The safest audit is the one that reviews the launch path without collecting unnecessary production data.
Starter policy — requires qualified legal review before paid launch.
This page is starter website policy language and is not a substitute for legal advice.
Use this table to decide whether a public intake note is safe, cautionary, custom-scope, or blocked.
| Category | MVP fit | Public intake allowed? | Safe alternative |
|---|---|---|---|
| No user/private data yet | Allowed | Yes | Continue with metadata-only intake. |
| Synthetic/demo data only | Allowed | Yes | Use synthetic records that cannot be traced to real users or businesses. |
| Public website/content only | Allowed | Yes | Share public URLs instead of private admin screens or data exports. |
| Personal data involved | Caution | Yes | Describe the data class in plain language without names, emails, records, or identifiers. |
| Multi-tenant data | Caution | Yes | Share schema shape, policy names, or redacted screenshots instead of tenant records. |
| Private customer data involved | Caution | Yes | Describe the data type and use synthetic examples or redacted screenshots. |
| User-generated content involved | Caution | Yes | Discuss moderation and storage flows without submitting raw user content. |
| Stripe/payment configuration only | Allowed | Yes | Use test-mode Stripe, public docs, redacted screenshots, and high-level webhook flow descriptions. |
| Raw cardholder/payment-card data | Blocked | No | Use Stripe test-mode cards and describe payment-state behavior without cardholder data. |
| Health/PHI | Blocked | No | Pause public intake and pursue a custom lawyer-reviewed scope if appropriate. |
| Children/minor data | Blocked | No | Use only non-sensitive metadata and obtain custom legal review before any engagement. |
| Regulated financial data | Custom required | No | Do not submit records; discuss only the need for a custom scope. |
| Legal-client data | Custom required | No | Do not submit legal materials; use a high-level scope conversation first. |
| Government or defense data | Custom required | No | Do not submit materials through public intake; require custom legal review. |
| Safety-critical data | Custom required | No | Discuss scope and risk at a high level without operational data. |
| Database dump/export | Blocked | No | Use schema summaries, policy definitions, synthetic rows, or a guided screen share. |
| Production secrets or tokens | Blocked | No | Rotate exposed secrets and provide redacted variable names or least-privilege access after scope. |
| AI API keys | Blocked | No | Describe provider usage without key values; rotate any exposed key. |
| Webhook signing secrets | Blocked | No | Use redacted screenshots or test-mode configuration and rotate any exposed secret. |
| Other sensitive data | Blocked | No | Do not submit the material; provide a plain-language summary or request custom scope. |
Private repository access is coordinated after intake and written scope. The preferred path is read-only GitHub access, a sanitized branch, or guided screen share. Access should be least-privilege, time-limited where practical, and removed after the engagement.
Reports should describe findings without exposing sensitive values. Environment variable names may be referenced without values. Tokens, keys, credentials, emails, private URLs, customer identifiers, and real records should be redacted or replaced with synthetic examples where practical.
AI tools may support internal drafting or analysis only with non-sensitive, redacted, synthetic, or public material. Client secrets, production credentials, customer records, cardholder data, PHI, children’s data, regulated data, and database dumps are not submitted to AI tools.
Public intake is metadata-only. The public website does not intentionally store detailed intake submissions in an application database. Accepted safe-intake notifications may be delivered to the configured business inbox. Rejected submissions containing prohibited data are not emailed and should not be retained by the app.
If a secret, token, key, credential, raw card data, production record, or regulated data is submitted accidentally, stop using it and rotate it immediately. Ready? Check… Launch! may delete or redact the submission and ask for safe replacement context before work continues.
Projects involving PHI, children’s data, regulated financial data, legal-client materials, government/defense data, safety-critical workflows, raw cardholder data, or similar high-risk material require custom lawyer-reviewed scope before paid work.
Send enough context to understand launch risk. Keep secrets, customer records, raw payment data, database dumps, and regulated data out of forms and ordinary email.