User Journeys

Three Personas, Five Core Journeys

INeedTrust serves three distinct user types whose journeys interlock to create the trust-center lifecycle. Every feature in the product maps back to one of these journeys.

Raj — Publisher
VP Engineering / Security Lead
  • Creates the trust center from a single URL scan
  • Reviews seeded controls, badges, requirements, and evidence before publish
  • Monitors health scores, dataroom activity, renewal alerts, and analytics
Sarah — Champion
Sales Engineer / Account Executive
  • Generates share links and invited dataroom access for specific evaluators
  • Tracks which documents were viewed, downloaded, and NDA-gated
  • Uses engagement data to accelerate deal cycles
Marcus — Evaluator
Procurement / Security Analyst (buyer side)
  • Browses the public trust center without creating an account
  • Accepts invited dataroom access through invite-hash + OAuth identity
  • Downloads framework-mapped packages and curated diligence evidence
Journey Map
1
Raj discovers & scans
Enters a company URL → AI extracts brand, detects security signals, maps findings to SCF controls. Value is visible before signup.
URL scan Brand extraction Signup & billing
2
Raj builds & publishes
Selects a vertical template, reviews seeded SCF controls, badge suggestions, and AI-generated requirements, uploads evidence documents, and publishes the trust center — staged from preview to live.
Controls + badges Evidence + requirements Staged publishing
3
Raj operates & retains value
Monitors trust-center health scores, receives expiration and drift alerts, reviews visitor analytics, and generates quarterly value reports that justify renewal.
Health score Alerts & notifications Value reports
4
Sarah proves champion workflow
Creates scoped share links for prospects, tracks document views and time spent, and uses engagement analytics to shorten the security-review stage of the sales cycle.
Share links View tracking Deal acceleration
5
Marcus evaluates without friction
Browses the public trust center with no login, maps controls and requirements to their own framework, accepts invited dataroom access through OAuth when diligence goes private, and downloads compliance packages — replacing weeks of email questionnaires.
No-login browsing Invited dataroom Compliance packages
This journey map drives the entire walkthrough. Each section below follows a persona through their complete arc, demonstrating how the product requirements translate into real screens and flows.
PRD Coverage

Ordered App Walkthrough by Major User Journey

This deck follows the structure of the UX directions deck, but reorganizes the product as a guided walk through the current PRD. The tabs are ordered by the major journeys in the PRD: Raj creates and runs the trust center, Sarah proves champion adoption, Marcus evaluates across public trust plus invited dataroom access, the expiration edge case proves the living maintenance loop, and platform operations show how INeedTrust scales.

Coverage intent: account + billing, onboarding, seeded SCF reference data, badges, requirements, documents, staged publishing, public trust, invited dataroom access, DocuSeal NDA flow, privacy requests, notifications, analytics, platform ops, and future-ready AskMe/collaboration all appear in the flow below.
1. Raj discovers and scans
2. Raj builds and publishes
3. Raj operates and retains value
4. Sarah proves champion workflow
5. Marcus evaluates without email ping-pong
6. Expiration edge case proves maintenance
7. Platform admin proves scale
Functional Requirements
101
Across 11 epics and 44 NFRs
Journey Sections
7
Ordered into buildable app flows
Stories Completed
8
Epic 1 plus Story 2.1 shipped
Cross-Cutting Themes
AI / Trust / Diligence
Shown from admin, visitor, dataroom, and platform viewpoints
Publisher Arc
  • Signup, billing, onboarding, and custom domain setup
  • SCF controls, badge suggestions, requirements seeding, and evidence mapping
  • Publishing, analytics, dataroom access controls, alerts, value reports, and share links
Evaluator Arc
  • No-login browsing with framework + requirement mapping and honesty about gaps
  • Tiered document access, invited dataroom, DocuSeal NDA, compliance packages
  • Privacy request entry point and evidence-backed decision making
Platform Arc
  • Tenant health, AI costs, cache effectiveness, dataroom auditability, and conversions
  • Integrity controls such as footer suppression and incident workflow
  • Architecture-ready paths: AskMe, collaboration, requirements layer, integrations
Journey 1 - Raj

Start With a URL, Show Value Before Setup

Raj's first experience is designed to collapse the time-to-value curve: enter a URL, see brand extraction, watch the scan progress, then move into auth and plan selection only after the product has already produced visible output.

