How we get your signed consent — and why it isn't a tick-box

Q: Where is my signature stored, and who can see it?

Your signature image is stored in our Supabase database (UK / EEA data residency). Access is restricted to Chase Monro Claims Ltd staff working on your claim, plus the two parties you authorised: Valid8 IP Ltd for the soft credit search, and your lender via the Letter of Authority.

Q: Can I see the consent record you hold for me?

Yes. You can request a copy of every consent record we hold under your name — signature image, timestamp, IP address, user agent, and the exact wording you agreed to. Send the request via the contact route on our privacy policy.

Written by, Mark Henry on May 17, 2026

Trust Consent How It Works

In short: We never sign anything on your behalf. At step 5 of the eligibility check, you draw your signature on screen with a mouse or finger — no typed names, no pre-fills. You tick two required consent boxes (credit check, privacy policy) and one optional one (marketing). At the moment you sign, we capture your IP address, the timestamp, your device fingerprint, and the exact wording of the consent you agreed to. You have a 14-day statutory cooling-off period from the date of signing, and you can request the full consent record we hold for you at any time.

Why this page exists

The loudest complaint about UK claims companies in consumer forums isn’t about fees. It’s “I never actually signed up.” Pre-filled signatures. Auto-ticked boxes. Forms that capture a name typed into a field and call it a signature.

That’s not how Total Claim works, and this page exists to prove it. Below is the actual flow — quoted from the form code, not from a marketing brochure — so you can see what we ask for, what we record, and what we do not do. If you want to verify any of this for yourself, every quoted line on this page is text you will see on screen when you reach step 5 of the eligibility check, and you can stop at that step before signing anything.

Under UK data protection and FCA rules, informed consent means three things in plain English:

You know what you’re agreeing to.
You actively agree to it — not by default, not by a pre-ticked box, not by silence.
We can prove later that you agreed, by showing the record.

The opposite of explicit consent is the pattern you’ve probably seen elsewhere: a box that’s already ticked when the page loads, a name typed into a “signature” field, or wording buried in a confirmation email after the fact. None of that meets the standard, and none of it is what happens here.

The exact step-by-step at step 5

The eligibility check has nine steps. The signature and consent moment is step 5. Here is what you see on screen.

A signature you draw, on your device

The signature box is an HTML5 canvas. You draw inside it — with a mouse, a trackpad, or your finger on a phone screen — and the form captures the image you actually drew. The microcopy under the box reads:

“Sign above using your mouse or touch screen”

There is no option to type your name in a font that looks like handwriting. There is no pre-filled signature. The form’s validation layer accepts one signature type, and that type is drawn. If you don’t draw anything, the form cannot move past this step.

If your first attempt looks wrong, there’s a Clear button next to the canvas. Hit it, redraw, and you’re back where you started. There’s no penalty and no limit on retries.

Once you’ve drawn something the form recognises as a signature, a green confirmation panel appears:

“Signature captured successfully”

That’s the cue that your image has been stored in the form state, ready to be submitted with the rest of your consent record.

Below the signature pad sit three checkboxes. The exact wording is reproduced here verbatim, because the wording is the consent. If we changed it, the consent would be to something different.

Credit check (required):

“I agree to the privacy policy of Chase Monro Claims Ltd and authorise them to conduct soft credit searches on my behalf through their provider, Valid8 IP Ltd, with no impact on my credit score. I also agree to Valid8 IP’s privacy policy.”

Privacy policy (required):

“I have read and agree to the Privacy Policy and understand how my personal data will be processed.”

Marketing (optional):

“I would like to receive updates about my claim and occasional marketing communications from Total Claim. You can unsubscribe at any time.”

The Continue button is disabled until you have drawn a signature and ticked both required boxes. The marketing checkbox is optional — leaving it unticked has no effect on your claim and isn’t a barrier to anything else on the site.

What we capture at the moment of signing

When you press Continue at step 5, the form bundles up a consent record and sends it to our database. The record includes:

The signature image you drew, stored as a base64-encoded PNG.
The exact timestamp of the moment you signed.
Your IP address, captured client-side from a public IP lookup when the form first loads.
Your user-agent string — the standard browser-and-OS fingerprint your browser sends to every site you visit.
A Kount device fingerprint — a 32-character session ID generated when you opened the form. The Kount SDK runs in the background, doesn’t block the form if it fails, and is used for fraud prevention only.
The consent text version — proof of exactly which wording was on screen when you agreed.
One audit row per consent type. You sign for four things — Terms of Business, the credit check, the privacy policy, and (optionally) marketing — and each one is stored as its own record with its own timestamp.

All of this lives in Supabase, hosted in the UK and EEA in line with our privacy policy.

