Digital Consents

What is a Digital Consent / Sign Page?

A Digital Consent is a contract generated in Syfish that allows you to collect legally valid consent from the people who appear in your photos or videos. Instead of relying on printed forms, email attachments, or scattered PDFs, the entire process happens digitally, from creation to signature to storage.

The sign page is the page signers see when they open the consent link or scan the QR code. It’s designed to be quick for signers to complete while still making the terms and purpose clear.

What the sign page includes

A typical sign page displays:

the consent text based on your chosen template
the purpose for which the images or videos may be used
required signer fields (name, email, and any additional fields you enabled)
your company’s privacy policy (if you added the smart tag Issuer Privacy Policy)
the digital signature field

Everything the signer enters is captured directly inside Skyfish, avoiding incomplete or mismatched paperwork.

What happens after signing

Once the signer completes the form:

Skyfish automatically inserts the signature into the consent
the signed consent is instantly returned to your Skyfish account
the signer receives a copy via email
the consent becomes available to link to your files immediately

No manual uploads or matching steps are required, as long as your template has been configured correctly.

How to Create a Digital Consent

1. Start a new consent

Go to “All Digital Consents” or “Created by Me”.
Click “Create Consent”.

2. Add basic details

Enter a title (this becomes the Digital Consent’s Project Name).
Add an optional description for internal reference.
Select an owner.
(Optional) Add reference text if your organization uses internal identifiers.

3. Select a template

Choose the consent template you prepared earlier.

4. Enter the consent purpose

Add the Consent Purpose.
If the purpose field is required in your template, you must complete it before proceeding.

5. Set the validity period

Define how long the consent remains valid.
Skyfish will automatically calculate the Contract Expiry Date based on this setting.

6. Configure child usage and legal age threshold

Decide whether this template can be used with minors, and choose accordingly between:

Adults only
Adults for self or child
Adults for child only

If children are included, set the legal age threshold by entering the age at which a person is considered an adult and can sign without parental/guardian consent.

7. Choose signer requirements

Decide which information signers must provide when signing:

Name (required)
Email (required)
Phone number (optional)
Selfie (optional)

Enable or disable these fields based on your organization’s needs.

8. Save the consent

Click “Save” to create the Digital Consent.

9. Share the consent with signers

Share the automatically generated URL or QR code with:
- the signer directly, or
- the photographer (if they are responsible for collecting signatures on-site).

How to Enter “Purpose” into a Digital Consent

The purpose defines exactly what the signer is consenting to. It must be clear, specific, and precise, so both your team and the signer understand how the images or video may be used.

What to Include in a Clear Purpose

Examples of well-defined purposes:

Use on our own communication channels (website, social media, newsletters, etc.)
Use in printed and digital marketing materials (posters, flyers, presentations, etc.)
Use in press coverage and editorial contexts
Sharing with our commercial partners for use in their marketing, communication, and advertising

Avoid vague descriptions. The more specific the purpose, the easier it is to manage compliant media use later.

Why Purpose Matters in Skyfish

The text entered in the purpose field becomes:

Searchable in Skyfish
Visible on all media linked to the consent
A filter you can use to find images cleared for a particular type of use

To quickly locate images cleared for a specific purpose, include keywords such as “social media,” “internal use,” “marketing,” and search for them in Skyfish later.

How the Purpose Fields Work

There are two potential purpose fields depending on your template setup:

Purpose for use in the contract (official purpose)
Purpose for internal use (internal-only purpose)

Which fields appear depends on whether the Consent Purpose smart tag is included in your template.

1. If the Consent Purpose smart tag is included in the template

You will see the field: “For use in the contract.”

This field is mandatory. What happens with this text:

It appears in the signed contract
It appears internally on media linked to the consent
It becomes searchable across Skyfish

Optional: Create a version for internal use

If you choose to add an internal version:

The contract purpose appears in the signed consent
The internal purpose appears on linked media
Useful when consent is in one language (e.g., English) but your team works in another (e.g., Danish), or when internal users need extra detail

2. If the Consent Purpose smart tag is not included in the template

You will only see: “For internal use”

This field is mandatory, because it controls what appears on media linked to the consent. What happens with this text:

It does not appear in the signed contract
It appears only on linked media
It remains searchable, letting you filter files by purpose keywords

How Purpose Impacts Search and Filtering

Skyfish treats the purpose text as searchable metadata.