PRD coverage: FR1-FR3, FR8-FR10, FR58, FR62. This section anchors the acquisition-to-first-value moment.
Your trust center starts with a URL
We scan your website, detect brand assets, find public security signals, and generate a professional starting point before you create an account.
https://acmecloud.io
Best-effort extraction with manual fallback if the logo, colors, or company name are incomplete.
Brand detection
Logo, colors, company name, and summary text discovered from public pages.
Security signal scan
SSL, headers, public policies, and linked trust signals mapped to controls.
Coming Soon path
A branded placeholder can go live in minutes even before the full trust center is ready.
Live Scan Findings
Done
TLS 1.3 + HSTS detected
Potential controls: encryption in transit, secure transport, certificate management
Done
Privacy policy found at /privacy-policy
Potential documents: privacy policy, DPA references, GDPR signal
In Progress
Mapping to SOC 2 / ISO 27001 / NIST CSF
The output is building before Raj has to configure anything.
Conversion pattern: auth and billing happen after visible value. This keeps the first experience product-led, not form-led.
Journey 1 - Raj

Build the Trust Center: Template, Controls, Documents, Publish

After the scan, Raj confirms brand assets, selects a vertical template, reviews the seeded control library, badge suggestions, and AI-generated requirements, uploads evidence, and moves through staged publishing. The admin experience is intentionally AI-forward, but never AI-autonomous.

PRD coverage: FR4-FR29, FR44-FR47, FR53-FR54, FR57-FR59, FR83-FR85, FR94-FR101. This is the core product build loop plus the seeded reference-data moat.
Workspace
Dashboard
Trust Center Preview
Controls
📄 Documents
👥 Evaluations
💳 Billing
Settings
R Raj

Trust Center Setup

Fintech template selected - 34 active controls - 12 documents - 5 badges suggested - 22 requirements seeded - Preview state
Brand confirmed
Template selected
Controls reviewed
Documents uploaded
Evidence gaps remaining
Health Score
88
Based on completeness, freshness, evidence depth
Controls
34 / 40
Backed by 1,451 seeded SCF controls
Documents
12
4 public, 5 email, 3 NDA / dataroom
AI Credits
74%
Visible usage meter for the tenant
Since Yesterday AI proposals
  • Update "Encryption in transit" to mention TLS 1.3 enforcement
  • Suggest SOC 2 Type II and ISO 27001 badges from current evidence set
  • Generate 6 requirement drafts mapped to existing controls and missing evidence
Pattern: AI proposes, human reviews, nothing goes public without acceptance.
Publisher Controls
  • Template-backed SCF library seeded from 1,451 controls, 261 authoritative docs, and ~60,500 mappings
  • Evidence links, verification dates, badge eligibility, and framework / requirement mappings
  • Document classification overrides, duplicate flags, version detection, and access-tier controls
Controls
Documents
Requirements
Change Summary
Item
Status
Frameworks
Evidence
Action
Data Encryption at Rest
AI-personalized to mention AWS RDS + KMS, linked to requirement set
Verified
SOC 2 / ISO 27001
3 links
Review
Penetration Test Report 2025
Detected as new version candidate with stale prior copy archived and dataroom tier suggested
NDA
5 controls
Fresh
Ready
Vulnerability Management
Relevant template control still missing evidence and two mapped requirements remain uncovered
Gap
SOC 2 / ISO 27001
None
Verify
Journey 1 - Raj

Operate the Trust Center: Dashboard, Evaluations, Weekly Value

The product proves value after launch through activity visibility, time-saved framing, active evaluator signals, proactive alerts, and shareable links that sales can actually use. This is where retention is earned.

PRD coverage: FR30-FR33, FR48-FR54, FR60-FR63, FR70. The app becomes a living security operations surface, not just a published page.
Dashboard
Trust Center Live
👥 Evaluations
🔔 Notifications 3
Settings
R Raj

Good morning, Raj

You answered zero questionnaires this month. The trust center handled the rest.
Weekly Value Report
Visitors
47
Document Downloads
3
Avg. Evaluation Time
22 min
Estimated Time Saved
9 hours
Active Evaluations FR49 / FR52
  • Marcus from fintech.co viewed 12 controls and downloaded SOC 2
  • James from healthtech.com is waiting on NDA access to the pen test
  • Sales-share link for Acme prospect is still active and attributable
Needs Attention FR30 / FR31 / FR32
  • SOC 2 expires in 75 days - reminder snooze available
  • One evidence link validation failed and needs reconnection
  • Document recommendation panel suggests DPA appendix and access-control policy
Retention mechanic: weekly value reports, health score trends, and proactive alerts make the product feel alive even when Raj is not actively editing the trust center.
Journey 2 - Sarah

Champion Workflow: Bulk Triage, Team Setup, Multi-Channel Notifications

Sarah proves the champion path: bulk document upload, one-click correction, preview publishing, team permissions, subprocessor management, and notification policies that keep the system useful beyond a single founder workflow.

