runbookify
← All plans
Marketing Operations / Social Scheduling & Tracking

UGC & Rights-Request Tracker

Log the customer photos and videos you want to repost, send and track a permission request, and store the granted consent - so you never repost user content without documented rights.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth, RLS)Resend (email)
What you'll build

A private, team-only tracker where every repost-worthy customer post is logged, a manager approves the outreach, the rights request is sent and tracked, the creator's response is recorded, and only manager-confirmed "granted" assets land in a cleared-to-use library - with a permissions CSV you can export any time.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (or use the no-email fallback at first)
  • A list of UGC you want to reuse (or a CSV you can export)

The problem this kills

Your brand's best content is made by your customers. A great unboxing photo, a glowing video review, a styled flat-lay on someone's feed - reposting it is gold. But every time you grab a customer's photo and put it on your channel, you are using someone else's copyrighted work. If you can't prove they said yes, you are one annoyed creator (or one platform complaint) away from a takedown, an awkward DM thread, or worse.

The reality in most social teams: rights requests live in DMs, screenshots, and someone's memory. "I'm pretty sure she said it was fine" is not a permission record. When a manager asks "did we get rights for this one?" the honest answer is often "let me go scroll back through my messages." That is how good content gets pulled - or never gets used at all because nobody is sure it's safe.

This tool replaces "I think we're cleared" with a documented yes: who granted it, exactly what they agreed to, and the timestamp it happened.

What you'll build

A private web app for your social team that walks every piece of user-generated content through a clean, auditable path:

  1. Log the UGC - creator handle, the post link, the asset itself, and what you intend to use it for.
  2. Manager approves the outreach - a person reviews the request before any message goes out.
  3. Send + track the rights request - using your own message template, with a record of when it was sent.
  4. Log the creator's response - granted, declined, or no reply, with the exact wording they used.
  5. Manager confirms the permission - a human gate before anything is marked safe.
  6. Cleared-to-use library - only assets with a confirmed "granted" record show up here, each carrying its permission wording and grant timestamp.
  7. Permissions CSV export - a complete ledger you can hand to legal, a client, or a platform if anyone ever asks.

It also flags any asset that's been used without a "granted" record - your early-warning system against accidental unlicensed reposts.

What's inside the Implementation Plan

The plan is a complete, copy-paste runbook you feed to an AI coding agent (Claude Code). You don't write code - you paste prompts and answer questions.

It opens by interviewing you about your business. Before it builds anything, the agent asks how your team actually handles UGC today: which platforms you pull from, how you name creators, what counts as "intended use," your real approval rules, and the messy edge cases (creators who go silent, conditional yes-but-tag-me grants, deleted posts). It reads a short tailored spec back to you, you give a thumbs-up, and only then does it build a tool shaped around your workflow - not a generic template.

From there the plan covers, step by step: account setup, the database with row-level security, login, the UGC intake form, the manager approval gate, the rights-request sender and tracker, the response logger, the cleared-to-use library, the "used without consent" flag, and the CSV export - each step ending in a ready-to-paste prompt.

The governance it includes (this is the point)

This isn't a glorified spreadsheet. Governance is built into every layer:

  • Login so only your team can open the tool.
  • Row-level security so each organization only ever sees its own UGC and permissions.
  • A complete audit trail - who logged it, who approved the outreach, who confirmed the grant, and exactly when.
  • A hard human-in-the-loop gate - the manager must approve outreach before a request goes out, and must confirm the permission before an asset is ever marked cleared to use.
  • Duplicate guards - the same creator handle + post link can't be logged twice.
  • The permission record itself - the exact wording the creator agreed to, plus the grant timestamp, stored permanently.

Who it's for

Social and brand managers, community managers, and small marketing teams who repost user-generated content and know - or worry - that their rights paper trail wouldn't survive a real challenge. If you've ever paused before hitting "share" because you weren't 100% sure you had permission, this is for you.

You've got this - paste the first prompt and let the agent interview you.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.