This means, if your purpose text includes structured keywords such as:

“Social media”
“Internal use”
“Marketing”

…you can later search for those terms to instantly retrieve all files linked to consents allowing that type of use.

Example:
Search for “social media” → Skyfish shows all files linked to consents that include “social media” in the purpose.

How to Share QR Codes and Links to the Digital Consent with a Photographer

Photographers often collect signatures on-site, making it important for them to access the Digital Consent quickly and easily. Skyfish provides several tools that allow you to share the consent with photographers so they can distribute it directly to signers during photo shoots or events.

Sharing the Digital Consent Link

Each Digital Consent includes a unique URL. You can share this link with the photographer so they can send it directly to signers.

How to share the link:

Open the Digital Consent you created
Copy the Consent URL displayed at the top
Send it to the photographer via email, SMS, chat, or any internal communication tool

The photographer can then forward the link to individuals appearing in the photos.

Sharing the QR Code

Skyfish displays a QR code for every Digital Consent. This is ideal for photo shoots where people can scan and sign on the spot.

How photographers use the QR code:

Print it for placement at the shoot
Display it on a phone or tablet
Add it to signage or clipboards

Scanning the code opens the consent page on the signer’s device.

Using the QR Kit for On-Site Signature Collection

Skyfish also provides a downloadable QR Kit designed specifically for photographers and teams collecting many signatures in the field.

The QR Kit includes:

A print-ready PDF containing the QR code for on-site or field use
A sheet of QR codes ready to print as badges (ideal for large shoots, events, or group environments)

This makes it simple for photographers to set up a consistent, professional signing station.

When to use the QR Kit

The QR Kit is especially useful when:

Many people need to complete the consent quickly
Individual link-sharing is impractical
You want scannable badges for photographers, assistants, or participants
You need an easy, reusable setup for recurring locations or events

What the Photographer Needs to Know

When you share the QR code, QR Kit, or link with a photographer, make sure they understand:

How signers complete the consent

Signers open the link or scan the QR code
They fill in required fields (name, email, and any additional fields you enabled)
They review and accept your privacy policy (if included)
They sign digitally on their device

What happens after signing

The signed consent is automatically returned to Skyfish
No action is required from the photographer
You can view the consent immediately in “All Digital Consents”

The photographer never handles personal data. They only facilitate access to the consent form.

Best Practices for Photographers

To ensure smooth signature collection on-site:

Place the QR Kit clearly where signers can easily see it
Print and wear QR code badges for fast access
Keep the link saved on a phone as backup
Encourage signers to complete the consent before participating in photos
Ensure every identifiable person in the shoot has signed

Privacy Statement

Electronic Signatures Using Skyfish

Privacy Statement for those using Skyfish to electronically sign a document.

About Skyfish

Skyfish provides a secure platform that helps organizations manage media and collect electronic signatures in a GDPR-aligned manner. We implement strong privacy and security safeguards and process personal data only on instructions from the organization that issued the document.

Is it safe to sign with Skyfish?

Yes. Skyfish uses a trusted electronic-signature service provider whose technology meets EU requirements for security, privacy, and transparency. This allows organizations to collect Simple Electronic Signatures (SeS) in a reliable and protected way.

Are electronic signatures legally binding?

When you “Swipe to Sign” or “Long Press to Sign,” you create a Simple Electronic Signature (SeS). Electronic signatures can be legally binding under EU law, including Simple Electronic Signatures (SeS). Whether a signature is legally binding depends on the type of document and the laws that apply. You can read more about the legal validity of electronic signatures.

What happens when you sign?

When you sign a document through Skyfish, you agree to use an electronic signature for that document. The data controller (the organization requesting your signature) determines the legal basis for processing your personal data, which may include verifying the signature and maintaining an audit trail. Additionally, any information you enter into the document will be available to the issuing organization and any other signers, in line with the data controller’s configuration of the document.

Who is responsible for your data?

