build.allanninal.dev

Part 4 of 7 · Testimonial collector series ~4 min read

How a testimonial gets sign-off

This is the part that keeps the whole system honest. A clean quote is not a publishable quote. Before a single word reaches your site, it has to clear two gates that both say yes: the customer’s permission, given on a simple page that shows them the exact quote, and your own approval, given from a card that puts the clean quote next to what they actually wrote. Miss either gate and nothing happens. There is no override.

Key takeaways

  • Two gates, both required, in order: the customer’s permission, then your approval.
  • The customer sees the exact final quote and picks how to be credited before they say yes.
  • Crediting options: full name, first name only, initials, or fully anonymous.
  • You approve from a card with the clean quote beside the original — Approve, Edit, or Skip.
  • Every gate is a deterministic check, and every decision is written to the audit trail.

Two gates before anything can publish

Four gates between a clean quote and a publishable one A horizontal flow diagram. On the far left, a "Clean quote" box: the tidied quote from the reply, with the customer name and the original raw reply kept alongside it. Four gates sit in a row to the right, each drawn as a vertical bar. Gate 1: Show the quote — the customer opens a simple page from the link in the email that displays the exact final quote and a short note explaining where it might appear. Gate 2: Get permission — the customer ticks a single permission box that says their words may be used on the site and in marketing; without that tick, the quote can never be used, full stop. Gate 3: Choose credit — the customer picks how to be named: full name, first name only, initials, or anonymous; whatever they pick is stored and is exactly how the quote will ever appear. Gate 4: Owner approves — a card lands for a teammate showing the clean quote next to the original reply, with Approve, Edit, and Skip buttons; Edit lets them fix a small thing, Skip drops it quietly. After all four gates pass, the quote moves to the approved state, ready for the publishing step in the next post. A note at the bottom: both the customer's yes and the owner's approval are required, and every decision is logged to tc-audit. Clean quote tidied text, name, and the original reply Gate 1 Show the quote simple page, exact final words from email link note: where it might appear Gate 2 Get permission one checkbox: may use my words no tick, no use — full stop Gate 3 Choose credit full name, first name, initials, or anonymous — stored exactly Gate 4 Owner approves clean quote vs original reply Approve, Edit, or Skip Approved — both the customer’s yes and the owner’s sign-off recorded permission via the form Function URL · approval via the review Function URL every decision logged to tc-audit — consent and approval are auditable for years Both yeses are required — the customer’s permission and the owner’s approval. No override.
Fig 4. Four gates between a clean quote and a publishable one. The customer sees the exact quote, ticks permission, and picks their credit; then a teammate approves it against the original. Only a quote with both yeses ever reaches the approved state.

Gates 1 and 2: the customer’s permission

The link in the ask email opens a small page served by a Lambda Function URL — no login, no account. The page shows the customer the exact final quote (the cleaned version from Part 3, not their raw text) and a one-line note about where it might appear: “We’d love to show this on our website and in marketing.” Below it is a single permission checkbox. This is the hard gate of the whole system. If the customer does not tick that box, the quote is marked declined and can never be used — there is no path in the code that publishes an unticked quote. A decline is also logged so the never-nag policy from Part 2 leaves them alone for a year.

Keeping permission on the same page as the quote is deliberate. The customer agrees to the specific words they can see, not to some vague future use. That’s both kinder and safer: nobody is ever surprised by a quote they don’t remember approving.

Gate 3: how they want to be credited

Right next to the permission box, the customer picks how they want to be named: full name, first name only, initials, or fully anonymous (“a happy customer”). Whatever they choose is stored on the row and is exactly how the quote will ever appear — the publishing step in the next post reads this field and nothing else. A customer who wants to share their words but not their name can do that in one tap, which means more people say yes. Their choice is theirs to change later, too; updating the credit re-runs the publish step with the new setting.

Gate 4: your approval

A customer’s yes is necessary but not sufficient. Once permission is in, a review card lands for a teammate — in Slack via the bot, or in a simple web view from another Function URL. The card shows the clean quote right next to the customer’s original reply, so the reviewer can see at a glance that the tidy pass stayed faithful. Three buttons: Approve moves the quote to the approved state; Edit opens a box to fix a small thing (a stray comma, a name spelling) before approving; Skip drops it quietly without ever telling the customer it was dropped. This second gate catches the rare quote that’s technically fine but not quite right for the brand — and it means a human always stands between a customer’s words and the public site.

Every action across all four gates — permission given or declined, credit chosen, approve, edit, skip — is written to the tc-audit table with a timestamp and the before-and-after. Pull up any published quote a year later and you can show exactly when the customer consented and who approved it.

Next post: how an approved testimonial actually gets published — written to a clean file your site reads, credited exactly how the customer chose, and removable the moment anyone changes their mind.

All posts