To obtain consent, merchants must ask customers for explicit, opt‑in consent before any personal contact details (e‑mail, phone, marketing preferences) are stored or used. To record consent, consent is logged as a digital record (timestamp, merchant ID, terminal ID) that is searchable for audit and compliance purposes. When a revocation request is received, the platform deactivates the consent flag and purges the associated personal data (e‑mail, phone) while keeping the receipt itself for audit purposes.