Rethinking Consent for AI Apps
Exploring Just in time consent in an AI chatbot
- Role
- UX/UI DesignerUX Researcher
- Timeline
- 4 weeks
- Tools
- FigmaTally
Personal · Case Study · 2025
Clarity is a privacy-first conversational AI for managing daily stress and anxiety. Most AI wellness apps request broad permissions at onboarding, before users have any reason to trust the product. Clarity replaces that pattern with contextual consent: data is requested only at moments where the value of sharing is immediately clear.
Estimates based on survey data: 72.7% of participants preferred permissions requested only when needed.
Onboarding drop-off
↓ 15–25%
Friction is delayed until value is demonstrated, reducing early abandonment.
30-day retention
↑ ~15%
Users are more likely to continue when they feel informed and in control.
Voluntary consent rate
45–60%
Users enable features because they understand the benefit before being asked.
A survey of 22 participants found that users do not ignore consent because they do not care about privacy. They ignore it because current consent patterns feel overwhelming and unavoidable.
The leading AI wellness apps make the same mistakes in different ways: requesting data before demonstrating value, failing to explain why information is needed, and blurring the line between AI and human contact. Each pattern erodes trust before it has a chance to form.
The design question shifted from "how do we get consent" to "when and how do we ask so users actually want to say yes."
Safety-First Boundaries
The bot avoids emotional mimicry and human role-play to reduce perceived manipulation. It states clearly that it is an AI from the first interaction and does not blur that boundary.
Calm Communication
Responses are supportive, neutral, and use plain language. Urgency and dependency cues are avoided by design. The product supports without fostering reliance.
User Control
Consent is never assumed. Users are reminded they are in control of what the system remembers, and every permission can be reviewed or revoked at any time.
Clarity replaces upfront consent barriers with conversational requests for data only when it becomes meaningful to the user.
A competitive audit of leading AI wellness apps confirmed how widespread the problem is.
| App | First 60 seconds | Trust breakdown | Opportunity |
|---|---|---|---|
| Wysa | Asks emotional context immediately | No clear data explanation | Explain privacy at the moment data is needed |
| Woebot | Requests personal background early | Value not demonstrated first | Prioritize value exchange before data request |
| Replika | Creates emotional bond instantly | Blurred AI and human boundaries | Explicitly define AI identity |
Before any consent pattern could work, the product needed to establish who it is and what it will not do. Clarity is built on three language constraints that hold across every interaction.
Clarity uses
- "You are in control of what I remember."
- "This is optional."
- "I am an AI, not a human counselor."
Clarity avoids
- "I know exactly how you feel."
- Any phrasing that pressures users into enabling features or sharing data.
Before requesting any data, Clarity establishes identity and intent. The first interaction declares that it is an AI, not a human counselor, and outlines what it will and will not do. Trust is built through transparency before any feature is shown.
Memory is never requested before value is demonstrated. After a helpful exchange, Clarity asks: "Would it help if I remembered this?" The request is tied to the user's own words. If the user declines, the conversation continues without friction.
Memory is requested only after the system demonstrates a benefit tied to the user's own language.
Advanced tracking is only offered after a concrete behavioral pattern is identified. The pattern is the evidence, the opt-in is the ask. Clarity names what it observed before asking permission to track it. No tracking begins before the user understands exactly what they would be enabling.
When high-risk language is detected, all consent logic pauses. Emergency resources appear immediately and take full priority. The system does not attempt to engage further. It connects the user to help and steps back.
In crisis moments, safety overrides all other interactions.
A centralized space where users can review, control, and revoke consent at any time. Nothing is hidden, and removing a permission never breaks core functionality.
Full visibility
Every active permission is listed with a clear explanation of why it was granted and what it enables.
Granular control
Users can revoke individual permissions without affecting unrelated features.
Safety always accessible
Crisis tools remain available regardless of consent state. Safety is not a feature that can be turned off.
The prototype focuses on Pattern 2: Clarity requests memory only after a helpful exchange, allowing the consent moment to be observed in context. Both acceptance and refusal paths are fully designed.
Privacy-centered design becomes a compounding trust advantage, not a tradeoff. When users feel in control, they are more likely to opt in, stay longer, and engage more deeply.