Skyfish acts as a data processor on behalf of the organization that issued the document (the data controller). The data controller decides what data is collected, the purposes for processing, and how long your data is stored. Skyfish processes personal data only according to the controller’s documented instructions, as defined in the data processing agreement.

What data does Skyfish process?

Skyfish may process and store the following information on behalf of the data controller.

Name
Email address
IP address
Photo (if required by the controller)
Phone number (if required)
Any additional personal data entered into the document by you or the controller
Any content uploaded by the controller and linked to your consent by the controller

Purpose of data processing

Skyfish processes personal data solely to provide the electronic-signature functionality and maintain the signature audit trail, in accordance with the controller’s instructions and our data processing agreement.

Consent withdrawal

If you have given consent to the use of your image or other personal data in the document, you have the right to withdraw that consent at any time. To do this, please contact the organization that issued the document (the data controller). Skyfish cannot process withdrawal requests directly, as we act only on the controller’s instructions.

The data controller also decides how long your data is stored and whether other legal grounds (for example, legal obligations or contractual requirements) mean some information must be kept even after consent is withdrawn.

Document handling

Documents are shown to signers and then packaged into a final signed version that includes verification data and metadata. Skyfish does not extract or analyze document content. All additional personal data contained in documents is determined by the data controller.

Templates

What is the “Template Gallery”?

The “Template Gallery” is Skyfish’s starting point for creating Digital Consent templates. It includes a small set of pre-built templates that give you a structure to work from. These are meant to save time, not replace your legal review. Treat them as starting points rather than final documents.

Why the “Template Gallery” exists

Skyfish provides the “Template Gallery” because most organizations prefer not to build every consent from scratch, yet they also don’t want to rely entirely on generic forms. The gallery strikes a balance: you get something usable immediately, but you still retain full control over the text.

How it works

From the “Template Gallery”, you can:

preview each template
duplicate a template to make your own version
assign a title, description, validity period, and language
edit the content freely
insert smart tags to automate data fields
add internal notes for your team

Once saved, your customized template appears under “Our Templates”, where it becomes available whenever you create a new Digital Consent.

What the “Template Gallery” does not do

It does not guarantee legal compliance.
It does not auto-fill your organization’s details.
It does not replace your need to review the content carefully.

It’s simply a structured way to get started faster, assuming you still verify the content internally.

How to Create Templates

Digital Consent templates allow you to standardize the structure and wording of your consent documents. You can either start with an existing template from the “Template Gallery” or create your own from scratch.

Create a Template via the “Template Gallery”

Step 1: Open the “Template Gallery”

Go to “Template Gallery” from the Digital Consent menu.

Step 2: Select a predefined template

Browse the available templates and select one that fits your needs.

Step 3: Duplicate the template

Click “Duplicate” to create your own editable version.
Assign the template:
- a title
- a description
- a validity period (if relevant for contracts)
- a language

Step 4: Edit your copy

The duplicated template will appear under “Our Templates”.
Open it to review and edit the text, smart tags, or structure as needed.

Create a Template from Scratch

Step 1: Start a new template

Go to “Our Templates”.
Select “Create template”.

Step 2: Replace the default content

Remove the placeholder text.
Copy/paste your own agreement text or write it directly in the editor.

Step 3: Insert Smart Tags

Add smart tags anywhere you need Skyfish to fill in information automatically when the consent is issued.
Typical examples include:
- Signer Name

- Signer Email

- Issuer Company Name

- Project Name

- Consent Purpose

- Contract Expiry Date

- Contract Issue Date

Step 4: Add optional elements

Use the Insert menu to add:

Internal notes (visible only to your team)

Step 5: Save your template

Click “Save”.
The template is now available under “Our Templates” when creating new Digital Consents.

How do Smart Tags work?

Smart tags allow Skyfish to automatically fill in key information when a consent is issued, signed, and stored. Using them correctly ensures consistent data, reduces manual entry, and keeps your consent workflow traceable and reliable.

List of Smart Tags

Contract Expiry Date: The date the consent stops being valid.

Skyfish calculates this automatically from the day the consent is signed, based on the validity period you set under “General Details”. The expiration date is then added to the smart tag in the consent.

Contract Issue Date: The date the consent was created or signed.

