Gifts & Hospitality Register

The problem this kills

Somewhere in your organization, a salesperson just accepted concert tickets, a buyer got a case of wine from a vendor, and a director took a client to a steakhouse. Each one might be fine. Together, unlogged and unchecked, they're exactly what an FCPA or UK Bribery Act investigator goes looking for - and "we didn't have a record" is the worst possible answer.

Most teams "track" this in a shared spreadsheet that nobody fully trusts: values in three currencies, no approval trail, no way to see that the same vendor has now given four "small" gifts to the same buyer this quarter, and no flag when the counterparty is a government official (where the rules are far stricter and the penalties far harsher).

You don't need a six-figure GRC platform to fix this. You need a simple register that does the boring, regulator-pleasing work automatically: log it, value it, check it against your policy, force a human to approve anything over the line, and keep a tamper-evident record you can hand over on demand.

What you'll build

A private internal web app - just for your team - where anyone can log a gift or hospitality event (given or received): who was involved, the counterparty, the value, the occasion, and the date. The tool then:

• Converts and checks each entry against the thresholds in your policy.
• Logs below-threshold items automatically (still fully visible - nothing is hidden).
• Routes anything over the limit to a manager or compliance approver, who reviews and clears or declines it before it counts as accepted.
• Aggregates repeated gifts to or from the same counterparty so a string of "small" gifts can't slip under the radar.
• Flags government-official counterparties for stricter handling.
• Sends Resend email reminders so pending approvals don't rot.
• Exports the whole register as a clean CSV - your anti-bribery evidence trail, in the columns you need.

What's inside the Implementation Plan

It starts by interviewing you about your business. Before a single line of code, the plan has the AI agent ask about your actual gift & hospitality policy, your real approval chain, your currencies, your thresholds, and your messiest edge cases - then it reads back a short tailored spec for your thumbs-up. You get a tool shaped around your policy, not a generic template you'd have to bend to fit.

From there the plan walks you, copy-paste prompt by copy-paste prompt, through:

• Standing up the Next.js app, Supabase database, and login.
• The data model for gift events, thresholds, and approvals - named to match your data.
• The threshold-check and currency-aggregation logic.
• The human approval gate and the government-official flag.
• Resend reminder emails for pending items.
• The register CSV export.
• A "No API yet?" fallback so you can import an existing spreadsheet and export in your system's exact columns - fully buildable today, with zero integration work.

The governance it includes (this is the point)

This isn't a toy. The plan bakes in the controls that make the register defensible:

• Login so only your team can use it.
• Row-level security so people only ever see their own organization's data.
• A complete audit trail - who logged, edited, approved, or declined each entry, and exactly when.
• A hard human-in-the-loop approval gate before any over-threshold gift is recorded as cleared: the tool drafts the decision, a person approves it, and only then does it commit.
• Duplicate guards keyed on the event ID so the same gift can't be logged or processed twice.

Who it's for

Compliance officers, ethics teams, and the sales- and procurement-heavy organizations they protect - anyone with FCPA or UK Bribery Act exposure who needs a real, auditable gifts & hospitality register without waiting on IT or a budget cycle.

You've got this. Open the Implementation Plan, paste the first prompt, and let the agent interview you - your register will be live by the end of the afternoon.