article of the act (P-39.1), the obligation and the Agreely capability that meets it.
Citations verified against the official text of the Act respecting the protection of personal information in the private sector (chapter P-39.1). For information only, not legal advice.
Every grant produces artifacts an auditor can recompute and check on their own. The cryptography, not the company, is what makes the record stand up.
Consent roots, revocations, and identity commitments are anchored so the record cannot be quietly rewritten. The chain is proof, never the read path; the check never touches it.
Each grant is a signed receipt built from published standards. Anyone with the artifacts can recompute and verify it offline, without trusting Agreely.
Law 25's right to erasure (art. 23) is a real destruction, not a promise. Erasing a cell destroys the secret that makes its claim readable, while the surviving cells still verify.
The citizen identity is opaque and tenant-less, and never carries a company's customer reference. Agreely cannot re-identify a person across the companies they consent to.
Agreely's citizen app hands you every consent as a signed receipt, kept on your own device. See what you agreed to, withdraw it whenever you want, and check that a receipt is genuine yourself. No passwords.
Every consent becomes a cryptographic receipt kept on your device. The app installs to your home screen like any app.
Withdraw a consent with your passkey (Face ID or Touch ID). The withdrawal is honored from the very next check.
Confirm a receipt is authentic and untampered, without having to trust Agreely or anyone else.
Your identity is a passkey tied to an opaque identifier. No company can correlate you from one to another.
The citizen app lives at my.agreely.ca and installs to your home screen like an app (PWA).
Here for a business? Book a meeting
Four tiers in Canadian dollars. Every tier includes on-chain anchoring, verifiable receipts, crypto-shred erasure, per-tenant encryption, and Canadian data residency. You move up by active records and seats, never by how often you check.
For high volumes and contractual requirements. Dedicated stack and a negotiable SLA.
Integration, onboarding, and training. Our team helps you connect Agreely to your systems and trains your teams to use it.
The questions we hear most about Quebec's Law 25, consent proof, and where Agreely fits.
Law 25 is the common name for Quebec's overhaul of personal-information protection ; in the private sector it amends the P-39.1 act (Act respecting the protection of personal information in the private sector). Phased in between 2022 and 2024, it requires valid consent, stronger rights for the individual concerned, and documented accountability. Any person carrying on an enterprise that collects personal information in Quebec is subject to it.
Yes. Article 14 requires manifest, free and informed consent, given for specific purposes and “asked for each of those purposes”. A single “accept all” box that bundles several uses is non-compliant: consent not asked separately for each purpose is without effect. When the request is made in writing, it must also be presented distinctly from any other information given to the individual concerned.
Law 25 puts the burden on the enterprise to show it obtained valid consent ; collecting consent is easy, but proving it after the fact is what is required. A checkbox in a database you could have edited proves neither when consent was given, nor for which purpose, nor that it was honored until withdrawal. Consent proof is a verifiable record, bound to the specific purpose (art. 8 and 14), that a regulator or auditor can check on demand.
Article 8 requires that, at collection and in plain and clear terms, you inform the individual concerned of the purposes, the means used, their rights of access and rectification, and their right to withdraw consent. Where applicable, you must also name the third party on whose behalf collection is made, the categories of recipients, and the possibility of a communication outside Quebec. On request, you add the categories of persons with internal access, the retention period, and the contact details of the person in charge of personal-information protection.
The individual concerned can ask for access to their information and a copy (art. 27), ask to rectify inaccurate information (art. 28), and withdraw consent at any time (art. 8, para. 4). Computerized information collected from them must, on request, be released in a structured, commonly used technological format (art. 27, al. 3). The person in charge must answer in writing, with diligence and within 30 days at the latest ; failing that, the request is deemed refused (art. 32).
Yes. Article 3.1 places personal-information protection in the hands of a person in charge ; by default this is the person with the highest authority in the enterprise, who may delegate the function in writing. That person's title and contact details must be published, notably on the enterprise's website. The named person answers access requests and carries accountability, article in hand (the statutory term is “responsable de la protection des renseignements personnels”, not “DPO”).
Once the purposes of collection are accomplished, article 23 requires the enterprise to destroy the personal information or anonymize it according to best practices, subject to any retention period set by law. In Quebec, “anonymized” sets a strict bar: the process must be irreversible, which is distinct from mere de-identification. Cessation of dissemination and de-indexing (art. 28.1) cover what the public often calls the “right to be forgotten”, but that is not the statutory term.
Agreely is the proof and accountability layer: it asks consent for each purpose, produces a signed, verifiable receipt, and honors withdrawal and erasure on the very next check. Your information stays with you ; Agreely does not become a new store of your personal information, it proves consent on demand and keeps a tamper-evident access log. Agreely does not on its own guarantee your compliance: it tools specific obligations (art. 8, 14, 23, 27, 3.1), while your policies, deadlines, and internal practices remain yours and your legal counsel's.
For information only, not legal advice.
Start with the one-call mental model, then read the protocol that makes every grant verifiable, revocable, and anchored.
View the protocol