Issuer Company Name: The company issuing the contract.

This smart tag uses the name registered under “Skyfish Settings” → “Company details”. If you want a different company name to appear in the consent, either:

update the company name in Skyfish, or
remove the smart tag and type the name manually into the template.

Issuer Privacy Policy: A link to your company’s privacy policy.

As the data controller, you must make this available to signers. If your privacy policy is online, add the URL under “Consent” → “Settings” → “Digital Consent”. Skyfish will automatically link the smart tag to that URL.

Project Name: The title of the Digital Consent created from the template.

Every signed consent returned to the system will be stored under this name.

Signer Email: The signer’s email, entered on the sign page before submitting. Required.

Signer Name: The signer’s name, entered on the sign page before submitting. Required.

Signer Phone: The signer’s phone number, if you choose to require it.

If enabled, the signer must provide the number before signing.

Consent Purpose: The purpose for which the signer grants permission to use the relevant images or videos.

See additional guidance below.

Guidance on Using Smart Tags

1. Use smart tags for all dynamic information

Smart tags ensure the correct information is inserted when the consent is created, issued, and signed. They reduce errors and keep data consistent.

2. Color coding for clarity

Green smart tags relate to the Signer
Blue smart tags relate to the Issuer

Signer tags are filled in by the signer. Issuer tags are filled in automatically from your Skyfish settings.

3. How signer information is collected

Signer Name and Signer Email are always required.
Signer Phone and a selfie can be required if needed.

All signer tags are filled in directly by the signer on the sign page.

4. How issuer information is filled

Issuer tags pull data from:

Your Skyfish company profile
Your Consent settings
The specific Digital Consent you created

If a specific field must not be autofilled (e.g. you want a different company name), leave out the smart tag and type the information manually.

Guidance on the “Consent Purpose” Smart Tag

Why you should always use this tag

If you include the Consent Purpose smart tag in your template:

The purpose text entered during Digital Consent setup will automatically appear in the signed consent.
The same purpose will also show in the information pop-up and download notes on all linked media, helping ensure materials are used correctly.
Skyfish search can filter consents by purpose using keywords from this field.

Alternative purpose for internal use

You can specify an alternative internal purpose.
This is helpful when:

The official consent is written in one language
Your team needs to view the purpose in another language

In this setup:

Official purpose appears in the consent
Internal purpose appears in pop-ups and download notes

If you don’t use the “Consent Purpose” smart tag

Purpose becomes mandatory during Digital Consent setup.
You will need to enter the alternative internal purpose manually.

Guidance on Contract Dates

Contract Issue Date

Contract Issue Date: Automatically filled when the consent is created/signed.

Contract Expiry Date

Contract Expiry Date: Automatically calculated from the day the consent is signed and based on the validity period you define.
This date:

Defines when the consent is no longer valid
Helps ensure compliant media use
Enables Skyfish to send expiration alerts and automatically block downloading of expired media

GDPR Requirements for Creating a Legal Consent

Creating a legally valid consent requires more than a signature. GDPR sets specific conditions that must be met before consent can be considered lawful. Skyfish helps you structure and manage the process, but you still control whether the content you create actually meets GDPR standards.

Below is a summary of the core requirements normally expected under GDPR when collecting consent for image use.

Consent must be informed

Signers must understand:

who is collecting their data
what the images/videos will be used for
where the material may appear
how long the consent is valid
how they can withdraw their consent

If this isn’t stated clearly, the consent may not meet GDPR expectations.

Consent must be specific

A vague “for communication purposes” statement rarely satisfies GDPR. Purpose must be:

concrete
narrowly defined
directly tied to the images being used

Skyfish supports this by letting you define a Consent Purpose, but the clarity of that purpose is still your responsibility.

Consent must be freely given

Signers must have a genuine choice. If signing feels mandatory or tied to access to a service, the consent may not hold up.

Consent must be unambiguous

There must be a clear, affirmative action, which the digital signature provides. Skyfish handles this part (assuming your template is correctly written).

Consent must be easy to withdraw

GDPR expects withdrawal to be as easy as giving consent. This means your template must include:

a clear explanation of how to withdraw
the correct email address or contact point

Skyfish does not insert withdrawal instructions for you, so you must add these manually.

