runbookify
← All plans
Compliance, Quality & Risk / Whistleblower & Ethics Case Management

Anonymous Whistleblower Intake Portal

Build a confidential speak-up portal where anyone can raise an ethics or compliance concern - anonymously if they choose - get a private follow-up code, and exchange messages with your ethics officer without ever revealing who they are.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres + Auth + Row-Level Security)Resend (email notifications to authorized handlers only)
What you'll build

A live, anonymous-by-design reporting portal that issues each reporter a private follow-up code, lets your ethics officer triage category and severity behind a login, supports two-way anonymous messaging by code, and exports a clean case-intake log as CSV.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase project
  • A free Resend account with one verified sending domain or address
  • Your report categories and the intake questions you want to ask

The problem this kills

People who see fraud, harassment, or a safety hazard often stay silent because they do not trust the channel. A shared inbox is not anonymous. A third-party hotline is expensive and slow. A spreadsheet of complaints has no access control and no audit trail. And the moment a reporter suspects their identity might leak, the report never comes.

The result is the worst-case scenario for any compliance or ethics function: the bad thing was visible to someone, and that someone had nowhere safe to say it.

You need a speak-up channel people actually believe is confidential - one that lets you keep talking to an anonymous reporter to gather the facts you need, without ever learning who they are.

What you'll build

A confidential reporting portal:

  • Anyone can submit a concern from a public page - no login, no account. They pick a category (fraud, harassment, safety, conflict of interest, and whatever else you define), describe what happened, and choose whether to stay anonymous.
  • The system issues a private follow-up code on submission. That code is the reporter's only key. They can come back, enter it, see the status of their case, and read and answer messages from your team.
  • Your ethics officer triages each report behind a secure login: confirm the category, set a severity, and turn the raw report into a triaged case. This is a deliberate human gate - nothing becomes an "official case" until a person reviews it.
  • Two-way anonymous messaging lets the handler ask follow-up questions ("which department?", "do you have a date?") and the reporter answer - all keyed to the code, with no identity attached.
  • Authorized handlers get notified by email (via Resend) when a new report lands or a reporter replies. Reporters are never emailed unless they explicitly chose to share a contact - anonymity is the default.
  • A case-intake log exports to CSV in clean columns, so your audit committee gets the numbers without anyone touching the raw, sensitive narratives.

What's inside the Implementation Plan

  • It starts by interviewing you about your business. This is not a generic template. Before it writes a line of code, the plan has the AI agent ask you about your real report categories, your severity scale, who is allowed to read reports, your retention rules, and your messy edge cases - then it tailors the data model, the intake form, and every later step to your answers and reads a short spec back for your thumbs-up.
  • A step-by-step build, each step ending in a ready-to-paste prompt for your AI coding agent.
  • The public, no-login intake form and the anonymity choice.
  • The private follow-up code: how it is generated, shown once, and used to check status and message back and forth.
  • The handler console behind a login, with category/severity triage as a human approval gate.
  • Anonymity-by-design specifics: no IP or identity capture on anonymous reports, and a strict rule that triage never de-anonymizes anyone.
  • Row-level security so only authorized ethics handlers can read reports.
  • A full audit trail and a duplicate guard for accidental double submissions.
  • The "No API yet?" fallback and the CSV export of the case-intake log.

The governance it includes (this is the point)

A speak-up channel without governance is a liability. This plan bakes it in:

  • Login for the team. Handlers authenticate with Supabase Auth; the public can only submit and follow up by code.
  • Row-level security. Reports are readable only by authorized ethics handlers - never by the public, never by the anon key, never across organizations.
  • A complete audit trail. Every triage decision, status change, and message is logged with who did it and when.
  • A human-in-the-loop gate. A raw report does not become a triaged case until your ethics officer reviews it, confirms the category, and sets severity. The AI never auto-classifies a case into your system of record.
  • Anonymity by design. For anonymous reports the system captures no IP and no identity, and triage is built so a handler can do their job without ever de-anonymizing the reporter.
  • Duplicate guards. A short-window dedupe stops the same submission from being processed twice.
  • Authorized-only export. The case-intake CSV can be produced only by an authorized role.

Who it's for

Compliance and ethics officers, internal audit teams, and audit committees who need a trustworthy speak-up channel they control - and HR or operations leaders at organizations that want a real confidential reporting line without paying for an expensive third-party hotline.

You've got this. Open the Implementation Plan, paste the first prompt, and let the interview tailor it to your organization.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.