Skip to content
AnglinAI Docs

Legal & Policy Documentation System

User-facing legal/technical policy site at theaccessible.org/legal. Distinct from the internal/user docs at apps/web/docs. Source of truth is markdown in-repo; approval is a PR merge; prior versions remain accessible.

Locations

ThingPath
Contentapps/home/src/content/legal/<slug>/<version>.md
Loaderapps/home/src/lib/legal.ts
Routesapps/home/src/app/legal/
Review reminder scriptscripts/check-legal-reviews.mjs

URL structure

URLWhat
/legalIndex of all approved documents
/legal/<slug>Current approved version
/legal/<slug>/historyVersion list for one document
/legal/<slug>/v/<version>Specific version (with archived banner if not current)

Frontmatter schema

---
title: Privacy Policy          # displayed heading
slug: privacy                  # URL segment β€” must match folder name
version: "1.0"                 # dotted numeric; sorted numerically
status: draft                  # draft | approved | archived
publishedAt: "2026-04-21"      # ISO date or null
reviewBy: "2027-04-21"         # ISO date or null β€” drives review reminder
approvedBy: "Larry Anglin"     # string or null
supersedes: null               # prior version string, or null
summary: Short one-line description for the index and meta description.
---

Workflow

Creating a new document

  1. Pick a slug (kebab-case). Create apps/home/src/content/legal/<slug>/1.0.md.
  2. Fill in frontmatter with status: draft, publishedAt: null, reviewBy: null, approvedBy: null.
  3. Write the body in markdown.
  4. Open a PR. Drafts are visible in npm run dev and in any build where LEGAL_SHOW_DRAFTS=1 is set β€” they are not built into production.

Approving a document

  1. On the PR, change status: approved, set publishedAt to today, set reviewBy (typically 1 year out), and set approvedBy to the approver’s name.
  2. Merge the PR. The next deploy publishes the document.

Publishing a new version

  1. Create apps/home/src/content/legal/<slug>/<new-version>.md with the new content.
  2. Set supersedes to the previous version number.
  3. Mark the previous file’s status: archived in the same PR.
  4. Approve and merge.

The index page shows the highest-version approved file as current. The history page lists every version (current, archived, and β€” in admin builds β€” drafts).

Admin preview of drafts

Terminal window
cd apps/home
LEGAL_SHOW_DRAFTS=1 npm run dev
# or
LEGAL_SHOW_DRAFTS=1 npm run build

Review reminders

scripts/check-legal-reviews.mjs scans all approved documents and emails a summary to Larry when reviewBy is within 60 days or past due. Run nightly via cron:

0 8 * * * cd /path/to/accessible && node scripts/check-legal-reviews.mjs

The email is sent via ~/.claude/scripts/send-email.sh. Output when nothing needs attention is a single nothing to report log line.

Design decisions

  • Git = audit trail. Who approved what and when is captured by the merge commit + frontmatter. No separate approval database.
  • Static export. Pages are prerendered at build time; no runtime DB required.
  • Drafts are build-gated, not auth-gated. Draft markdown isn’t shipped to production at all. This avoids needing an auth layer on a static site. Admins preview via local dev or a preview branch build.
  • Archived versions stay live at /legal/<slug>/v/<version>/ with a visible β€œarchived” banner and robots: noindex so they don’t compete with the current version in search.
  • Trusted-content HTML rendering. Rendered HTML comes from marked(...) applied to markdown that is author-controlled and merged only via PR review. No user input reaches this renderer, so sanitization is not required. If the pipeline ever changes to accept untrusted input, add DOMPurify before rendering.

Initial document set (16)

Privacy Policy, Terms of Service, Accessibility Statement, AI & ML Disclosure, Subprocessors, Data Retention Policy, Security Overview, Cookie Policy, DSAR Procedure, Data Processing Addendum, Vulnerability Disclosure Policy, DMCA Copyright Policy, Refund & Cancellation Policy, Acceptable Use Policy, Service Level Agreement, Breach Notification Policy.

As of 2026-04-21 only the Accessibility Statement is approved; the remaining 15 are scaffolded as drafts awaiting content and legal review.