Consent must be documented

Skyfish stores the signed Digital Consent and makes it linkable to files, which supports auditability. If consent is withdrawn, you are expected to:

keep a record (by exporting the signed document before deletion)
stop using any affected media

Skyfish enforces the “stop using the media” part by blocking downloads when the consent is removed.

What Skyfish provides vs. what you must provid

Skyfish provides:

the structure
the signature workflow
the storage
the linking functionality
the automated download blocking
the consent lifecycle management tools

You provide:

the template text
the purpose definition
the privacy policy link
the withdrawal contact
internal compliance procedures

Skyfish cannot determine whether your template meets GDPR requirements, but it gives you the tools to manage the consent properly once you have it.

Adding Your Own Privacy Policy

As the data controller, you are responsible for informing signers about how their personal data is processed. Skyfish allows you to add your company’s privacy policy to your Digital Consents so signers can review it before signing.

Why You Need to Add Your Privacy Policy

Under data protection rules (including GDPR), signers must be informed about:

how their data will be used
who is responsible for the processing
how to contact the data controller
their rights regarding data access, deletion, and objection

Adding your own privacy policy ensures this requirement is met and keeps your consent workflow compliant.

How to Add Your Privacy Policy

Step 1: Prepare your Privacy policy

Make sure your privacy policy is available online in a stable, accessible location (e.g., your website or as a shared link in Skyfish).

Step 2: Add your policy URL in Skyfish

Go to “Consent” → “Settings” → “Digital Consent”
Enter the URL of your privacy policy in the designated field
Save your changes

How the Privacy Policy Smart Tag Works

When you include the Issuer Privacy Policy smart tag in a consent template:

Skyfish will automatically insert a link to the URL you added in your settings
The link will appear in the final consent document shown to signers
Signers can click the link to read your full privacy policy before approving the consent

Signers Must Accept Your Privacy Policy Before Signing

When the privacy policy URL is added and the smart tag is included in your template:

Signers will be required to accept your privacy policy before they can complete the signature
This ensures that each signer has been informed about your data-handling practices
The acceptance is recorded as part of the consent workflow

This provides an additional layer of compliance and transparency in your Digital Consent process.

Adding Your Own Company Logo

You can personalize your Digital Consent documents by adding your company logo. The logo will appear on every consent form created from your templates, helping you keep your branding consistent.

How to Add Your Company Logo

Step 1: Prepare your logo file

Make sure your logo is saved in a web-friendly format such as PNG or JPEG.

Step 2: Upload the logo in Skyfish

Go to “Consent” → “Settings” → “Digital Consent
Find the Company Logo section
Upload your logo file
Save your changes

Collecting Signatures

Legal Validity of eSignatures

Are eSignatures legally valid?

Yes. Electronic signatures are legally valid in most parts of the world, including all 27 EU member states.

Skyfish enables organizations to collect Simple Electronic Signatures (SeS) through a trusted third-party provider whose services meet the requirements set out under EU eIDAS standards for security, transparency, and integrity.

eIDAS and Electronic Signatures (EU)

Skyfish itself is not a certified trust service provider under the eIDAS Regulation. However, the trusted signature service used within Skyfish is compliant with EU trust-service requirements. This allows Skyfish to support organizations in collecting Simple Electronic Signatures (SeS) in a secure and verifiable manner.

This means that:

Organizations can use Skyfish to collect Simple Electronic Signatures suitable for everyday business and communication workflows.
The signature provider generates the electronic evidence needed to demonstrate who signed, what was signed, and when the signature was created.
Skyfish stores this evidence as part of the document package, in line with the data controller’s instructions. Skyfish does not validate or certify signatures.

Under eIDAS, different types of electronic signatures exist (Simple, Advanced, and Qualified). Skyfish currently supports Simple Electronic Signatures (SeS).

What about countries outside the EU?

Many jurisdictions recognise electronic signatures in a way broadly similar to the EU approach. For example:

United States: ESIGN and UETA recognise electronic signatures if the signer consents and the signature is logically associated with the document.
United Kingdom: The UK eIDAS framework continues to recognise electronic signatures in much the same way as the EU rules.
Canada, Australia, New Zealand, and many countries in Asia and Latin America also have laws recognising electronic signatures.

