Changelog

Copy Consistency, SEO & Analytics

• All contact emails unified to [email protected] across landing page and subpages
• Pricing & tier copy aligned across Pricing, Documentation, Investors, and About pages
• Google Analytics (gtag.js) added site-wide via Next.js Script component
• Investors page: corrected Business tier to €349/mo, timeline aligned with NIS 2 focus
• Full SEO audit — Investors page upgraded with OG, Twitter cards, hreflang, and added to sitemap
• FAQ updated: additional regulation modules (DORA, GDPR) marked as coming soon

Social Login & Tier Simplification

• Google & Microsoft OAuth with PKCE S256 and CSRF state protection
• MFA enforcement — OAuth users with TOTP still complete 2FA
• Free tier removed — Starter is now the entry plan (€99/mo)
• OAuth rate limiting (10 req/min) on all social login endpoints

Role System Refactor

• Four clear functional roles: Admin, Approver, Editor, Reader
• Granular tRPC middleware: adminProcedure, approverProcedure, writerProcedure
• Minimum-admin and minimum-approver safety constraints per organisation

Compliance Audit Trail

• Full before/after change log on 20+ mutation endpoints (NIS 2 Art. 21 evidence)
• Structured JSONB diffs with field-level comparison and snapshot storage
• Queryable history: filter by regulation, entity, user, date range

Security Hardening, SSO & BYOK

• Deep security audit — 2 critical IDOR fixes, 5 RBAC fixes, 3 defense-in-depth patches
• Row-Level Security (RLS) on 13 tenant-scoped tables
• SAML SSO with IdP configuration, enforcement toggle, and assertion replay protection
• BYOK encryption — AES-256-GCM envelope encryption with key rotation
• Security headers, CSRF protection, and auth rate limiting

Billing & Tier Enforcement

• Stripe billing integration with checkout, portal, invoices, and webhooks
• Tier enforcement on user limits, AI usage, risk entries, storage, and regulations
• Billing UI with plan cards, monthly/annual toggle, and invoice history

AI Engine & Validators

• Claude & GPT-4o providers with automatic failover routing
• 4 AI features live: policy generation, gap analysis, compliance chat, incident reports
• 391 unit tests across 20 test files — validators, prompts, rate limiter, tier limits

Full Platform Build

• 10 app pages — dashboard, gap analysis, risk register, policies, incidents, and more
• Auth system with bcrypt, TOTP 2FA, session tokens, and email verification
• Landing page, onboarding flow, i18n (EN + HR), and 20+ database tables

Project Scaffold

• Turborepo + pnpm monorepo with 8 packages
• 13 project documents — PRD, design system, security model, legal pack, and more