// PolicyDesk ships in the Atelier design system

The artifact IS the screen.

PolicyDesk’s actors, end-to-end workflow, and marquee artifact rendered in the Atelier template’s voice. Same data, template-native composition.

// THE CAST · 8 ACTORS · ACTING AS · CARLA MORENO

CM

Carla Moreno

Policy lead

2 in queue

you

TR

Tom Ruiz

Author

5 in queue

AS

Asha Sen

Legal reviewer

3 in queue

MD

Maya Devi

HR reviewer

2 in queue

JV

Jorge Vega

Approver

1 in queue

EM

Employees

Attester

OG

Olu Grant

Audit

1 in queue

// SIGNATURES · 3 OF 5

By the undersigned

Tom Ruiz

AUTHOR · TOM RUIZMay 04

Asha Sen

LEGAL · ASHA SENMay 10

Maya Devi

HR · MAYA DEVIMay 12

Jorge Vega

APPROVE · JORGE VEGAawaiting

Carla Moreno

PUBLISH · CARLA MORENO—

Sarah — your turn. Pedro releases when you sign.pending owner

// READY TO SHARE · 4 PAGES

The packet

POLICY DOCUMENT · APP 07

Acceptable Use

1,847 employees

01Scope · employees + contractors100%final02Permitted use · devices100%final03Prohibited use100%final04Personal use exceptions100%final05Reporting violations100%final

generated by ustack autobuild™page 1 of 4

signed · 3 of 5

POLICY AUTHORING + ATTESTATIONLIVE DEMO

PolicyDesk

Compliance teams write policies in docs, send them by email, chase attestations in spreadsheets, and pray the audit asks for last year's version — not the one being rewritten right now.

PolicyDesk centralizes AI-assisted authoring, multi-stage review, employee attestation, version history, and expiry reminders in one workflow.

7 roles · 4 workflow paths · 13 entities · 12 screens

// why this is hardSubstantive changes mean re-attestation, regulated policies need legal and security sign-off, and the audit will ask for evidence of every step.

Open the live demo ↗Sign in to build yours →// policydesk.ustack.ai

AI-assisted authoringMulti-stage reviewAttestation trackingSubstantive-change detectionAudit-evidence exports

// target buyer

·Compliance + HR + legal + security/IT
·SOC 2 / ISO / SOX-regulated companies
·Franchises + multi-state employers

// why this is a great uStack demo

AI-native document workflow with broad horizontal utility and clear compliance artifacts.

// actors

Roles with distinct permissions and access.

Actor	Role
Policy Author	Drafts and updates policies
Reviewer	Subject-matter or compliance review
Executive Approver	Final approval before publication
Employee	Reads + attests to assigned policies
Compliance Officer	Tracks attestation coverage + expirations
HR / People Ops	Assigns policies by role / location / hire date
Auditor	Read-only attestation evidence + version history

// core workflows

Happy. Exception. Approval. Reporting.

// 01 · happy path

Author drafts (with AI summary + change-impact suggestions) → routed through reviewers → exec approves → published → assigned employees attest → coverage tracked.

// 02 · exception path

Policy update changes substantive obligations → AI flags substantive vs. cosmetic change → re-attestation required → previously attested employees re-prompted.

// 03 · approval path

Restricted policy categories (data handling, financial) → require legal + security review before exec approval → rejected drafts return to author with comments.

// 04 · reporting path

Attestation coverage by policy, overdue attestations by team, policy expiry calendar, change frequency by policy area, audit evidence exports.

// surfaces

Screens and data model.

// screens · 12

·Policy library
·Policy detail (current + version history)
·Author / draft editor
·AI assist panel
·Review queue
·Approval queue
·Employee policy inbox
·Attestation flow
·Coverage dashboard
·Expiry calendar
·Reports
·Settings

// data model · 13 entities

PolicyPolicyVersionPolicyCategoryReviewStepReviewDecisionApprovalDecisionAudienceAssignmentRuleEmployeeAttestationExpiryRuleChangeImpactAuditEvent

// run-time

Automations and generated outputs.

// automations

→AI draft + summary on author request
→Substantive-change detection on update
→Re-attestation triggers
→Expiry reminders
→Escalation on overdue attestations
→Audit-evidence export on request

// generated outputs

⬇Published policy PDF
⬇Attestation report (per policy, employee, team)
⬇Audit-evidence packet
⬇Change history export
⬇Expiry calendar export

// deployment rationale

Why this app runs honestly with no integration sprawl.

// v1 demos without third-party services

Self-contained. AI = one LLM key. Resend for attestation reminders. No HRIS sync required for v1 — employees imported by CSV or invited.

// this isn't a mock

This exact app is live and clickable at policydesk.ustack.ai. Click around — same architecture described above.

// stack

Next.jsNeon PostgresPrismaAuthVercelAI-assistedRBACAudit trail

build your version of this

Same architecture. Your scope.

Sign in, write a paragraph that describes your version of PolicyDesk, and uStack ships a working app on your URL. Take the code, have us host it, or scope a custom build — same production methodology underneath.