LET'S TALK
← All work
GDPR Art 5(1)(c)GDPR Art 6(1)(f)NIST SP 800-122 PIICrisis-Response LadderDeep Prototype

NPSGovern — Customer-Feedback Governance + PII Redaction

28 customer responses across NPS, CSAT, exit surveys, in-app comments. PII-scan + redaction (email, phone, SSN, name, address, DOB, account number). Per-response action: share-ok / share-redacted / cannot-share / crisis-escalate. Lawful basis tagged, retention enforced, employee-name vs third-party-name distinction surfaced.

NPSGovern — Customer-Feedback Governance + PII Redaction preview
Open live →

What it is

The shape behind the customer-team workflow nobody documents — “can I quote this NPS comment in the board deck?” Most teams either over-share (and leak PII) or under-share (and lose the signal). NPSGovern prototypes the gate that lets the customer team share quotes safely.

What’s in it

  • 28 responses across NPS, CSAT, exit-survey, in-app — covering the realistic shape of customer voice.
  • 4 governance actions per response:
    • share-ok — no PII detected, safe to quote verbatim
    • share-redacted — PII detected, redact for external sharing, raw stays internal with audit-log
    • cannot-share — sensitive PII (SSN, account number) — never share verbatim
    • crisis-escalate — distress signal — customer-success call within 2 hours + crisis-line numbers + sensitive-handling flag (Genesis-SME pattern)
  • PII categories scanned per response — email, phone, name, address, SSN, DOB, account number — each flagged with the visible redacted view side-by-side.
  • Edge cases seeded:
    • NPS-007 — customer volunteered SSN. Immediate-redact, vault, restricted-access. Cross-references PIIScout C004.
    • NPS-013 — crisis-language present. Ladder to crisis-response, not marketing.
    • NPS-018 — DSAR-overdue complaint. Cross-references IncidentLog INC-05103 + RtbfFlow DSAR-09167.
    • NPS-023 — cookie-banner ICO threat. Cross-references CookieConsent P03.
    • NPS-026 — full address volunteered. Cross-references PIIScout C011.
    • NPS-021 + others — third-party name (CFO of customer org) different from employee name (Aisha on support team). Both redacted for external; internal-shoutout OK for the employee.
  • NPS score computed live — promoters (9-10) minus detractors (0-6) over total responses.

Why this shape

Customer-voice teams ship verbatim quotes to board decks, marketing, sales. The gap: nobody runs a PII scan first. The risk: an SSN, phone, address ends up on a slide deck, in a tweet, in a customer-story video. NPSGovern is the redaction-and-action gate that prevents it, with lawful-basis tagging + retention rules + a crisis-response ladder for the response that needs more than a marketing decision.

How it ships

Single HTML file, ~20KB. Zero dependencies. 28 responses × 4 actions × per-PII-category redaction renderer + crisis-ladder in 200 lines of vanilla JavaScript.

Open the tool →