BY TRADE
HVAC ↗Heating, cooling, emergency repair, tuneups, replacement.Plumbing ↗Leaks, drains, water heaters, urgent calls, repipes.Electrical ↗Panels, lighting, EV chargers, troubleshooting, inspections.Roofing ↗Replacements, repairs, storm response, inspections, gutters.Landscaping ↗Design, hardscape, lawn care, irrigation, seasonal upkeep.
WHAT EACH TRADE PAGE SHIPS WITH
Service-area pages
Editable city pages and areaServed structure for local searches.
Trust proof checks
Prompts for reviews, licenses, guarantees, and contact-path clarity.
Local SEO basics
Schema, sitemap, llms.txt, metadata, and GBP-ready fields.
AI answer readiness
Question-shaped headings AI assistants can quote.
Trust
Trust and Compliance
RampScape's current trust posture for privacy, AI output validation, generated-site consent, and customer data boundaries.
Last reviewed May 8, 2026
Security Boundary
- Authenticated app routes use Supabase Auth and server-side checks before owner data is loaded or updated.
- Service-role Supabase access is reserved for server-only routes that need controlled writes, integrations, or lead capture.
- Public generated sites expose only published site configuration and public business content.
AI Output Controls
- Site generation starts from a deterministic scaffold and validates section order, selected services, banned placeholder copy, proof claims, reviews, and image provenance before publishing.
- AI output is cached in the database or dev store. Page views do not regenerate public content.
- Repair retries are limited so validation failures do not silently loop into a different public site.
Compliance Assumptions
- Site configuration, generated copy, uploaded project images, leads, growth events, and integration tokens are treated as customer-controlled business data.
- Lead records and growth events are retained so owners can respond to requests and understand site performance; deletion and export are handled through authenticated account support until self-serve tools ship.
- OAuth tokens for Google integrations are scoped to the connected account, encrypted before storage, and used only for the owner-requested Search Console, GA4, or Business Profile workflow.
- Supabase row-level security remains the database boundary for customer data; service-role access stays server-only for controlled write paths, background sync, and exports.
- AI generation should not train on private customer data unless a future provider agreement and product control explicitly allow it.
Owner Review Required
RampScape can reduce common content risk, but each business remains responsible for final review of licensing, insurance, prices, review permissions, photo rights, advertising claims, and local legal obligations.