If anyone — you, a regulator, an ombudsman — ever asks us to demonstrate that you consented, that’s the record we produce.

What we don’t do

This is the negative-space half of the page, because what we don’t do matters as much as what we do.

We don’t pre-tick boxes. The credit-check and privacy-policy checkboxes load unticked. You tick them or the form won’t continue.
We don’t accept typed names as signatures. The signature pad accepts a drawn image only — there is no text input version of this step.
We don’t sign anything on your behalf. There is no admin tool, no support workflow, and no API call that lets a member of our team add a signature to a claim. The signature must come from your device.
We don’t share your signature image with anyone except the two parties you’ve authorised. Those are Valid8 IP Ltd (for the soft credit search you consented to) and your lender (via the Letter of Authority that authorises us to act for you). Nobody else sees it.

What you’re actually signing

Step 5 produces consent for two formal documents.

Letter of Authority (LoA). This authorises Chase Monro Claims Ltd to talk to your lender on your behalf — request statements, file the complaint, negotiate. It includes the signature you drew. After you submit the form, our backend generates the LoA as a PDF and stores it against your claim.

Terms of Business (ToB). This is the contract that sets out our fee and your rights. It’s linked from the form before you sign, so you can read it in a new tab before agreeing. You can also read it now at /terms-of-business/. It covers the 18% to 36% (incl. VAT) success-fee range, the 14-day cooling-off period, and what happens if you cancel after that.

You sign once. That signature is applied to both documents.

Your cancellation rights

You have a 14-day statutory cooling-off period that starts the moment you sign the Terms of Business. Inside that window you can cancel for any reason, with no questions asked, and you owe nothing. Any work paid for in that period would be refunded — though in practice, almost nothing chargeable happens inside the cooling-off window.

After 14 days, you can still cancel. Chase Monro Claims Ltd may then charge for work already undertaken at the hourly rates set out in your Terms of Business. We explain how this works in plain English in our cancellation policy explainer.

What this means in practice

The most-evidenced anti-CMC complaint online — across MoneySavingExpert, Trustpilot, and Reddit threads about other firms — is some version of “I never signed up.” Pre-filled signatures. Names lifted from a comparison-site form and pasted into a Letter of Authority. Hard credit searches the customer didn’t agree to.

Our consent flow is built so that, if anyone ever raises that complaint about us, we can show you the exact moment you signed. The signature image you drew. The device you drew it on. The IP address. The time, to the second. The version of the consent wording that was on screen.

If a dispute comes up, we produce the record. That is the whole point of building consent capture this way rather than as a checkbox at the bottom of a form.

It also means the soft credit search we run after step 5 is something you have positively authorised, in writing, with a drawn signature attached to the authorisation. Nothing happens on your file until that record exists.

Frequently asked questions

Can you sign on my behalf?

No. The signature must be drawn by you, on your device. The form has no typed-name option and no pre-fill — there is no mechanism for us to add a signature without your action.

What happens if I’m not happy after signing?

You have a 14-day statutory cooling-off period from the date of signing. Cancel inside that window and you owe nothing. After 14 days, Chase Monro Claims Ltd may charge for work already done at the rates set out in your Terms of Business. The full explainer is on the cancellation policy page.

Where is my signature stored, and who can see it?

Your signature image is stored in our Supabase database, with UK / EEA data residency per the privacy policy. Access is restricted to Chase Monro Claims Ltd staff working on your claim, plus the two parties you authorised at step 5: Valid8 IP Ltd for the soft credit search, and your lender via the Letter of Authority.

Yes. You can request a copy of every consent record under your name — signature image, timestamp, IP address, user agent, and the exact wording you agreed to. Send a subject access request via the contact route on the privacy policy.

What’s a Kount device fingerprint, and why do you collect it?

It’s a 32-character session ID that confirms the device that signed is the device that submitted the form. The Kount SDK runs in the background, doesn’t block anything if it fails, and is used for fraud prevention only — to stop someone else filing a claim in your name.

Ready to see this for yourself? You can start the eligibility check and stop at step 5 to inspect the signature pad and the consent wording before you sign.

The eligibility check is free. You can complain to your lender directly, or refer an unsuccessful complaint to the Financial Ombudsman Service, for free, without using a claims management company. On successful claims, Chase Monro Claims Ltd charges 18% to 36% (including VAT), deducted from the recovered amount as set out in your Terms of Business. You have a 14-day statutory cooling-off period from the date of signing. Chase Monro Claims Ltd is authorised and regulated by the Financial Conduct Authority — Firm Reference Number 831404. Registered in England and Wales, Company no. 08314551. Last updated: 17 May 2026.