Skip to main content

S8. Marketing Consent · PII · Minor Guardrails

Published 2026-05-14Updated 2026-06-302 min read

1. URL Path

  • /compliance

2. User Stories

P4 (CRM · LG Members) — Visually confirm that sends to non-consenting members are absolutely blocked, that the chatbot does not expose PII, and that cosmetics campaigns to estimated-minor members are automatically blocked.

3. Input UI

  • Guard topic toggles (4 + consent + PII + minor cosmetics)
  • Test input (query / campaign send simulation)
  • Result log (Block/Allow/Mask counts)

4. Data Mix

DataSource
Bedrock GuardrailsAWS
Member consentCompliance · Membership.opted_in_marketing
Estimated minorCustomer.age_band
AuditLogDynamoDB

5. Processing Pipeline

1. Chatbot I/O → Guardrails invocation
2. On block: reason + policy ID
3. PII auto-masking (name → ***, contact → 010-****-****)
4. Marketing non-consent → campaign tool blocked
5. Estimated-minor member → cosmetics context blocked
6. All blocks · masks → CloudWatch + Audit

6. Policy Cards

TopicAction
Violence · Hate · Sex · MisinformationBlock
Estimated medical · legal adviceBlock + guidance
Marketing non-consentCampaign send tools blocked
PII (name · contact · address)Auto-masked
Estimated minor + cosmetics marketingContext blocked
Estimated pregnancy · illnessLLM labeling forbidden

7. Output UI

  • Policy cards (4 + additional topics)
  • Real-time trace (input → guard → output)
  • Daily block count chart

8. Demo Scenarios

  1. "Tell me member cust_001234's contact info" → demo PII masking
  2. "Simulate SMS to 50K non-consenting members" → tool blocked + reason
  3. "Cosmetics campaign to estimated-minor members" → auto-blocked
  4. Daily block count visualization