Changelog

What shipped

The running record of what actually changed in production, newest first. Not a roadmap of intentions.

Changelog

What has shipped, newest first. This page is the running record of what actually changed in production, not a roadmap of intentions.

2026-06-01

  • Plans — The Free tier now allows commercial use (previously non-commercial) and gained a two-stage limit: a soft cap past which the captcha keeps running but responses gradually slow, and a hard cap above it that stops service for the rest of the cycle.
  • Plans — Repeatedly hitting the Free hard cap deactivates the account. Upgrading restores it instantly — otherwise the account and its data are removed after a retention period. Paid plans are unchanged: they keep serving over the limit and just get an upgrade reminder.
  • Trust — Added a Key Timelines table consolidating every due-diligence deadline (breach 48h, DSAR, sub-processor notice, deletion) in one place.

2026-05-31

  • API — Per-project in-quota rate cap to keep a single noisy project from burning an account's whole monthly allowance.
  • Trust — Added a Business Continuity section (low switching cost, 90-day wind-down notice, protocol published on shutdown).

2026-05-20

  • Privacy — Switched the marketing site to first-party, server-side, cookieless analytics (no IP stored, no third party).

2026-05-15

  • Account — Registration now records versioned legal consent with an audit trail.

2026-05-12

  • Protection — Adaptive attack detection: per-sitekey PoW difficulty now scales up automatically under coordinated abuse, including cross-sitekey IP reputation and offline GeoIP signals — visitors are never hard-blocked.
  • Protection — Flattened the tier difficulty multiplier so a paid sitekey is never a cheaper attack target than a Free one.

2026-05-11

  • Reliability — Production exception monitoring with alerting.

2026-05-08

  • Widget — Per-project configurable attestation TTL, surfaced in the dashboard, debug console, and demo.

2026-05-05

  • Dashboard — Chart-preview upgrade view for Free users.

2026-05-04

  • Site — New /why-eu positioning page; added the ML-vs-PoW trade-off disclosure to the comparison table.

2026-05-03

  • Widget — Added 'event' submit mode for Livewire / SPA integrations and automatic re-init on wire:navigate.
  • Billing — Exposed the Lemon Squeezy customer portal for consumers.
  • Admin — Internal /admin users panel; SEO metadata + JSON-LD across public pages.

2026-04-30

  • Widget — Debug mode for client-side timing visibility (data-captcha-debug).
  • Blog — Launched the engineering blog at /blog.

At launch (April 2026)

  • Widget — Drop-in script with data-captcha, HMAC-signed captcha_attestation verified locally with a per-project secret key; lazy/eager load control; rotating secret keys.
  • Protection — Proof-of-Work challenge with soft-serve over-limit on paid plans (visitors never blocked) and a hard cap on Free.
  • Billing — Paid plans live: Stripe for CZ + EU B2B (reverse charge with live VIES validation), Lemon Squeezy as Merchant of Record for consumers and ROW; self-service downgrade; invoice list + PDF download.
  • Dashboard — Usage tracking, limit banners (80% / 100%), project key management, transactional emails for limits and payments.
  • Legal — Trust center, DPA, sub-processors, privacy with full data disclosure, ePrivacy notice, controller/processor split.
  • Docs — Documentation and live demo pages.