While Skyfish’s signature process aligns with widely accepted principles—such as signer intent, integrity of the record, and traceability—you should check local requirements if signatures will be used outside the EU. Laws vary significantly between jurisdictions, and Skyfish cannot guarantee legal validity outside the EU.

Are there exceptions?

Yes. Certain document types may still require handwritten signatures, such as:

Real estate transactions
Wills and testaments
Family law and inheritance documents
Particular government forms
Documents requiring notarization

Skyfish is not intended for these types of documents.

If you are unsure about legal validity for a specific use case or jurisdiction, you should consult a legal professional.

Important notice: Skyfish is not a law firm, and this article should not be relied on as legal advice.

How to Get Signatures on the Digital Consent

Skyfish makes it easy to collect legally valid digital signatures. Once the signer completes the consent, Skyfish automatically inserts the signature at the bottom of the document and returns the signed consent directly to your account..

Share the Digital Consent With Signers

After creating and saving your Digital Consent, Skyfish provides multiple ways to distribute it:

Option 1: Share the URL

Copy the unique link from the consent page
Send it directly to the signer via email, message, or another communication channel

Option 2: Share the QR code

Download or screenshot the QR code
Provide it to the photographer or show it on-site
Signers scan the QR code to open the consent form on their own device

Option 3: Share the URL

Along with the link and QR code, Skyfish also lets you download a QR Kit, which includes:

A print-ready PDF containing the QR code for on-site or field use
A sheet of QR codes ready to print as badges

The QR Kit is designed for photographers or teams collecting signatures in person. It ensures signers can easily scan and access the Digital Consent without staff needing to manually send links.

What the Signer Does

When the signer opens the link or scans the QR code, they will:

Review the consent text
Fill in required information (name, email; phone number or selfie if required)
Accept your privacy policy (if included via smart tag)
Sign digitally on their device

Skyfish automatically inserts the signature into the document.

How do I collect a minor’s signature?

A parent or legal guardian will sign for minors who can’t provide legally valid consent on their own. When the signer opens the link or scans the QR code, they will:

Review the consent text
Fill in required information about themselves and the minor (name, email; phone number or selfie if required)
Accept your privacy policy (if included via smart tag)
Sign digitally on their device

Once they sign, the completed consent is returned to Skyfish as usual.

What the Signer Does

As soon as the signer submits the form, the fully signed Digital Consent is returned to your Skyfish workspace.

You do not need to upload or import anything manually.

You can continue working by linking media to the consent or reviewing signer details.

What Happens in Skyfish When a Digital Consent Is Signed

When a signer completes a Digital Consent, Skyfish processes and stores the information automatically. This ensures signatures are traceable, auditable, and ready to be linked to media.

1. The Signed Consent Returns Automatically

Once the signer submits the consent:

- The signed document is uploaded directly to your Skyfish workspace
- It appears under “All Digital Consents” and under “Created by Me” (for the owner)
- No manual import or upload is needed

2. Skyfish Adds Key Contract Details

Skyfish automatically assigns and stores the following information:

Contract Issue Date

Contract Issue Date: The date the consent was created or signed.

Contract Expiry Date

Contract Expiry Date: Calculated automatically based on the validity period you defined when creating the Digital Consent.

Signer Information

Collected from the sign page:

Name
Email
Phone number (if required)
Selfie (if required)

All information is stored securely within the consent record.

3. The Consent is Ready for Use with Media

Once returned, the consent is immediately available for:

Linking to images and videos in Skyfish
Displaying purpose information in pop-ups and download notes
Enabling expiration alerts and download blocking when the consent expires
Appearing in Skyfish search (based on purpose text and metadata)

This ensures compliant usage over time.

4. Expiration Alerts and Download Blocking

If a consent has an expiration date and is linked to media:

Skyfish will notify you as the date approaches
Media linked to an expired consent will automatically be blocked from download
This helps maintain GDPR-aligned usage of image material

How Does the Signer Get a Copy of the Signed Consent

Signers automatically receive their own copy of the Digital Consent they have signed. Skyfish handles this process for you to ensure transparency and proper documentation.

