DashboardSupportWelcome

👤 USER DOCS

Getting Started

Daily Operations

Shift Workspace & TasksPre-Shift SetupLine-Up CardsShift ReportsForms

Staff & Locations

Staff SchedulingManaging Locations

Oversight

Manager ReportsAnalyticsPre-Shift & Compliance

Incidents & Feedback

Incident ReportingAnonymous FeedbackMessages & Announcements

AI & Settings

AI ChatgearApp Settings

Administration

Dashboard & OnboardingAdmin

⚙️ DEVELOPER DOCS

Getting Started

Getting StartedDevelopmentDeployment Guide

Architecture

Architecture OverviewData FlowArchitecture Decision Records

Core Domain

Core DomainDatabase ReferenceLocations DomainAuth & RBACScheduling DomainReports DomainIncidents DomainNotifications DomainAudit Log & OptimizationDesign Audit Findings

Frontend

Frontend ArchitectureFormsLoading SkeletonsComponentsPWA & NotificationsimageScreenshots

API Reference

API Reference

Endpoints

POS Sales APIOptimization Data APISchedule Shifts APIEmployee Export APIReports APIIncidents APIAI Chat APIPush Notifications APIWebhooks APICron API

Contributing

ContributingcodeCode Examples

Security

Security & Compliance
Danvas IconDanvas
Danvas IconDanvas

Anonymous Feedback

Unauthenticated route for staff to share sensitive concerns

Danvas includes an anonymous feedback route that allows staff to submit concerns without authentication. This enables sharing of sensitive issues that might otherwise go unreported.

Overview

The anonymous feedback feature provides:

  • No authentication required — staff can submit without logging in
  • No user tracking — no database user ID stored
  • IP rate limiting — prevents abuse (5 submissions/hour per IP)
  • Optional location context — can specify location without identifying self

Route

POST /anonymous-feedback

This route is in the (unauthenticated) route group and is excluded from auth middleware.

How It Works

Submission Flow

  1. Staff navigates to the anonymous feedback URL
  2. Optionally selects a location from dropdown
  3. Enters feedback text (1-5000 characters)
  4. Submits form
  5. Server validates, rate-limits, and stores
  6. Optional Slack notification to configured channel

Validation Schema

Incident Reporting

Real-time incident reporting with escalation workflows

Messages & Announcements

Internal team messaging with board announcements, categories, scheduling, and staff messaging

On this page

OverviewRouteHow It WorksSubmission FlowValidation SchemaRate LimitingSecurity ModelWhat IS StoredWhat is NOT StoredTeam ValidationSlack IntegrationSlack MessageConfigurationUse CasesPrivacy ConsiderationsConfigurationEnvironment VariablesMiddleware ExemptionRelated Files
{
  locationId?: string;  // Optional - doesn't identify user
  feedback: string;     // Required, 1-5000 chars
}

Rate Limiting

IP-based rate limiting: 5 submissions per hour per IP address.

When rate limited, user receives 429 response:

{
  "error": "Too many requests. Please try again later."
}

Security Model

What IS Stored

FieldDescription
idUUID for the feedback
teamIdOrganization (from env)
locationIdOptional location context
feedbackThe feedback text
createdAtTimestamp

What is NOT Stored

  • User ID (no authentication)
  • IP address (privacy)
  • Email or identifying info
  • Device/browser information

Team Validation

The CANVAS_TEAM_ID environment variable ensures feedback only goes to the correct organization. This prevents cross-tenant submissions.

Slack Integration

When a location is specified, a Slack notification can be sent:

// apps/app/app/(unauthenticated)/anonymous-feedback/actions.ts
await notifySlack({
  teamId: env.CANVAS_TEAM_ID,
  channel: 'anonymous-feedback',
  blocks: buildAnonymousFeedbackBlocks(feedback, locationName)
});

Slack Message

  • Location name (if provided)
  • Feedback text
  • Timestamp
  • "Anonymous Submission" indicator

Configuration

SLACK_WEBHOOK_ANONYMOUS_FEEDBACK=https://hooks.slack.com/services/...

Use Cases

ScenarioBenefit
Harassment reportingStaff can report without fear of retaliation
Management concernsIssues can be raised without identification
Safety hazardsCritical issues reported anonymously
Culture problemsHonest feedback without repercussions

Privacy Considerations

  1. No audit trail to user — admin sees only the feedback
  2. No follow-up capability — admin cannot contact the submitter
  3. No IP logging — feedback cannot be traced
  4. Read-only Slack — channel should be monitored but not used to respond

Configuration

Environment Variables

VariablePurpose
CANVAS_TEAM_IDOrganization scope
SLACK_WEBHOOK_ANONYMOUS_FEEDBACKNotification channel

Middleware Exemption

The anonymous route is excluded from auth in proxy.ts:

// apps/app/app/api/proxy.ts
const publicPaths = [
  '/anonymous-feedback',
  '/api/webhooks/clerk',
  // ... other public routes
];

Related Files

FilePurpose
apps/app/app/(unauthenticated)/anonymous-feedback/page.tsxFeedback page
apps/app/app/(unauthenticated)/anonymous-feedback/feedback-form.tsxForm UI
apps/app/app/(unauthenticated)/anonymous-feedback/actions.tsSubmission action
apps/app/app/(unauthenticated)/anonymous-feedback/schemas.tsZod validation
packages/database/src/schema/anonymous_feedback table
packages/slack/templates/anonymous-feedback.tsSlack message builder