Compliance Document Repository & Access Log
Build a governed home for HR and compliance documents - policies, procedures, certificates, contracts - with role-based access, a full view/download log, owner approval before anything goes live, and automatic review-due reminders.
One controlled repository where sensitive HR documents live behind role-based access, every view and download is logged for audit, owners approve who can see what before it goes live, and review-due reminders go out automatically.
Before you start
- A free Supabase account
- A free Vercel account
- A free Resend account
- The HR/compliance documents you want to control, with their owners
The problem this kills
Your policies, signed contracts, certifications, and compliance procedures are scattered across a half-dozen shared drives. Nobody knows which version is current. Anyone with the link can open a confidential document. When an auditor asks "who downloaded this policy and when?", you have no answer. And review dates quietly slip past, so you're enforcing policies that expired eighteen months ago.
A shared drive was never built to be a system of record for sensitive documents. It has no access control you can defend, no audit trail, and no memory of when something is due for review.
What you'll build
A single, governed repository for your HR and compliance documents. Every document has metadata - type, owner, effective date, review-due date, and the audience allowed to see it. People only see the documents their role is allowed to see. Before a document goes live, its owner approves both the publish and the exact access scope. Every view and download is written to a log you can hand to an auditor. When a document's review date approaches, the owner gets an email. And you can export the whole document index and access log to CSV any time.
What's inside the Implementation Plan
The plan opens by interviewing you about your business - your document types, who owns them, the audience groups you actually use (all staff, managers, a specific department, named people), your review cadences, and your messiest edge cases like superseded versions and contractor access. It reads a short tailored spec back to you and waits for your thumbs-up, so the tool fits your compliance reality instead of a generic template. From there it walks you, one copy-paste prompt at a time, through building the database, the secure file storage, the upload-and-metadata screen, the owner approval gate, role-based access, the access log, the review-due reminders, and the CSV exports.
The governance it includes (this is the point)
- Login so only your team can reach the repository.
- Row-level security so people only ever see documents their audience allows - enforced in the database, not just hidden in the UI.
- A complete audit trail - every view and download recorded with who, what document, which version, and when.
- A human approval gate - the document owner approves publishing and the access scope before a document is visible, and every access-policy change is reviewed and logged.
- Duplicate guards - keyed on document ID plus version so the same document version can't be loaded twice, and versions supersede cleanly.
Who it's for
HR and compliance teams whose policies and sensitive documents live in uncontrolled shared drives with no access control and no audit trail - and who need to prove, on demand, exactly who could see what and who actually opened it.
You've got this - paste the first prompt and let the plan interview you.