Slack control center · Digital Einwilligung · Role-based access · Serial-number tracking · DSGVO-aware
Overview
I designed and built an automation system around the operational rollout of Matterport Pro3 scanning in Germany.
The project combined a digital consent workflow, a role-based Slack control center, DocuSign signature handling, SharePoint and Excel tracking, and serial-number based scan references.
The goal was to make Matterport Pro3 scanning operationally usable while keeping the process structured, traceable, and privacy-conscious.
Before a scan case could move forward, the system collected a digital Einwilligung from the customer. Each case received a unique internal serial number. Customer data remained internally mapped to that serial number, while the scan-side project reference could use the generated serial number instead of directly exposing customer identity. This created a consent-first and pseudonymized reference flow around the scan process. Under GDPR, pseudonymisation means that personal data can no longer be attributed to a specific person without additional information, provided that this additional information is kept separately and protected.
The challenge
Matterport Pro3 scanning creates strong operational value for 3D documentation, damage documentation, planning, reporting, and digital room documentation. Matterport's Pro3 is a professional 3D capture device with a capture speed listed at under 20 seconds per scan in Matterport's own technical specifications.
At the same time, 3D scan workflows can involve visual data, object addresses, metadata, scan parameters, cloud processing, and third-country data transfer considerations. The Einwilligung document for this process explicitly covers 3D/360° image data, point-cloud data, texture information, object address, metadata, Matterport processing, retention periods, data subject rights, and withdrawal options.
The challenge was to create a practical internal workflow that allowed the team to collect consent before scan processing, track each scan case, store signed documentation, and coordinate the work from Slack without exposing unnecessary customer identity data in the scan-side project reference.
What I did
I designed and built the automation layer for the Matterport Pro3 rollout and the BauScope 3D Control Center.
My work included designing the consent-first workflow, building the Slack App Home interface, implementing role-based access, generating serial-number based scan references, connecting DocuSign for digital consent signing, using SharePoint and Excel as the tracking layer, processing completed DocuSign events, storing signed PDFs in SharePoint, and sending Slack notifications when scan work could continue.
System flow
Core modules
Consent-first scan workflow
The scan workflow starts with a digital Einwilligung before the scan case moves forward. A user opens a "Neue Einwilligung" action from Slack, enters the required customer and object data, and the system prepares a DocuSign consent document for digital signature. This makes consent collection part of the operational workflow instead of a separate manual step.
Serial-number based scan reference
Each scan case receives a generated internal serial number. The customer and object data remain internally mapped to this serial number, while the scan-side project reference can use the generated serial instead of directly exposing the customer identity. This creates a separation between internal customer data and the external scan reference. The correct wording is pseudonymized reference flow, not anonymous data.
Role-based Slack Control Center
The BauScope 3D Control Center uses Slack App Home as the internal user interface. The Home Tab is generated dynamically based on the current user and their role. The workflow supports different roles such as super admin, admin, and technician, and shows different actions depending on the user state. Slack's App Home is a private one-to-one space between the app and a user, and Slack's views.publish method is used to create or update an app's Home tab for a specific user.
Structured Slack modals
The workflow uses Slack modals to collect structured data instead of relying on free-text messages. The modal flow captures the information needed to create the internal consent record, connect it to a serial number, and prepare the DocuSign sending process.
Tracking layer with SharePoint and Excel
SharePoint and Excel act as the internal tracking layer for consent records, serial numbers, customer mapping, DocuSign status, and scan-related workflow state. The workflows read and process the Einwilligung table, including fields such as serial number, created date, customer data, DocuSign sent date, DocuSign completed date, envelope ID, and internal status. Microsoft Graph supports working with Excel data, calculations, reporting, and dashboards through the Excel REST API, which fits the tracking-layer architecture used here.