Signers receive the completed consent automatically

Immediately after the signer completes the digital signature:

Skyfish sends the signer an email containing a copy of the fully signed consent
The document includes the digital signature and the details they submitted
The signer does not need a Skyfish account to receive or view the file

This ensures signers always have access to documentation of what they agreed to.

What the signer sees in their copy

The signer’s copy of the consent includes:

The full consent text
Their personal information (name, email, phone number/selfie if required)
The date and time of signature
The company information you provided
The signature applied at the bottom of the document
(If used) a link to your privacy policy

This provides complete transparency about the terms and use of their data.

No additional configuration required

As long as:

the consent includes required signer fields
the signer submits a valid email address

Skyfish automatically handles the entire delivery process.

You do not need to upload, export, or send anything manually.

Managing the Consent Lifecycle

How to Link Files to a Signer’s Digital Consent

Linking files to a signed Digital Consent ensures that photos and videos are used with the correct permissions. Once a file is linked, Skyfish shows the consent information on the file and applies the relevant rules, including purpose display and expiration.

Before linking files

If a photo or video includes more than one identifiable person, you must collect a signed consent from each individual before linking the file to anyone in Skyfish. This protects you from using material where only partial consent has been collected.

Skyfish does not detect who is in a file. You choose which consents should be linked.

Finding the correct consent

Go to “Digital Consents” → “All Digital Consents” and open the consent you want to use. Make sure the consent has been signed and is active. You’re now ready to link files.

Locating your files

Open “Skyfish Drive” and find the photos or videos you want to link. You can select one file or several files at the same time.

Use folders or search if you need to narrow down the results.

Linking files to a consent

With the file(s) selected, open the “File Info” panel. Click on “Link Consent” and search for the relevant Digital Consent. Once selected, the consent will be linked to the chosen file(s).

What Skyfish shows after linking

When a consent is linked, the file’s information panel displays:

the linked Digital Consent
the purpose (or internal purpose, if used)
the Contract Expiry Date

This helps your team understand how the file may be used.

Skyfish also enforces rules automatically:

files with expired consents are blocked from download
expiration alerts help you stay ahead of renewals

Files with multiple people

If a file contains more than one person, link each person’s signed consent to that file. Skyfish will show all linked consents in the file’s Consent panel. If any required consent expires, download access for the file will be blocked until the consent is renewed.

Editing or reviewing linked consents

At any time, you can open a file and view all consents linked to it. From the “Consent Overview” panel, you can:

remove outdated consents
add new consents
confirm expiry dates
check which permissions apply

Skyfish updates everything immediately, keeping your usage compliant.

What to Know About Withdrawing Consent

Individuals have the right to withdraw their consent at any time. When this happens, the consent must no longer be used and any linked files must be treated as unapproved. The most accurate way to handle withdrawal in Skyfish is to delete the signed Digital Consent.

Deleting the consent immediately removes its effect across all linked media.

How withdrawal works in Skyfish

To process a withdrawal, simply delete the signed Digital Consent.

This action:

removes the consent from your library
breaks all existing links between files and that consent
causes all previously linked files to become unconsented
blocks download of those files automatically
ensures no one can accidentally reuse the invalid consent

This approach reflects the actual meaning of withdrawal: the signer no longer grants permission.

If you need to retain documentation for legal reasons, export a copy of the signed consent before deleting it and store it in your internal systems.

What happens to linked files

Once the consent is deleted:

files remain visible in Skyfish
files are blocked from download
consent-purpose information no longer appears on the files
any future use of the material requires a new signed consent
you can link the files to a new consent at any time

Skyfish does not delete the media; it ensures the media cannot be used without a new valid consent.

How signers withdraw consent

Withdrawal requests are made directly to your organization. Skyfish does not receive or process these requests.

Include the correct withdrawal contact in your templates

When creating a consent template, add the email address signers should use to request withdrawal.

This address is not added automatically and should point to the team responsible for handling such requests (e.g., privacy, communications, support).

