Mandate Form: Personal Info & DD T&Cs Steps
Mandate Form: Personal Info & DD T&Cs Steps
This post covers the implementation of steps 1 and 2 of the tenant mandate form, shipped in v1.0.24.
Background
The Direct Debit mandate form is a public-facing, token-based multi-step flow that tenants complete to authorise a Direct Debit. Each step is validated before the tenant can advance, ensuring data quality and compliance at every stage of collection.
Version 1.0.24 delivers the first two steps of this flow.
Step 1: Personal Information
The opening step collects the tenant's core identity and contact details:
| Field | Notes |
|---|---|
| Full name | Required |
| Address line 1 | Required |
| Address line 2 | Optional |
| Town | Required |
| Postcode | Required |
| Phone number | Required |
| Email address | Pre-filled from the mandate invite |
Pre-filled Email
When a letting agent sends a mandate invite, the tenant's email address is embedded in the invite token. On step 1, the email field is automatically populated from this token — the tenant does not need to type it in. This reduces friction and helps prevent typos on a field that is used for mandate notifications.
Validation
All fields are validated with a Zod schema before the form advances. Validation errors are surfaced inline at the field level. The step transition is blocked until all required fields pass validation.
Step 2: Direct Debit Guarantee
Before any payment details are collected, tenants must read and explicitly accept the Direct Debit Guarantee — the UK industry-standard consumer protection underpinning all BACS Direct Debit schemes.
What tenants see
- The full, unabridged Direct Debit Guarantee text is rendered on screen
- A checkbox the tenant must tick to confirm they have read and accepted the terms
- Advancing to step 3 is blocked until the checkbox is checked
Acceptance audit record
At the point the tenant checks the box and advances, the service records:
- Acceptance timestamp — the exact date and time of acceptance (UTC)
- IP address — the tenant's IP address at the point of acceptance
This metadata is persisted against the mandate record and provides a verifiable audit trail of informed consent, which is a requirement under the Direct Debit scheme rules.
What's Coming Next
Subsequent releases will implement the remaining mandate form steps:
- Step 3 — Payment details (amount, frequency, collection date with working day calculation)
- Step 4 — Bank details (account number, sort code, account holder name)
- Step 5 — Video verification
- Step 6 — ID verification
- Step 7 — Right to Rent (property mandates only)
- Step 8 — Confirmation and submission