DocuSign Einwilligung lifecycle
After the consent record is created, the system sends the Einwilligung document through DocuSign. The completed-signature workflow processes DocuSign completion events, verifies the webhook message via HMAC, extracts envelope information, matches the completed document to the internal record, downloads the signed PDF, uploads it to SharePoint, updates tracking status, and notifies the team. DocuSign documents HMAC validation as a way to verify webhook messages from DocuSign Connect.
User and access management
The system includes user management logic for the Slack control center. It routes actions such as viewing, creating, editing, and deleting users, and processing Einwilligung submissions. This supports an internal role-based operating model instead of giving every Slack user the same access.
Scan release notification
After the Einwilligung is completed and stored, the system notifies the team that the scan case is ready to continue. The scan/project reference uses the generated serial number, while the real customer mapping remains inside the internal SharePoint/Excel tracking system.
Technical decisions
Consent before scan processing
The workflow is designed so that the consent step happens before scan work continues. This reduces operational ambiguity and creates a traceable record before the Matterport scan case moves forward.
Pseudonymized reference flow
The system uses a generated serial number as the scan-side reference. This avoids using direct customer identity as the primary external scan reference and keeps the customer mapping inside the internal tracking layer.
Slack as the control center
Slack App Home and modals were used because they allow the team to work inside an existing communication tool instead of switching to a separate custom web application.
Role-based access
The Home Tab and user management logic support different user roles, making the interface more controlled and operationally safer.
Separate completion handling
Sending the consent document and processing the completed signed PDF are handled as separate workflow stages. This makes the lifecycle easier to track and debug.
SharePoint and Excel as internal records
SharePoint and Excel are used as the internal operational layer for consent records, signed documents, serial references, and status tracking.
Reliability patterns
The architecture is designed around traceability: each scan case can move from consent creation, to DocuSign signing, to signed PDF storage, to scan release.
The outcome
The automation made the Matterport Pro3 rollout more structured and operationally manageable.
It connected consent collection, serial-number generation, internal tracking, DocuSign signing, signed document storage, user access, and Slack notifications into one coordinated workflow.
The main impact was operational control: the team could manage scan consent, identify scan cases by serial number, keep customer data internally mapped, and know when a signed Einwilligung allowed the scan process to continue.
Tech stack
Proof / Evidence
This case study is based on a consent-first Matterport Pro3 workflow and Slack-based control center. The architecture is documented openly. The full workflow JSON is not published, since it contains customer data, object addresses, DocuSign envelope IDs, Slack workspace identifiers, and internal SharePoint references.
Architecture diagram
Consent-first flow showing the Matterport Pro3 scan workflow: consent is collected via Slack and DocuSign before scanning begins, each case receives a pseudonymized serial number, and signed documents are stored in SharePoint.
Public code & documentation
Role-based Slack internal tool platform with DocuSign Connect HMAC verification, Microsoft 365 backend, and consent-first scan workflows. Architecture docs and code patterns covering Slack App Home, HMAC verification, and DocuSign Connect integration.
Code excerpt: DocuSign Connect HMAC verifier
The first node of the DocuSign completion workflow. Verifies that an incoming webhook really came from DocuSign by checking the HMAC SHA256 signature DocuSign attaches to every Connect message. Without this, an attacker could forge completion events and mark cases as signed without the customer ever signing.
Full version, plus role-based App Home builder, Excel column mapper, and Slack authorization extractor in snippets/. The DocuSign envelope-sending workflow uses the same template-tab pattern documented in the companion DISPO repository. Serial number generation specifics live in a SharePoint list and are not published.
Confidentiality & Publication Note
This case study describes a consent-first Matterport Pro3 workflow and Slack-based control center in anonymized form. The public version explains the consent flow, role-based Slack interface, serial-number tracking, DocuSign signing process, SharePoint/Excel tracking layer, and scan-release logic without publishing customer data, object addresses, phone numbers, email addresses, Matterport project links, DocuSign envelope IDs, Slack IDs, SharePoint URLs, credentials, or raw workflow exports. The term pseudonymized reference is used carefully: it describes a technical separation between internal customer mapping and scan-side project references. It does not claim anonymity or legal certification.