PRD coverage: FR4, FR11, FR22-FR29, FR44-FR45, FR51, FR57, notification architecture refinement, sender identity, and customer-owned transport readiness.
Dashboard
📄 Documents
👥 Team
Settings
S Sarah

Champion Setup

67 files uploaded - 23 security relevant - 8 duplicates/outdated - 4 drafts flagged
Bulk Triage
Team
Subprocessors
Notifications
Bulk AI Review
  • 19 of 23 classifications accepted as correct
  • 4 one-click corrections applied by Sarah
  • Duplicates and drafts are separated from publishable evidence
Notification Policies
  • Event -> policy -> renderer -> transport -> delivery record model
  • Email first, but channel-ready for Slack, Teams, and webhooks
  • Sender modes: platform, tenant domain, customer-owned transport
File
Classification
Access Tier
Issue
Action
SOC2_Audit_2026.pdf
Mapped to evidence package and 8 controls
Compliance evidence
Email-gated
Accepted
Keep
PenTest_Final.pdf
Suggested as security assessment
Security assessment
NDA
Accepted
Keep
Policy_REVIEW.docx
Detected draft marker in filename
Governance doc
Hidden
Draft
Remove
Subprocessor Register
Feature-backed for public list + subscriber updates
Custom content
Public
New
Publish
Champion story takeaway: this is not just a founder tool. Team permissions, notification policies, and structured bulk triage make it credible for a growing security/compliance team.
Journey 3 - Marcus

Browse Without Login: Honest Coverage, Framework Mapping, Evidence Depth

Marcus should be able to understand the vendor's security posture without creating an account, without emailing anyone, and without guessing whether the information is current. The visitor experience is evidence-first and friction-aware, now extended with badges and requirement coverage signals before private diligence begins.

PRD coverage: FR34-FR37, FR40-FR43, FR83-FR85, FR94-FR101, AC6, NFR performance/accessibility targets. This is the core public trust-center experience.
Acme Cloud
Security Trust Center
Updated 8 days ago Current
Security and Compliance Overview
Evidence-backed trust information designed to help evaluators map posture quickly. 34 of 40 SOC 2-relevant controls addressed, badges validated, and requirement coverage disclosed with 6 gaps shown clearly.
Acme Cloud
Security Trust Center - Vendor Evaluation Portal
Cloud infrastructure provider serving enterprise customers across financial services, healthcare, and technology. This trust center is maintained as a living evaluation surface, not a static marketing page.
SOC 2 Type II
ISO 27001
HIPAA renewal in progress
34 / 40
Mapped Controls
Framework selector lets Marcus filter to SOC 2, ISO 27001, or NIST CSF. Requirement rollups and gaps are visible instead of hidden.
12
Evidence Documents
Tiered access makes the evidence package practical: public, email-gated, and NDA-gated where appropriate.
142 days
Continuously Current
Freshness is explicit. Marcus does not have to infer whether this content is stale.
ZIP
Compliance Package
All relevant public evidence, badge context, and requirement mappings can be exported as a curated package for internal review.
Journey 3 - Marcus

Accept Invite, Enter the Dataroom, and Submit a Privacy Request

Once Marcus goes deeper, the trust center becomes an interaction hub. Invite-hash acceptance, OAuth identity linking, visitor-group grants, DocuSeal NDA gating, contact flows, and privacy requests all happen in-product rather than through email chaos.

PRD coverage: FR38-FR39, FR41-FR43, FR69, FR72, FR86-FR93. This section also reflects the architecture decision that the user-facing label should be "Privacy Request," even though the route remains /dsar.
Invited Dataroom Workflow
Invite + OAuth
Single-use invite hash proves email ownership, then OAuth creates a persistent visitor identity and 60-minute session for future diligence activity.
DocuSeal NDA
Pluggable signing provider gates access in production with DocuSeal, supports sign-in or on-document-access modes, and records completion once per tenant.
Dataroom Controls
Visitor Groups
Marcus inherits access from a named visitor group. Grant matrix defines which folders, packages, and files are visible.
Audit + Revocation
Owners can expire, revoke, or change access instantly. Every view and download is logged with actor, IP, and file context.
Privacy Request Entry Point
Visitors who provided email for gated access can request access to, correction of, or deletion of their personal data through a self-service privacy request flow linked from the trust center notice.
Access my data
Correct my data
Delete my data
Marcus Session
Invite Accepted
Single-use link redeemed - Google OAuth linked - visitor group: Fintech Diligence
Granted
Penetration Test Report
DocuSeal NDA complete - competitor check passed - grant matrix allows read-only download
Pending
Compliance package exported
SOC 2 package with requirement mapping, badge context, and access audit attached
New
Security guardrails
  • Default 10-document rate limit and 60-minute visitor session window
  • Visible watermarking on NDA PDF downloads
  • All access events logged with accessor identity, IP, and grant source
Journey 4 - Edge Case

