runbookify
← All plans
Marketing Operations / Compliance, Legal & Brand Approval

Marketing Claims & Legal Review Queue

Build an internal tool where marketing submits copy and creative, the app flags risky claims (performance, comparative, guarantees, health/finance), and legal/compliance approves or returns each asset - with substantiation attached and a full review trail - before anything is cleared to publish.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth + RLS)Resend (review requests, reminders, decision notices)
What you'll build

A login-protected review queue: marketing submits copy/creative, the tool scans for risky claims, routes it to legal/compliance, requires substantiation where flagged, captures an approve/return decision, produces a cleared-to-publish record, and exports a complete review-log CSV - with a hard rule that nothing is ever cleared without a human sign-off, and version history so re-reviews are tracked, not duplicated.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (and a sender address you can use)
  • Your flagged-terms list (banned/risky phrases + required substantiation)
  • A few real examples of submitted copy/creative to test with

The problem this kills

A campaign is going out Friday. The landing page says "clinically proven," the ad says "#1 in the industry," and the email promises "guaranteed results." Did legal see any of that? Did anyone attach the study that backs "clinically proven"? Is this the same headline legal already returned last week with changes - or a new version? And when the regulator or your own counsel asks "show me who approved this claim and what it was based on," the answer is scattered across Slack threads, a shared doc, and someone's memory.

In most marketing teams, claims review is an informal favor. Copy gets pasted into an email to "the legal person," who replies "looks fine" or "change this" with no record of what was reviewed, what version it was, or what evidence supported the claim. Risky language slips through because no one flagged it. The same asset gets reviewed three times because nobody tracked versions. And substantiation - the proof behind a claim - lives nowhere.

This tool replaces the favor with a real, enforced review process: every claim flagged, every approval recorded, every piece of substantiation attached, and nothing cleared to publish without a human sign-off.

What you'll build

A small internal web app, just for your team, that:

  • Lets marketing submit copy or creative (pasted text or an uploaded file) for a named asset and version.
  • Scans the submission against your flagged-terms list - banned and risky phrases like "guaranteed," "clinically proven," "#1," "risk-free," "FDA approved" - and highlights exactly what tripped, grouped by claim type (performance, comparative, guarantee, health/finance).
  • Routes each submission to legal/compliance for review, with the flags and the asset front and center.
  • Requires substantiation to be attached wherever a flag demands it (the study, the data, the source) before the reviewer can clear it.
  • Captures a clear approve / return-for-changes decision with comments, recorded against the logged-in reviewer.
  • Produces a cleared-to-publish record only when a human has approved it.
  • Keeps version history so a re-submitted, edited asset is a new version of the same asset - tracked, not duplicated.
  • Exports a complete review-log CSV of every submission, flag, decision, and reviewer.

What's inside the Implementation Plan

The plan is a single markdown file you paste into Claude Code (a free AI coding agent). It walks the agent through building the whole tool, step by step, each step ending with a ready-to-paste prompt.

The most important part: the plan opens by interviewing you about your business. Before it writes a single line, the agent asks how copy gets reviewed today, what your real flagged-terms list looks like, which claim types matter in your industry, what counts as acceptable substantiation, who your reviewers are, your typical and peak submission volumes, your exact approval rules, and your messiest edge cases (creative with no text, claims in images, an asset that's already live). It reads a short tailored spec back to you, you confirm it, and only then does it build - so you get a tool shaped to your review process and your regulatory reality, not a generic template you have to bend to fit.

Inside you'll find:

  • The discovery interview and how the agent turns your answers into the data model, the flagged-terms scanner, and the substantiation rules.
  • The full build: database, login, submission intake (paste or file), the risky-claim scanner, the reviewer queue, the substantiation gate, the approve/return flow, version history, emails, and the audit trail.
  • The hard human review gate so nothing is ever cleared to publish without a real person's sign-off.
  • Verification steps so you can prove it works, and the CSV-export fallback so it's fully usable even before you connect it to any other system.

The governance it includes (this is the point)

This isn't a toy. The plan builds in the controls a regulated marketing team actually needs:

  • Login so only your team can see or touch anything.
  • Row-level security so people only see the submissions and decisions that belong to your organization.
  • A complete audit trail - every submission, scan, flag, substantiation upload, reminder, approval, and return is logged with who and when.
  • A hard human-in-the-loop gate - the AI scans and flags, but a real reviewer must approve; nothing is ever auto-cleared to publish.
  • A substantiation requirement enforced in code - a flagged claim that needs proof physically cannot be cleared until that proof is attached.
  • Duplicate guards keyed on asset + version, so the same submission can't be processed twice and edits become tracked new versions.

Who it's for

Marketing ops, brand, and compliance folks in regulated or claim-heavy industries - health, finance, supplements, beauty, food, insurance - who need a real, auditable trail showing legal reviewed and approved the claims before they went live. You don't need to write code. You need your flagged-terms list, a few sample submissions, and an afternoon-to-a-weekend.

You've got this - paste the first prompt and let the agent interview you.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.