Onboarding is a compliance event. Treat it like one.
One link or QR code. Identity verified, consent collected, documents exchanged — in a single guided flow on their phone. Every step signed and auditable. No app. No integration. No IT department.
Five tools, two weeks, no compliance trail
CCPA requires notice at collection. HIPAA requires written consent for medical records. State privacy laws are multiplying — and your onboarding process scatters consent across email threads, PDF attachments, and paper forms that can't be searched, verified, or produced in discovery.
- CCPA requires a 'notice at collection' disclosing categories of personal information collected and the business purpose — a generic privacy policy link doesn't satisfy the requirement
- HIPAA requires written authorisation before sharing protected health information — a checkbox on a web form may not meet the 'written' standard without proper audit records
- State privacy laws (Virginia, Colorado, Connecticut, and counting) each have their own consent and notice requirements for onboarding
- In litigation, the first question is 'can you prove what the person agreed to?' Without a tamper-proof record, the answer is usually no
One flow. Every step. Auditable forever.
The person scans a QR code or clicks a link and completes identity verification, consent, and document exchange in a single journey
Scan and go — no app, no integration
Print a QR poster for your reception desk. Send a link by email. Embed it on your website. The person opens it in their browser — no download, no account creation, no IT department on your end. Works on any phone, any browser.
Identity verification built in
Email-only for a gym membership. Full KYC with document verification for a financial advisory client. The flow adapts to the template — same infrastructure, different assurance levels. You choose; they complete.
Granular consent, not a wall of text
Each data practice gets its own toggle: what you collect, why, who sees it, how long you keep it. Required purposes are locked. Optional ones are clearly marked. The person chooses — and you have a record of every choice.
Documents in the same flow
Contracts, certificates, ID scans — exchanged within the consent flow. No separate upload portal. No 'please email us a scanned copy.' Encrypted in transit, linked to the consent record, stored per your retention policy.
Watch them complete it
Real-time progress: who started, which step they're on, who finished. Drop-off analytics show where people abandon. Channel attribution shows whether your QR poster, email link, or website embed converts better.
Proof that holds up
Every consent decision is Ed25519-signed and hash-chained. The record includes what was disclosed, when they consented, and which version of the terms they saw. Merkle-anchored every 15 minutes. Export as JSON any time.
How it works
Pick a template
Choose from 6 industry templates — client intake, patient registration, member enrollment, student registration, tenant screening, vendor qualification. Pre-configured consent purposes, identity levels, and compliance settings.
Share a link
Generate a QR code, send an email link, or embed on your website. Every link is tracked — scan counts, channel attribution, conversion rates.
They complete it
Phone or laptop. Verify identity, review each data practice, toggle consent choices, submit. Average completion: under 3 minutes.
You have proof
Signed, timestamped, hash-chained. Exportable, machine-readable, regulator-ready. No filing cabinets. No 'I think they signed something.'
Before and after
Without Overturo
- Identity check in system 1, consent form in system 2, documents in system 3, CRM in system 4, compliance notes in system 5
- Average onboarding time: 8-14 business days per person
- Staff spend 40+ hours per month on onboarding admin
- 23% of prospects abandon before completing all steps
- Consent records scattered across email, PDFs, and filing cabinets
- Regulator asks for proof — you need 3-5 days to find it
- Paper waivers challenged in court — no proof of what was shown
With Overturo
- One link. One flow. Identity, consent, documents, and audit trail in a single guided journey
- Average completion time: under 3 minutes on any phone
- Staff spend zero time chasing forms — the flow is self-service
- Completion rates above 90% — no extra logins, no app downloads
- Every consent record signed, timestamped, and searchable in one place
- Regulator asks for proof — export the full trail in under 60 seconds
- Digital signatures with hash-chained audit trail — tamper-proof by design
Works everywhere you meet someone new
Financial services
KYC identity verification, AML consent, third-party referral disclosure, data sharing agreements. Your compliance officer gets a signed consent trail for every client — searchable by name, date, or purpose. The FCA audit that used to take a week now takes an afternoon.
Healthcare
Patient intake: treatment consent, medical records access, emergency contacts, research opt-in. Each purpose has its own legal basis (vital interest for emergency, explicit consent for research). HIPAA-aware. Parental consent flow for minors. Integrates via webhooks.
Fitness & wellness
Liability waivers that hold up in court — with the exact text shown, the timestamp, and a digital signature. Members see the terms before creating an account (consent-first flow). Marketing opt-in is a separate toggle, not buried in paragraph 12. Your 6am regulars never see it again.
Education
Student registration with guardian consent for under-16s. Academic records transfer consent (FERPA-aware). School policy acknowledgment as a separate informed-consent step — not a checkbox at the bottom of a form. COPPA-compliant age verification for younger students.
Property & lettings
Tenant screening starts with explicit consent for background checks, credit checks, and reference collection — before the check is run, not after. Every authorisation is timestamped and signed. When a tenant disputes a check, you can prove they consented on March 15th at 2:47pm.
Enterprise & procurement
Vendor qualification with data processing agreements, NDA acknowledgment, compliance documentation, and regulatory disclosure. Multi-party signing for contracts that need a CFO and a legal officer. One flow replaces a 47-email thread and a shared Google Drive folder.
Three ways to start onboarding
Choose what fits your workflow — or use all three
QR code
Print a poster. Mount it at reception. Clients scan with any phone camera — the flow loads in their browser. Track which posters get the most scans. Replace the poster any time without changing the link.
Email link
Send a personalised onboarding link. They click, they complete, you get notified. Bulk-send to 50 people at once. Each link tracks who opened it and who finished.
Website embed
Embed the flow on your website as an iframe, popup, or redirect. Publishable key authentication — no backend integration. Styled to match your brand. The person never leaves your site.
Built for US privacy compliance
State-level privacy laws are multiplying. One consent infrastructure covers all of them.
Onboarding included in every plan
Free plan: 1 flow, up to 25 people per month. Paid plans: unlimited flows, QR tracking, progress analytics, document exchange, and priority support.
"We onboard clients across 8 states, each with different privacy requirements. Before Overturo, our legal team spent more time on consent paperwork than on actual legal work. Now clients complete the whole flow on their phone, and we have state-specific compliance records for every one of them. Our malpractice insurer loved it — our premium dropped 18%."
— General Counsel, multi-state financial advisory firm (45 employees)
The five-tool scramble ends here
Pick a template. Share a link. Start onboarding people in minutes, not weeks. No credit card required.