Trust, kept visible.

This is the current trust baseline for Harper Relay. It explains what the live stack stores today, which intake paths are open, what still routes through the company desk, and where a direct privacy owner still needs to be named.

Open the company desk About Harper Relay

Current build status

Search persistence may be enabled on the server through Supabase.

AI Visibility Audit runs a short public brief; Lead Manager and linked workflow pilots still route through the Harper Relay company desk.

The company desk is live for review requests, but broader privacy-owner handling still needs a dedicated public owner before launch-ready trust can be claimed.

Optional analytics, pixels, and profiling are controlled by the privacy choices layer and stay off in essential-only mode.

Policy Scope

Keep the collection story honest and narrowly described.

This page is written to describe current functionality, not a hypothetical future stack. If the app later expands intake beyond the current audit brief or adds tracking, the policy needs to move with it.

What this audit brief collects

Only the short brief and routed desk details needed to decide the next honest move

The AI Visibility Audit route can collect the website URL, first name, email, optional phone and company, optional service or market context, and the preview-backed brief needed to review whether the next step is a full ranked report, a bounded repair lane, or the generator plan. If someone uses the route-attached desk instead, the note keeps /ai-visibility-audit attached instead of flattening the question into generic contact.

What this route does not create

AI Visibility Audit still avoids dashboard, guaranteed ranking, and hidden-report claims

The public flow does not promise ranking lifts, does not open a hidden client dashboard, does not create always-on live chat, and does not claim every report request is already stored or instantly approved. The quick read is a preview, and the next human step stays explicit.

Storage and processors

AI Visibility Audit briefs may write to Supabase on the server, with the route-attached desk falling back honestly when storage is not ready

When the AI brief storage layer is available, full-report requests can write to Supabase on the server. When it is unavailable, the audit flow stays in pilot mode and queues manual follow-up without claiming the brief was saved. If someone messages the route-attached desk instead, the note uses the same contact-request storage and truthful fallback used elsewhere on the site.

Cookies and similar tech

Optional tracking stays behind the privacy choices layer

On Harper Relay, optional analytics, marketing pixels, and visitor profiling are controlled by the privacy choices layer. Essential-only mode keeps non-essential tracking off. The current AI Visibility Audit route does not use session replay, keystroke logging, or automatic marketing retargeting by default.

Currently In Scope

the AI Visibility Audit quick read stays in the browser until someone asks for the deeper report

AI Visibility Audit brief requests can collect the website URL, first name, email, optional phone and company, optional service or market context, and preview-backed notes for manual review

the route-attached audit desk at /contact?from=ai-visibility-audit#message-desk keeps the quick-read, ranked-report, or generator-path question attached instead of dropping into generic contact

pilot-mode manual-follow-up receipts remain in place when either the AI brief storage layer or the contact-request storage layer is unavailable on the current run

route-aware privacy and about pages now keep the audit story attached when someone checks storage, tracking, or who is behind the work

domain-search queries, generated comparison snapshots, and queue-governance metadata may still exist elsewhere on the site

Still Not Live

guaranteed ranking lifts or answer-engine placement promises on the public AI Visibility Audit route

a hidden client dashboard, separate login, or stored-report library

an always-on live chat or instant human audit queue

a dedicated public privacy-request owner approved for broader site handling

session replay, keystroke logging, or advertising pixels that load before consent

Trust Routing

Trust requests need an owner, not a maze.

The policy route and company desk are live now. The last trust upgrade is simple and human: name the operator-approved mailbox or verified privacy-request owner so every sensitive question has a direct path.

Open the company desk Scenario Demos CRM Login