Recommended workflow for withdrawal

When you receive a withdrawal request:

verify the request
open the relevant signed Digital Consent
export it if you need an internal record
delete the consent in Skyfish
confirm that all previously linked files are now blocked
collect a new consent if the material will be used again

No additional steps in the Skyfish system are required.

Internal considerations

Teams using the material should be informed that:

the consent has been withdrawn
the linked media can no longer be used
published content may need to be evaluated or removed depending on context

This helps prevent accidental use of unapproved material.

Tips on Managing Consent

Skyfish Consent helps your team understand exactly how images may be used, no matter whether the consent was created through the Digital Consent workflow or uploaded as a regular consent. The system uses clear indicators and download rules to prevent misuse and make consent boundaries visible across your media library.

Helping your team use images correctly

Skyfish shows consent status directly on images using three indicators:

Active consent

Expired consent

No consent required

When an image has active consent, users will see the purpose and expiration date before downloading.

If the consent is expired, the image appears faded out and cannot be downloaded, ensuring it isn’t used accidentally.

If no consent is required, the image displays the “no consent required” icon and can be downloaded freely.

These indicators apply to both:

files linked to a Digital Consent, and
files managed through the regular (uploaded) consent workflow.

Finding all files affected by a consent

When a consent expires or is ended early (for example, by deleting it after a withdrawal), Skyfish automatically prevents downloads and disables share links and PowerPoint embeds so the material cannot be used accidentally.

In the consent overview, you can instantly see all images linked to a particular consent. The number of linked files is shown under the “Files” column. Click the number to view the full list of linked images. From here, you can unlink one file or remove all links if needed.

This makes it easy to review which images are affected and ensure they are no longer used once the consent is no longer valid.

Managing access to consent details

To protect personal data, consent documents are restricted.

Only admins and consent admins can access the full consent overviews
Users cannot open the original consent files, whether PDF uploads or Digital Consent documents
Admins can fill in or edit the purpose and expiration date for uploaded consents
Users only see the essential information needed for proper image use (purpose and expiry)

This keeps personal data secure while still giving teams the guidance they need.

Images that do not require consent

Some images do not require consent, such as:

Stock images
Images with no identifiable people
Images used only for internal communication
Images that fall under specific legal exceptions

Admins can mark an image as “No consent required” in the File Info panel.

Once set:

The “no consent required” icon appears
The file is treated as cleared for use
Team members can download it without restrictions

This helps avoid confusion when browsing mixed collections.

Using existing consent PDFs already stored in Skyfish

If you have older or manually signed consent forms stored in Skyfish as PDFs, you can still incorporate them into the consent workflow.

To add them:

Right-click the PDF
Select “Convert to consent”
(Optional) Choose a consent folder to store it in
The consent will appear in the Consent overview and be placed in the selected folder (if chosen)
Admins can then assign purpose, expiration, and link the consent to files

This makes it easy to transition from legacy consent handling to the newer system without losing existing documentation.

Keep Consents Organized with Folders

Consent folders help you organize your manually added consents in a folder structure—similar to your Skyfish Drive. You can group consents by photo shoot, purpose, department, expiration date, and more.

How to create a folder

Go to “Consents”
Click “Add a Folder” in the left sidebar
(Optional) Add a description so you can see context and details without opening each consent

You can also create a folder when you upload new consents or when you convert existing files to a consent.

How to add consents to a folder

After you create a folder, you have three options:

1) Upload a consent directly to a consent folder

Open the folder you want
Click “Upload consent” on the top right side of your Consent overview

2) Move a single consent from Consent overview to a folder

Go to Consent overview
Either:

Hover over the Folder field for the consent and click the + icon, or
Select the consent and click “Move to Folder” in the top-right corner

3) Move multiple consents to a folder at once

Go to Consent overview
Simply select the consents you want to move
Click “Move to Folder” on the top right corner

Working with both digital and regular consents

Skyfish supports both consent types seamlessly:

Digital Consents
- Issued online
- Signed digitally
- Auto-returned to Skyfish
- Used for linking and lifecycle management
Regular (uploaded) consents
- PDFs from external workflows
- Uploaded manually
- Converted using “Convert to consent”
- Fully supported within the same tools

Everything, including icons, expiration handling, download blocking, and file linking, works the same across both types.