Feature · Medspa consent forms software
Delam is medspa consent forms software that captures digital consent forms for medspas at booking, stores encrypted signed records with an electronic signature plus timestamp plus IP metadata, supports a patient-revocable flow, and maintains an audit trail compliant with PHIPA, PIPEDA, HIPAA, CPSO, and CNO. Paper goes away. Legacy platforms bolt consent on as an add-on; Delam's membership-first medspa OS ships digital consent forms as a first-class primitive linked to every appointment, every Botox consent, filler consent, and laser consent, and every before/after photo consent, in English and French.
Why digital consent forms
Paper consent fades, gets lost, and cannot prove the patient actually read the disclosures. CPSO and CNO expect clinics to demonstrate informed consent with timestamps, disclosure acknowledgments, and a clear revocation path (CPSO Policy 3-15, 2024). A clipboard at the front desk fails every one of those tests.
Digital consent forms for medspas are faster (average 2 minutes vs. 9 minutes for paper, Delam customer panel, Q1 2026), legally equivalent under PIPEDA Part 2 and the LCCJTI, and they create the forensic record that defends the clinic in a CPSO complaint. Delam's medspa consent forms software enforces capture at the moment of truth: the appointment will not start without a valid electronic signature.
2 min
Avg. completion
vs. 9 min paper (Delam panel, Q1 2026)
<60s
Revoke-to-invalidate
Delam SLA on signed URLs
7 yrs
Immutable audit trail
PHIPA O. Reg. 329/04
How it works
Consent is a first-class primitive in Delam's membership-first medspa OS, not a bolt-on. Here is every surface where the software captures, validates, and records a signed form.
Step A
Consent is requested inside the booking flow, on the website, in the branded patient app, and at the AI front desk. The appointment cannot be confirmed without a signed treatment consent linked to the chosen treatment and provider.
Step B
30+ templates cover every aesthetic vertical: Botox consent, filler consent, laser consent, body contouring, PRP, microneedling, chemical peel, IV therapy, GLP-1, and more. Each is drafted from CPSO, CNO, and Health Canada guidance and reviewed annually.
Step C
Every signature is captured with a timestamp plus IP metadata, user agent, device fingerprint, consent version, and jurisdiction. That record is legally equivalent to a wet-ink signature under PIPEDA Part 2 and the LCCJTI.
Step D
Patients revoke any consent from the branded app or a signed email link. Revocation is logged, downstream automations halt, signed URLs invalidate, and the clinic admin is notified within 5 minutes.
Step E
Photo consent lives on its own PhotoConsent record with a scope field (internal chart / clinic marketing / public social) and a name-publication toggle. The requirePhotoConsent middleware gates every upload.
Step F
Every consent event is written with auditPHIAccess() to an append-only ledger retained seven years per PHIPA O. Reg. 329/04 and CPSO Policy 4-12. Exportable as CSV or JSON for regulatory review.
Consent audit · end-to-end
Consent lifecycle · CONS-4812
Fri, Nov 14 2024
Sent
10:58 AM
Opened
11:02 AM
Signed
11:04 AM
Locked (immutable)
11:04 AM
Templates
Every Botox consent, filler consent, and laser consent ships in English (en-CA) and French (fr-CA), with provider-level clauses and a version log. Brand with your logo, add your medical director's sign-off, and launch the same day.
Botox consent, Dysport, Xeomin, and Jeuveau. Dosage units, injection sites, post-care, and contraindication clauses are captured per treatment.
Hyaluronic acid, Sculptra, Radiesse, Bellafill filler consent, with vascular occlusion disclosure and hyaluronidase reversal plan.
IPL, CO2, Fraxel, Morpheus8, BBL, Clear + Brilliant laser consent. Fitzpatrick skin type, photoprotection, and post-care clauses.
CoolSculpting, Emsculpt, Sofwave, Ultherapy consent. PAH disclosure and realistic-expectation acknowledgments.
NAD+, Myers' cocktail, glutathione, B12. Screening disclosures, dose logs, and adverse-reaction protocols.
Semaglutide, tirzepatide. Screening, titration schedule, contraindications, and informed refusal.
Chemical peel, microneedling, PRP, sclerotherapy, and skinboosters. Informed-refusal options included.
Scoped release: internal chart only, clinic marketing, or public social. Name-publication toggle and revocation channel.
Before/after photo consent
A patient who signed a Botox consent did not automatically consent to their photo on Instagram. Delam's medspa consent forms software enforces the split at the data layer.
The PhotoConsent record captures scope (internal chart only, clinic marketing, public social), a name-publication toggle, the revocation channel, and full timestamp plus IP metadata. Uploads are blocked by the requirePhotoConsent middleware unless a valid non-revoked consent exists, which closes the CPSO advertising-rules gap that paper and generic EMRs leave wide open.
When a patient revokes, the asset is hidden from marketing surfaces, signed URLs invalidate within 60 seconds, and downstream automations lose access immediately. The audit trail retains the event for the full seven-year retention window, so you can prove both that the photo was consented and that the revocation was honoured.
PhotoConsent scope
Revocation and audit trail
Every consent event (view, sign, revoke, edit) is written with auditPHIAccess() into an immutable ledger retained seven years (PHIPA O. Reg. 329/04, § 6). Fields captured: staff ID, patient ID, action, IP, user agent, jurisdiction, purpose, and consent version.
Exports as CSV or JSON for a complaint response, Information and Privacy Commissioner audit, or internal QA review.
01
From the branded app or a signed email link, no phone call, no form to fill.
02
Delam writes the revocation timestamp, IP, and device to the consent record.
03
An immutable ledger entry captures staff ID, patient ID, action, jurisdiction, and consent version.
04
Marketing pulls the photo, website embeds expire, and signed URLs invalidate within 60 seconds.
05
Drip campaigns, AI suggestions, and review requests lose access to the revoked asset immediately.
06
Clinic admin receives a notification within 5 minutes with a direct link to the revoked record.
Compliance deep-dive
Medspa consent forms software must satisfy several overlapping regimes. Delam applies the most protective standard per field, per jurisdiction, and per patient. Details below. Full policies on request (see Canada).
Proof
1m 54s
Avg. consent completion
Median sign-to-submit time across Botox consent, filler consent, and laser consent.
Source: Delam customer panel, Q1 2026
0.3%
Revocation rate
Signed consents revoked within 90 days of capture. Every one is honoured in under 60 seconds.
Source: Delam production data, 12-clinic cohort
7 yrs
Audit-log retention
Append-only. Zero hard deletes. Exportable as CSV or JSON for a complaint response.
Source: PHIPA O. Reg. 329/04, § 6
“Consent used to be a clipboard at the door. Now it's signed before the patient even parks, linked to the appointment, and one tap to revoke, our CPSO file has never looked cleaner.
FAQs
The full platform, booking, EMR, memberships, loyalty, AI, payments.
Tiered ladders, rollover credits, Stripe billing.
Points on visits, referrals, reviews, birthdays.
24/7 call handling with Law 25 disclosure.
PIPEDA / Law 25 / PHIPA compliant.
PHI-grade records, consent at booking, before/after tracking.
Get started
Replace separate e-signature tools and paper in one afternoon. 30+ templates, bilingual, CPSO-ready.
Related: EMR · Medspa software · Memberships · Canada
