Version history

RLS performance improved: Row-level security policies now evaluate user context once per query instead of per row.

Internal database optimization with no change to security logic or access rights.

Export manifests made fully immutable: Persisted snapshots can no longer be modified or deleted after creation.

Database protection anchored at schema level: Immutability is enforced by database triggers, independent of the API path.

Attack surface reduced: Unnecessary UPDATE permission removed.

PDF export stabilized: Download now works reliably without navigating away from the app.

Memory handling improved: Temporary blob URLs are properly released.

Download flow simplified: No unnecessary confirmation dialogs.

Export clarity improved: ZIP exports now include a README file explaining the structure.

Iterations are more clearly represented with additional context information.

Proof presence per iteration is clearly visible.

Duty ZIP export added: Users can download any duty including all iterations and proofs as a ZIP file.

Full documentation chain exportable: The ZIP contains all iterations in chronological order with associated proof files.

Overview file included in export: overview.json documents chain length, metadata and the order of all iterations.

Account data export (ZIP) added: Users can download their entire account including duties, proofs and exports.

Full data access before deletion enabled: The export is available directly in the account section.

Structured export for local archiving provided: Duties, proofs and exports are included as an organised directory structure in the ZIP.

GDPR-compliant account deletion added: Users can now permanently and irreversibly delete their account and all associated data.

Deletion flow made clear and transparent: Two confirmation steps ensure that deletion is a deliberate action.

Full removal of all user data enabled: Duties, proofs, exports and uploaded files are completely removed.

Structured GEO definitions added: Core descriptions on main and topic pages have been formulated to be machine-readable for AI systems and search engines.

Hreflang x-default added to all public pages: All public HTML pages now include the x-default alternate link for international SEO.

English content brought to DE parity: Positioning, definitions, and links in the English version now match the German version.

Pricing page metadata updated: Title and description reflect the current Free/Pro status.

Compatibility with stricter browser security policies restored: Pages are now fully initialized even under strict content security policies.

Initialization of public and protected pages unified: Page load logic has been consolidated and is now more maintainable.

Language selection, navigation and sign-in flows further stabilized: Affected elements are now reliably loaded.

Security and privacy hardening further completed: Internal security and privacy points have been fully cleaned up and closed.

Reporting and configuration details cleaned up: Internal reporting mechanisms have been made more data-sparse.

Security audit completed: All identified security points have been assessed, resolved, or consciously accepted.

Session and authentication behaviour further hardened: Expired sessions are now reliably detected and no longer used for requests.

Handling of expired sessions improved: Stale credentials are automatically cleaned up on the next access.

Client/server consistency further strengthened: The client state now more reliably reflects the server state.

Export consistency further improved: Internal export references are now consistently aligned throughout.

Internal export references unified: Repeated requests for the same export now return identical references.

Unused export fields cleaned up: Fields without a valid data source have been removed from the export.

Content Security Policy enforced: The security policy switches from Report-Only to Enforce. Unauthorized script and resource sources are now actively blocked.

External script sources fully removed: Permitted script sources are now restricted exclusively to the app's own server.

Client-side dependencies further localized: External script dependencies in the app core have been further reduced. The app core no longer loads runtime scripts from external CDN sources.

Frontend security baseline further hardened: All essential client-side dependencies are now served locally.

PDF export dependency localized: The library used for PDF export is now served locally instead of being loaded from an external CDN.

Export integrity further hardened: Saved export manifests can no longer be modified after creation.

Protected page behaviour aligned: Session expiry and sign-out handling is now consistent across all protected app pages.

Export accuracy improved: Active duties without a proof are no longer incorrectly flagged as incomplete in exports.

Privacy policy updated: Cloudflare documented as CDN and DDoS protection provider in the privacy policy (DE/EN).

Export manifest baseline introduced: Exports now rely on a persisted snapshot instead of scattered live reads.

Integrity anchor added: Manifests are canonically serialized, hashed with SHA-256 and persisted with a stable hash reference.

Integrity block visible in PDF: Export ID, timestamps, status, iterations, proof counts and compact notes are documented early in the export.

Export status more reliable: Incorrect PARTIAL flags for temporarily unreachable proofs are reduced.

Login emails improved: Logos and dark-mode variant are now reliably shown across mail clients.

Login completion comprehensively hardened: Login links are now bound to the original request context and accepted only in a valid context.

Recovery protection increased: Recovery codes are now strictly fallback-only, verified server-side, and limited after repeated invalid attempts.

