# Provider Vetting Runbook > Spec: `docs/plans/2026-05-10-commercialization-transition-plan.md` > Phases 4.3 + 4.4. Linked from `/providers`. WhereNext does not run a provider marketplace. Every provider intro goes through a manual route: the founder picks one vetted partner per category-and-corridor and emails the introduction with a referral disclosure. This runbook is the standard a partner has to clear before that intro can happen. ## Hard rule (Phase 4.3 deferral) > **Do not ship a public provider directory before the first 5 > partners are signed and vetted.** Until then, partners live in a private spreadsheet / Notion / Supabase notes — not in a `provider_profiles` table. The reasoning is in the plan's Phase 4.3: - Building a directory before the supply side is real creates the illusion of a marketplace and invites complaints WhereNext cannot yet act on. - A spreadsheet is faster to update during the recruiting phase. The deferred migration that creates the table when needed is sketched at the bottom of the plan. ## Vetting checklist A partner is *eligible for an intro* only after every applicable item is true. Document the answers in the operator's spreadsheet; archive the document in the founder's vault for at least 3 years (referral- disclosure compliance). ### 1. Jurisdictional authority - [ ] Holds the relevant licence / professional registration where applicable (tax: CPA / EA / chartered tax advisor; immigration: bar membership in the destination jurisdiction; school consulting: industry association membership where one exists; property: licensed local agency). - [ ] Licence number captured and verifiable on the regulator's public roster. ### 2. Public business identity - [ ] Working website (TLS, not parked, post-2024 footer). - [ ] Named human contact (first name + last name + title). - [ ] Public business address OR a clear "remote-only with the following entity registration" statement. - [ ] No anonymous "contact form only" partners. Email + phone or email + WhatsApp minimum. ### 3. Pricing model - [ ] Pricing transparent (hourly, project, contingency, retainer) OR documented as "first conversation free, scoped quote after". No bait-and-switch. - [ ] No surprise upsells inside the first paid engagement. ### 4. Response SLA - [ ] Written commitment to a first-contact SLA (e.g. "first reply within 2 business days"). - [ ] Documented escalation path if the partner is on holiday / bandwidth-constrained. ### 5. Referral disclosure - [ ] Partner agrees in writing that the WhereNext intro carries a verbatim referral-fee disclosure in the intro email and that the partner will not pressure the user to use a different route. - [ ] WhereNext fee model agreed in writing (per-qualified-lead, per-intro, revenue share, affiliate CPA, or none — the `partner_intros.commission_model` column). ### 6. No outcome guarantees - [ ] Partner does NOT promise visa approval, school admission, property appreciation, or tax-bill reduction. Soft language ("we'll improve your odds of …") is fine; "guaranteed" is a hard fail. ### 7. No high-pressure scripts - [ ] No "sign within 48 hours" sales scripts. - [ ] No deposits demanded before a written engagement letter. ### 8. Document handling - [ ] Partner does NOT request passports, tax returns, or sensitive family documents before a direct client agreement (signed by the user, not by WhereNext on their behalf). - [ ] Partner uses encrypted file transfer (no plain email). - [ ] Partner has a documented data-retention period. ### 9. Conflict-of-interest disclosure - [ ] Partner discloses any platforms / brokers they're paid to route clients to (so we can decide whether the WhereNext intro creates an upstream-downstream conflict). ### 10. Track record - [ ] At least one verifiable reference OR a public review history (Google, Trustpilot, jurisdictional review board) that isn't gamed. - [ ] No active complaints from regulator / bar / school association. ### 11. Removal policy The partner agrees in writing that WhereNext can pause routing on: - Any user complaint deemed material by the founder (single complaint → pause + investigate). - Two missed SLAs in a quarter. - Any regulator action against the partner. - Repeated failure to disclose the referral relationship in writing to the user during the engagement. Pausing routing is reversible after a written remediation. Removal is permanent. ## Review cadence - New partner: full vetting + 30-day probation. The first 3 leads carry a "probation: review at 30 days" tag in `partner_intros.operator_notes`. - Active partner: re-vetting every 12 months OR on any material change (regulator action, change of ownership, change of jurisdiction). - All operator notes stay in `partner_intros.operator_notes` so triage decisions are auditable per Phase 4.3 acceptance criteria. ## Linkage - The `/providers` page links to this runbook so users can see the bar a partner has cleared. - The intro email cites the referral disclosure and links to `/providers` for the policy. - `partner_intros.commission_model` and `partner_intros.qualified_status` are the canonical attribution fields (added in migration `20260510000004_partner_intros_ops_fields.sql`). ## Quick reference for triage | Lead state | Action | |---|---| | `unreviewed` | Founder reads the lead, picks a partner, sends intro within 2 business days. Set `qualified_status` + `assigned_partner_id` + `matched_at`. | | `qualified` | Lead met the eligibility bar but is awaiting a partner. Re-check inventory daily. | | `disqualified` | Set `disqualified_reason` (out-of-corridor, missing destination, duplicate, bot). Email user with a soft "we don't yet cover this corridor" reply. | | `matched` | Partner has been emailed. Set `partner_responded_at` when partner replies; `user_responded_at` when user does. | | `won` | Partner confirms paid engagement. Set `lead_value_usd` and `closed_at`. Move case to next-quarter aging report. | | `lost` | Set `closed_at` + free-form `operator_notes` with the loss reason. Do not delete — used in the kill-rule analysis. | ## Public claim discipline (`/providers` page) Until at least 5 partners are signed: - The page reads "we're recruiting vetted partners against the standard documented at /docs/operations/provider-vetting-runbook.md". - It does NOT list partner names, logos, or "as featured in" claims. - It does NOT say "we have N vetted partners" with a number we cannot back up. Once 5+ partners are signed AND vetted: - The page may show categories and approximate corridor coverage ("US → PT, US → ES, US → UAE — tax, visa, school, property"). - Individual partner names remain hidden until a directory is built (gated by Phase 4.3 — operator decision, not in this tranche).