Expiration Edge Case: The Product Proves It Is Living

The maintenance loop is part of the product's moat. When Raj forgets about the trust center, the system notices expiring evidence, degrades the health score, escalates alerts, shows which evaluators are active, and makes renewal visibly impactful.

PRD coverage: FR30-FR33, FR50-FR52, FR61, FR71. This is where the trust center stops being a static website and becomes an operating system for credibility.
Alerts
📄 Documents
👥 Evaluations
🔔 Notifications
R Raj

SOC 2 Renewal Alert

Health score dropped from 88 to 71 after an expiration risk window opened.
Current Health
71
Down because critical evidence is nearing expiration
Days to Expiration
30
Escalation threshold reached
Active Evaluators Impacted
2
Including a major ARR opportunity
Escalation Timeline
  • 75 days: early reminder appears in weekly value report
  • 30 days: urgency increases, health score declines visibly
  • 15 days: renewal upload flow highlights affected controls and evaluators
After Renewal Upload
  • New version detected automatically against the old report
  • 3 new controls and 2 modified controls proposed for review
  • Old version archived and evidence links updated across the trust center
Integrity mechanic: the system can also suppress the public "Powered by INeedTrust" footer on low-quality trust centers, protecting the brand and discouraging misleading pages.
Journey 5 - Platform Admin

Platform Operations at Scale

The platform arc shows whether INeedTrust can operate itself with a tiny ops footprint. Tenant health, AI cost monitoring, cache effectiveness, conversion funnels, and incident readiness all have to be visible in one operating view.

PRD coverage: FR64-FR68, FR71, AC1-AC4. This is the product-level confidence dashboard for the team running INeedTrust itself.

Platform Admin

73 paid tenants - 240 Coming Soon pages - one-person operations team
Healthy Paid Tenants
89%
65 of 73 above health threshold
Total AI Costs
$1,847
$25.30 average per paid tenant
Cache Effectiveness
62%
Up from 41% last month
Uptime
99.97%
Trust centers remain public even if admin has issues
Growth Funnel
  • Coming Soon -> Trial: 12 upgrades (5%)
  • Trial -> Paid: 3 upgrades (25%)
  • Footer-based discovery and dogfooding remain measurable
Integrity Alerts
  • Broken evidence links trigger tenant alerts automatically
  • Low-quality misleading trust centers lose the attribution footer
  • Incident workflow is documented and breach notifications are traceable
What Ops Should Feel Like
  • 45-minute weekly review, not a full-time operations burden
  • Outlier AI usage is explainable and attributable
  • Cache, conversion, and health metrics show whether the system improves itself
Architecture-Ready

Future-Ready Surface Area Without Polluting MVP

The PRD and architecture both call out important capability paths that should stay visible in the walkthrough even if they are not part of the MVP build order: AskMe visitor Q&A, collaboration, AI Governance activation, customer-owned delivery, the requirements layer, and multi-brand expansion.

This section keeps future capability legible without pretending it is all launch scope. It also reflects the accepted Y.js collaboration guidance plus the new requirements-layer and AskMe architecture readiness.
AskMe Visitor Q&A
  • Phase 1.1 feature path for evaluator Q&A grounded in trust center routes and evidence links
  • Answers cite controls, requirements, and dataroom-safe documents instead of freeform claims
  • Question patterns can seed FAQ generation and future buyer workflow automation
Requirements Layer
  • AI-generated requirements become a first-class atomic work unit mapped many-to-many to controls
  • Tenant seeding, licensing metadata, and confidence scores stay visible for human review
  • Coverage rolls up requirements to controls to frameworks for both admins and evaluators
Collaboration + Delivery
  • Y.js stays a targeted subsystem for concurrent draft editing, not a platform-wide dependency
  • Notifications are multi-channel by architecture, email first in implementation
  • Sender identity supports platform, tenant domain, and customer-owned transport
Use this section as the boundary marker in planning conversations: architecture-ready items should stay visible in the narrative, but should not silently turn into MVP commitments.