URL safety refined: Recovery codes are no longer transported in login-link URLs.

Callback guidance improved: Recovery and error flows now guide users clearly, including a direct action to request a new login link.

Theme consistency expanded across DE/EN: Login emails and callback now follow the selected light/dark mode consistently, including dark branding in email footer.

Logout also hardened for browser back: After sign-out, protected app pages are no longer shown again from the browser cache.

Return to the public landing page: After logout, PflichtPilot now directs users back to the public landing page.

Home link refined in app context: The footer Home link now opens the public landing page from inside the app instead of jumping back into the overview.

DE/EN auth flow hardened: Request, completion and language routing now behave consistently across both language variants.

Link protection refined: Reused or tampered login links are rejected consistently.

Archive integrity refined: Recurring duties now avoid partial states between archiving and next iteration creation.

Proof truth aligned: Existing proof status now consistently reflects file-backed proof entries only.

Chain signals clarified: Incomplete earlier iterations are now shown explicitly in duty detail and history.

History made chronological: Earlier iterations are displayed in a clear time-based order.

Export status made more honest: Unknown proof completeness no longer appears as an exact ratio.

Export made more robust: Documentation chains with three or more iterations are processed reliably.

EN document titles corrected: English app pages now set consistent document titles again.

English coverage expanded: Public EN counterparts for key content and legal pages were completed.

DE/EN consistency improved: Navigation, linking and page titles were aligned across both languages.

Login flow stabilized: Request, callback and guard paths now run consistently with clear failure states.

Token protection hardened: Login tokens are removed from callback URLs after processing and no longer logged as sensitive query strings.

Local auth state hardened: Invalid or stale local states are consistently treated as signed out.

Performance improved: Overview, duty detail and export now load proof/chain data with fewer roundtrips.

Wait time made transparent: When requests are temporarily limited, the login page shows the remaining wait time as a countdown.

Internal stability and maintenance improvements.

Export >50 clarified: For very long histories, the current subset is applied clearly.

Proof titles unified: Titles stay consistent across detail view and export.

Entry behavior stabilized: App and billing start pages now load more reliably.

Callback wording refined: Public release wording was made clearer.

Detail view >50 clarified: Shortened lists are clearly marked as partial views.

Export >50 marked: For shortened evidence files, the covered scope is shown clearly.

Upload risk reduced: When save fails, uploaded files are cleaned up immediately.

Detail robustness improved: Documentation-chain conflicts are shown clearly.

Login completion hardened: Callback processing of link data is more stable.

Archive flow unblocked: Individual read errors no longer pre-block archiving.

Archiving more reliable: Results are returned clearly and consistently.

Reactivation refined: Reactivation runs separately with clear conflict checks.

Chain conflicts safeguarded: Ambiguous follow-up iterations are handled as explicit conflicts.

Status display refined: Pro success page confirms activation only with proven profile status.

Proof flow hardened: Uploads to archived duties are consistently blocked.

Public discoverability improved: Relevant page signals were aligned consistently.

Public consistency: DE/EN landing links and target paths were unified.

Content tightened: Core knowledge pages and internal links in DE/EN were clarified.

Evidence presentation improved: Export and chain communication became clearer.

Core stabilized: Archive flow and documentation chains became more robust.

Knowledge hub established: How-it-works, FAQ, glossary and knowledge pages in DE/EN were linked.

Public baseline set: DE/EN structure and page mapping were aligned.

Login and user guidance were stabilized for common everyday flows.

Archiving and recurrence behavior became more reliable with clearer errors.

Terminology and DE/EN landing consistency were consolidated.

Recurrence stabilized: Monthly/yearly intervals became reliable.

Archive as trigger: Follow-up duties are created only when archiving.

History clarified: Archive state and progression became easier to track.

Legal notices (terms, privacy, imprint) were added and refined.

Security-related hardening was implemented.

Smaller fixes for date, footer, and interaction flows.

Privacy notices were updated and delivery improved.

Maintenance release with smaller stability improvements.

Smaller UI fixes and PDF export stabilization.

PDF export introduced: Duties and proofs can be exported as structured evidence file.

Small fixes in Pro/paywall flow and plan display.

Overview expanded: Search, status and archive view were introduced.

Proof and Pro flow: Proof management and Pro/Free flow were extended.

Multiple proofs per duty and basic proof types were introduced.

Web MVP: Duty creation, due dates and magic-link login were published as initial version.