turns out we need to reuse this, so it's better in the config class.
When a user first syncs, we will send them a server notice asking them to consent to the privacy policy if they have not already done so.