Changelog

What we shipped recently

A running log of platform improvements. Newest first.

7recent releases

How we ship and how we communicate it

The changelog is the record of what actually shipped, with enough technical detail that an engineering team or a procurement reviewer can verify it. Each entry covers a coherent batch of work (compliance, billing, free-tier scope, security hardening, analytics, UX) rather than individual commits. Items are written in the past tense and describe behavior the user can verify in the dashboard or via a curl test.

We keep the changelog public because the platform is sold to brands, retailers and printers who need to verify what they're paying for. Compliance teams can cross-check that the cookie banner, GDPR controls and data-residency posture match what the security and privacy pages claim. Engineering teams can confirm that the rate limits, magic-byte upload validation and webhook idempotency are real, shipped behavior rather than aspirational marketing copy. Product teams can see what's been added recently before signing up.

Roadmap items deliberately don't appear here. The changelog is a record of shipped work, not a list of intentions. When something ships, it lands in the changelog within the same business day, with a tag that lets readers filter by area: compliance, pricing, free-tier, forms, analytics, security, UX. New entries are added in reverse-chronological order at the top.

Compliance29 April 2026
EU GDPR / ePrivacy / Cookie compliance live
- Full GDPR-compliant Privacy Policy, Terms and Cookie Policy
- Three-button cookie consent banner: Accept all, Reject non-essential, Customise
- One-click data export and account deletion in Settings
- Honours Global Privacy Control on first visit
Pricing29 April 2026
EUR pricing alongside USD
- Real EUR prices on Starter, Brand, Growth (monthly + yearly)
- Currency switcher in dashboard sidebar and billing page
- Server sniffs Accept-Language and defaults to EUR for EU/UK locales
Free tier29 April 2026
Free-tier feature lockdown
- Free plan capped at 5 active LIVE product pages
- Server-side stripping of locked fields on free-plan submits
- QR API returns HTTP 402 for SVG and PDF on free plan
- Advanced analytics breakdowns gated behind Upgrade panel
Forms29 April 2026
Inline product form validation
- useActionState-driven server validation with field-level errors
- Specific GTIN error message: length, mod-10 hint, leading zero hint
- Form remembers user input on validation failures
- Pre-publish checklist showing what blocks LIVE
Analytics29 April 2026
Date range picker and IP geolocation
- Custom date range picker on analytics: today through last 12 months + custom
- Offline GeoLite2 IP geolocation, no external API
- Country and city breakdowns now resolve from raw IP behind nginx
- createdAt serialization fix for cached unstable_cache rows
Security29 April 2026
Production hardening sweep
- Strict Content-Security-Policy header on all routes
- nginx rate limits: 10/min auth, 30/min QR, 120/min scan ingestion, 300/min webhook
- Magic-byte signature validation on all image uploads
- Billing webhook idempotency table to dedupe replays
UX29 April 2026
Consumer-friendly trust signals on scan pages
- Replaced technical compliance badges with 'Verified by Brand' pill
- Dynamic attribute pills (Organic, Recyclable, Single origin, etc.)
- Workspace members can preview DRAFT product scan pages
- Per-row Open scan page / Preview action in products list

Keep going

Platform overviewAll six modules wired together.Read more SecurityProduction posture, EU residency, GDPR controls.Read more PricingFree, Starter, Brand, Growth, Enterprise.Read more How it worksFrom GTIN to first scan in five steps.Read more