Trust, kept visible.

This is the current implementation baseline for Domain8 and its pilot pages. It explains what the app stores today, how outbound registrar clicks are routed and logged, which audit intake path is live, what is still not launch-ready, and why the site should not be treated as fully complete until the broader public contact owner is finalized for general privacy requests.

Current build status

Search persistence may be enabled on the server through Supabase.

Registrar quote clicks can pass through /api/outbound so approved, provisional, or direct-source routing stays auditable without changing ranking order.

AI Site Optimizer runs a short public brief; Member Concierge and Local Service Front Desk route through the shared contact desk.

Lead Manager is now a public workflow preview, but lead-flow requests still route through the same message desk instead of a separate live portal login.

A contact-routing page now exists, but the direct operator-owned public contact owner for broader privacy requests is still the main trust blocker before launch.

Policy Scope

Keep the collection story honest and narrowly described.

This page is written to describe current functionality, not a hypothetical future stack. If the app later expands intake beyond the current audit brief or adds tracking, the policy needs to move with it.

What Domain8 collects

Search queries, comparison snapshots, and outbound registrar clicks tied to the price desk

When someone runs a domain search, the app can store the query, normalized candidates, provider coverage, pricing fields, evidence, and generated timestamps so recent results can be reused instead of recomputed on every request. If someone opens a registrar quote, the app can also send the click through /api/outbound before redirecting so the provider, searched domain or keyword, source URL, destination URL, and whether any affiliate template was applied can be recorded. The redirect can use an approved affiliate template, a provisional template, or the direct source URL, but ranking order does not change.

Service intake status

AI Site Optimizer accepts a short public brief, while Lead Manager and workflow-module pages route through the live contact desk

The AI Site Optimizer page now publishes a short public brief for full report requests. The site also exposes a contact-routing page at /contact, and Lead Manager or workflow pages like Local Service Front Desk and Member Concierge route requests there instead of pretending to run their own finished intake stack. The broader direct public owner still needs final approval before launch-ready handling can be claimed.

Storage and processors

Search snapshots, outbound registrar clicks, audit brief requests, and contact requests may be written to Supabase when server persistence is enabled

This build is configured to use Supabase on the server for optional search persistence, outbound affiliate-click logs, Market R queue governance, AI Site Optimizer brief capture, and contact-request storage when the storage layer is available. If the relevant table or credentials are not ready, outbound clicks fall back to the direct registrar source and intake falls back to truthful manual pilot handling instead of pretending the write succeeded.

Cookies and similar tech

Non-essential analytics, pixels, and visitor profiling are consent-gated

Harper Relay now ships a first-party privacy choices layer. Essential site functions can run without opt-in. Optional analytics can record page views and CTA clicks after consent. Marketing pixels and persistent visitor profiling stay off unless the visitor chooses them, and Global Privacy Control is treated as a do-not-sell/share signal where the browser exposes it.

Visitor profiles and exports

The tracking layer is built for portable events, not hidden surveillance

When analytics or profiling is allowed, Harper Relay can create a first-party visitor ID, keep a limited local event queue, and push consent-approved events into window.dataLayer so external suites such as GA4, tag managers, CRM pixels, or future customer-data tools can consume them. The current implementation does not turn on session replay, keystroke logging, or marketing retargeting by default.

Traffic intelligence signals

Hover, scroll, and section dwell are used as coarse interest signals, not eye tracking

With analytics consent, Harper Relay can record page path, source/referrer, UTM values, CTA clicks, scroll-depth milestones, hover dwell on labeled controls, and section exposure/dwell. These signals help identify which offer, industry, or handoff path is getting attention. They do not capture typed form content, passwords, payment data, keystrokes, screen recordings, or actual gaze/eye movement.

Industry selection and prediction

Visitors can self-identify an industry, and profiling consent controls persistent prediction

Industry selector buttons may record a visitor's chosen industry after analytics consent. A persistent prediction profile that scores industry fit, lifecycle stage, and likely follow-up path is only retained when profiling is allowed. Essential-only mode skips this layer, and Global Privacy Control disables marketing and profiling where the browser exposes that signal.

Enrichment boundaries

External matching should stay company-level, consent-aware, and reviewable

Harper Relay may later enrich declared company, domain, industry, or source data with customer-approved tools, but this policy does not authorize covert personal identity enrichment. Any CRM, ad platform, data warehouse, or customer-data platform connected later must respect the same consent state, Do Not Sell or Share posture, and export/delete review path.

Choice and opt-out

Visitors can choose essential-only, analytics, or broader marketing/profiling permissions

The cookie banner and Privacy choices control let visitors keep tracking essential-only, allow basic analytics, or explicitly allow marketing and profile-building. A Do Not Sell or Share posture disables marketing and profiling. If a configured third-party pixel is added later, it must remain behind the same consent gate rather than loading before the visitor chooses.

Currently In Scope

domain-search queries and generated comparison outputs

registrar quote clicks can pass through /api/outbound so the provider, searched domain or keyword, source URL, destination URL, and whether any affiliate template was applied can be logged while ranking order stays unchanged

AI Site Optimizer brief submissions: website URL, first name, email, optional phone/company/service/market context, and preview notes for manual follow-up

contact message desk submissions: first name, last name, email, message, human verification status, optional phone, customer type, company, address, website or route, request type, quick-note seed, and optional discount or phone-follow-up preferences, but not passwords, payment card data, or private secrets

a Harper Relay Lead Manager page that explains lead capture, qualification, routing, and owner-digest handling but routes flow requests through /contact instead of collecting new portal-specific data

a public contact-routing page that sends site-review and workflow-module requests to the clearest live surface

provider source URLs and evidence used to explain pricing

queue-governance metadata for internal lane work

Still Not Live

dedicated public intake forms on Local Service Front Desk or Member Concierge

a separate public login, lead vault, or file-upload flow on the Lead Manager page

a dedicated operator-owned public mailbox or verified privacy-request owner

session replay, keystroke logging, or advertising pixels that load before consent

Current Limitation

Privacy requests still need a dedicated public owner before launch.

This repo now exposes both the policy route and a public contact-routing page, but it still needs an operator-approved direct mailbox or verified privacy-request owner before the site can honestly call the trust path complete.

Open Front Desk Review Back To Local Service Front Desk About Harper Relay