Workspace
Workspace Integrations People Intelligence Onboarding 4/4
Account
Settings

Customer Onboarding AI v3

Complete record for this prototype. Use the left nav for overview, findings, fix guide, earlier versions, and history. Trust dimensions include concrete remediation steps and severity scores.

RED Active Vercel

Not safe to share externally until access control and GDPR exposure are resolved. The fix guide is the fastest way to ship changes and re-scan.

customer-onboarding-v3.vercel.app ↗

Retention / CX · James Murphy · Logged 12 Mar 2026 · Acme

Liveform Rating 2.5
of 5.0 - rolls up to RED in your workspace (weighted toward blockers, not a straight mean).
Summary

This scan found two critical, one high, and two medium findings. Open Dimensions at the bottom of the left nav for evidence and fixes per area; the hero shows your headline Liveform Rating and trust band in the workspace.

Third experiment in Customer retention / CX. - both failed governance for the same access pattern.

About this build
Platform
Vercel
Access
Public - no authentication
Problem space
Retention / CX
Logged
12 Mar 2026
Last scan
12 Mar 2026
Data sources
CRM · External REST API

Five findings · ordered by severity

Critical Access control

No authentication gate detected

The build is reachable by anyone with the URL - no password, magic link, or SSO.

It processes CRM fields (names, emails). Public reachability with live data is an exposure risk.

Critical Compliance exposure

No GDPR consent mechanism

CRM data feeds the model with no consent copy, processing statement, or recorded lawful basis in flow.

Production personal data without Article 6 documentation is a compliance issue even for prototypes.

High Brand alignment

Brand token mismatches

Primary colour #1A1A2E vs confirmed #0D0D14. Font stack leads with system-ui instead of Inter.

Medium IP & idea leakage

Unreleased feature names in copy

“Smart Journey Builder” and “Adaptive Onboarding” are not public names.

Medium Inheritance

Same failure mode as v2

v2 (Feb 2026) archived for the identical auth gap.

Everything you need to actually ship fixes: a ready-made prompt and a clean Markdown doc - matching the five findings under Findings.

Remediation prompt

Paste into Claude, ChatGPT, Copilot, or similar.

You are reviewing the Customer Onboarding AI prototype at customer-onboarding-v3.vercel.app for Acme. Apply the following corrections:

CRITICAL - ACCESS CONTROL:
Add Vercel password protection immediately, or implement an authentication gate (magic link or SSO). Do not share this URL with anyone until this is resolved.

CRITICAL - GDPR COMPLIANCE:
Replace all live CRM data with synthetic equivalents using approved datasets (Faker.js or Internal test data). If live data must be used, add consent notice and document the lawful basis.

HIGH - BRAND ALIGNMENT:
- Replace primary colour: #1A1A2E → #0D0D14
- Replace font stack: system-ui → Inter, system-ui, -apple-system, sans-serif

MEDIUM - IP LEAKAGE:
Replace "Smart Journey Builder" with "Onboarding Flow"
Replace "Adaptive Onboarding" with "Dynamic Setup"

After applying these changes, re-submit to Liveform for re-scoring.
Markdown export

Markdown for tickets or PR description.

Preview
# Liveform fix report
# Prototype: Customer Onboarding AI v3
# Generated: 12 Mar 2026
 
## CRITICAL: Access control
- Finding: No authentication gate
+ Fix: Vercel protection or SSO
 
## CRITICAL: GDPR compliance
- Finding: Live CRM data, no consent
+ Fix: Synthetic data (Faker.js)
When fixes are live, run Re-scan from the hero actions so your workspace shows the new posture.

Other builds in Customer retention / CX - compare posture before you repeat the same gap.

Customer Onboarding AI v2 RED
Archived · Feb 2026 · J. Murphy

Same auth gap as this build. Brand 2/5 on palette drift. Synthetic data required for CRM-backed flows.

View record →
Customer welcome flow (Figma) AMBER
Archived · 10 Jan 2026 · A. Walsh

Narrow scope; IP copy drove the amber rating.

View record →
Event log

  • Trust rating · RED

    Liveform Rating 2.5/5 · 2 critical · 1 high · 2 medium

  • URL analysed

    Vercel · public access · three data connections

  • Prototype logged

    Sarah Connolly · builder James Murphy