Branding and white-label
The workspace is a regulated tool used by the principal firm’s own staff and by the AR-individuals who work with the firm. Both audiences expect the surface to carry the firm’s own identity, not the platform operator’s. This page sets out what the firm uploads, where it appears, and the constraints that keep the brand kit consistent with the workspace’s visual system.
Brand kit fields
Section titled “Brand kit fields”A principal-admin uploads the brand kit via firm settings. The fields:
| Field | Type | Constraint | Default if not set |
|---|---|---|---|
logo | SVG | Single-file SVG, currentColor fill, viewBox set, max 100KB | Operator’s neutral wordmark |
brandPrimaryHex | string | Six-digit hex, must pass WCAG AA against the slate-50 background (contrast ratio ≥ 4.5:1) | Operator’s neutral primary (slate-900) |
brandSecondaryHex | string | Six-digit hex, must pass WCAG AA | Amber #f59e0b (the family secondary accent) |
legalName | string | Max 200 chars | The tenant’s legalName from provisioning |
frnDisplay | string | Six or seven digits | The tenant’s FRN |
registeredOfficeShort | string | Single-line city + postcode, max 100 chars | The tenant’s registeredOffice.city, postcode |
complianceContactEmail | string | RFC 5322 email | The principal-admin who set up the tenant |
supportPhone | string | E.164 format | empty |
footerLine | string | Max 300 chars | ”Authorised and regulated by the Financial Conduct Authority. Firm Reference Number {FRN}.” |
The brand kit lives in the tenants.brand_kit JSONB column. The principal-admin can update any field at any time; the change propagates to all surfaces immediately and writes a tenant.brand-updated audit event.
SVG logo conventions
Section titled “SVG logo conventions”The logo is rendered using the workspace’s foreground colour token, so a single-colour SVG with fill="currentColor" adapts to the workspace’s theme (light, dark, and the brand-tinted variants). The firm’s marketing department typically has the right asset; the operator helps the firm produce one if their primary asset is a multi-colour PNG.
Constraints:
- One file. No multi-asset bundles.
- Single colour. Multi-colour logos that depend on specific shades will not adapt to the workspace’s background variations and look out of place on the dark theme.
- ViewBox set, no fixed
widthorheighton the root<svg>element. The workspace sets the size at the rendering site. - No external font references. Text in the logo must be converted to paths.
- Max 100KB after SVGO optimisation.
The operator runs SVGO over the upload and rejects files that exceed 100KB after optimisation. A typical compliant logo is 4 to 12KB.
Brand colour tokens
Section titled “Brand colour tokens”The workspace’s design system is built on slate (background, border, foreground) with two accent slots. The primary accent is the firm’s brandPrimaryHex. The secondary accent is brandSecondaryHex (amber by default, consistent with the wider Lending Agent product family).
The primary accent appears on:
- Active navigation states.
- Primary call-to-action buttons.
- Risk-band chips at the
elevated,high, andcriticallevels (the lower bands use slate variants). - Chart focus colours in the dashboard.
- Sign-off panel colour on the annual review packet.
The secondary accent appears on:
- Highlight states (a newly arrived breach in the triage queue).
- Annotation marks on charts (a band-shift event from a risk-weight change).
- Transitional states (a draft MI return in the AR’s home).
The contrast check runs at upload. A hex value that does not meet WCAG AA against the slate-50 background or against the slate-900 dark-mode background is rejected with the contrast ratio reported.
AR-facing surfaces
Section titled “AR-facing surfaces”The AR-individual who signs in to submit an MI return or file a breach sees the principal firm’s identity, not the operator’s:
- The sign-in page carries the firm’s logo and
legalName. - The header on every AR-user surface carries the logo and a “Working with {legalName}” string.
- The footer on every AR-user surface carries
footerLine(default: “Authorised and regulated by the Financial Conduct Authority. Firm Reference Number {FRN}.”). - Transactional emails sent to the AR-user (invitation, MFA enrolment, breach-deadline reminder) carry the firm’s logo,
legalName, andcomplianceContactEmailin the From-name and reply-to. - The platform operator’s branding appears only in the small “Powered by Lending Agent Oversight” line in the email footer, which is removable on the operator’s enterprise tier.
This is a regulated identity for the AR-individual. The AR is supervised by the principal firm; the workspace is a tool the firm uses; the AR-individual’s experience reflects that ordering.
Exported artefacts
Section titled “Exported artefacts”The brand kit propagates to PDF and JSON exports:
- Annual review packet PDF. Cover page with logo,
legalName, FRN, and the cycle year. Per-section headers in the brand primary. Sign-off panel with the director’s name, the date, and the verbatimsignOffNotesin the brand primary frame. - Quarterly board pack PDF. Cover page with the firm’s identity. KPI tiles in slate with primary-accent highlights. Risk-trajectory charts with primary as the focus colour.
- Audit log export JSON. Bundle metadata includes the firm’s
legalName, FRN, and the export timestamp. The events themselves are platform-format and not branded. - Subject access export PDF. Cover page with the subject’s name (or opaque token if tombstoned), the controller’s identity (the firm), and the response date.
The PDF exports use the firm’s logo at 24px height in headers and 96px height on cover pages. The colour palette is the firm’s primary plus slate; the operator’s colour does not appear.
Domain and DNS
Section titled “Domain and DNS”The default domain is <firm-slug>.oversight.<operator-domain>. A custom domain (e.g. compliance.{firm}.com) is configured by the firm’s IT team:
- The firm’s IT creates a CNAME record from the desired hostname to the operator-provided target.
- The firm’s principal-admin enters the hostname in firm settings.
- The operator provisions a TLS certificate via Let’s Encrypt (managed by Vercel) with auto-renewal.
- The custom domain becomes the canonical URL for the tenant; the default subdomain redirects.
A firm using a custom domain may also configure email-sender domains for transactional email; this is a Postmark-side setup the operator runs through with the firm’s IT.
Multi-tenant separation
Section titled “Multi-tenant separation”The brand kit is per-tenant. Cross-tenant brand bleed is impossible: a Crown GI Collective user signing in to the Heritage Mortgage Network tenant (which would require a separate user account on that tenant) sees Heritage’s brand. The Postgres RLS predicate on tenant_id ensures the brand kit JSON itself is read only within the tenant.
Demo skins
Section titled “Demo skins”The marketing demo at lending-agent-oversight.vercel.app ships three illustrative skins (Heritage Mortgage Network, Crown GI Collective, Pinpoint Credit Network), each demonstrating the brand kit’s range:
- Heritage uses an indigo primary on a slate background.
- Crown uses a forest emerald primary.
- Pinpoint uses a plum violet primary.
These are presentational, not real customers. They show how the workspace adapts to a principal firm’s identity without requiring the firm to sign up before evaluating the surface.
Operational notes
Section titled “Operational notes”Brand-kit changes are immediate. There is no draft / publish flow on the brand kit; the workspace assumes the firm’s principal-admin tests changes in a low-traffic window. A brand-kit change writes an audit event but does not affect any prior exported artefact (a board pack from last quarter retains its branding at the time of export).
For firms that want a more controlled rollout (a staged rebrand, for example), the operator can stage the change behind a feature flag for a small group of users; this is an operator-side configuration on request, not a self-serve flow in v1.