Version history

Wording around records and integrity is consistent and carefully phrased across the landing and knowledge pages in both German and English.

On the knowledge and practical-guide pages, the note below the template form now sits directly under the input field. The practical checklists show only their checkboxes — without an extra bullet. Cleaner to read and to print.

Once attached, evidence stays immutable: removing individual evidence entries is excluded in normal operation, so each iteration's documentation trail stays intact. Full account deletion still clears all of your own data.

Account deletion reports its storage step as complete only when the evidence files were fully enumerated and removed — otherwise an honest partial status is shown instead of a silent success.

Plan wording clarified: Free covers creating, structuring and archiving obligations plus GDPR data export; uploading records and the structured evidence package are part of Pro Solo.

The verify page states clearly that the byte-for-byte check concerns manifest.json — not the PDF, ZIP, or proof files. Every generated evidence package gets its own verify reference, and the ZIP is bound server-side to its export manifest before delivery. Completeness status (full or partial) is visible right after download. Administration and billing functions now accept requests only from the application's own domain.

The evidence-package ZIP now includes a manifest.json with the canonical hash bytes plus a manifest-hash.txt and a verify-url.txt for direct linkage. Auditors, insurers, or authorities get all the artifacts needed for verification without an account, bundled together.

The verify page (pflichtpilot.app/verify.html or /en/verify.html) offers, for a valid verify code, a file-upload field for the manifest.json. The browser computes SHA-256 locally over the file bytes and compares the result against the manifest hash PflichtPilot recorded — MATCH or MISMATCH is shown immediately. The file does not leave the browser.

This makes byte-for-byte identity verification of the evidence package the external standard: not just “code is known”, but “the hash of your evidence package matches exactly what PflichtPilot recorded”.

The local link to the Stripe customer record (stripe_customer_id, stripe_subscription_id) is explicitly cleared on account deletion — regardless of whether the Stripe API calls succeed. This guarantees the privacy notice promise “link is removed locally” even in exceptional cases.

When a Stripe step cannot complete automatically, the notice on the account-deletion confirmation now includes a direct link to Stripe Support, where any leftover customer data can be removed.

Magic-link login codes are deleted daily once they are more than 30 days past expiry. Companion data (IP address, user-agent, language) ages out with the row.

Stripe payment-event records are reduced daily: the full record is shortened to a compact duplicate-detection key (event ID and timestamp) once the event is older than 90 days.

Evidence-package template requests are deleted daily once they are older than 12 months.

Privacy notice §5a updated: the storage-duration overview now describes the enforced cleanup (daily 03:00 UTC) without the prior maintenance hedge.

The GDPR data export (Art. 20 GDPR) delivers a ZIP with all reachable data plus a transparent gaps.json listing any unreachable proof files (proof_id, duty_id, file_path, reason). The export is usable even when individual files in storage are temporarily not reachable.

The evidence-package export now checks the underlying duty chain for branches or cycles before generating the ZIP. If either is present, generation is refused with status FAIL and a concrete reason — so the status flag on every evidence package remains reliably meaningful (FULL / PARTIAL / FAIL).

Account deletion shows immediately after completion which sub-steps were completed (storage / database / Stripe). If a Stripe step could not complete automatically, the UI points to the Stripe customer portal.

Privacy notice precised: Brevo (Sendinblue SAS) named as the email-delivery provider; storage-duration overview (§5a) lists the companion data of login requests (IP address, user-agent, language); Plausible scope (§6) covers all public pages.

Pricing paywall and Pro success page (DE+EN) describe the Pro Solo package consistently as “structured evidence package (PDF + ZIP) — suitable for audits, insurers, or authorities”.

Onboarding modal: keyboard focus stays inside the dialog. Keyboard and screen-reader users navigate the steps without moving into the app shell behind the overlay.

The privacy notice now describes explicitly what happens to the external payment master data at Stripe when an account is deleted: the active subscription is cancelled, the customer object is deleted via the Stripe API (best-effort, logged per sub-step). Stripe’s own statutory retention of invoices (typically 10 years under § 147 AO) is openly disclosed — it lies outside PflichtPilot's sphere of influence.

The evidence-package PDF continues to carry archive metadata in the PDF Info dictionary (title, author, creation and modification date, keywords) for indexing in long-term archives. Full ISO 19005-3 conformance (embedded fonts and sRGB OutputIntent, veraPDF-validated, including the XMP PDF/A identifier) is noted as an optional follow-up and will be implemented on concrete customer demand.

The storage-duration overview in the privacy notice was extended by two additional data categories: technical login and payment helper data, and requests from waiting lists and template downloads. No functional change.

The knowledge article on DGUV V3 electrical inspections was substantially expanded: inspection intervals per equipment type, qualification of inspectors, delineation against BetrSichV, and liability consequences when the record is missing. Two maintenance knowledge pages received clearer, more search-friendly titles.

Terminology across knowledge base, FAQ and landing aligned to the current baseline. Structured data added on the homepage so search engines render the brand correctly. The Pflichten-Dokumentation hub page was extended (definition, audience, delineation from plain folder and spreadsheet structures).

Wording refinements around evidence, hash and verify. Pricing page as 2×2 layout with all four tiers in the same format. New landing section "From case law" with four concrete cases and file references. Extended storage-duration overview in the privacy notice plus clear delineation of the product-level "archiving" against statutory deletion / objection rights.

Verify tokens are now stored as a hash only. The plaintext token appears once on the PDF and is no longer readable from DB backups or logs. Existing PDFs continue to work.

Evidence package creation and PDF/ZIP export are now Pro-gated server-side. The GDPR Article 20 data export remains freely available.

If an evidence file is missing during ZIP export, the package is still delivered — with an explicit gap list inside overview.json, no silent 500 response.

Structural branches or cycles in the duty chain now result in status FAIL — the manifest marks this clearly instead of PARTIAL.

Account deletion now removes PflichtPilot-side data atomically (storage recursively, manifests via explicit bypass) and additionally attempts to cancel the Stripe subscription and delete the Stripe customer. Stripe steps run as best-effort (independent payment processor with its own retention obligations); each sub-step is logged individually. The full UI surface was completed in v1.10.0.

Evidence rows cannot be modified after creation. The corresponding database permission rules have been tightened.

Verify result page, hosting and privacy notices, and evidence-package wording are now more precise — no more absolute promises around bit-level identity or fully irreversible data deletion where that is not yet technically verifiable.

Answers to the one-time onboarding prompt are now reliably stored in the profile. Once confirmed, the prompt does not reappear.

Protections for sensitive profile fields (subscription status, role, Stripe linkage) are further hardened — these fields cannot be set client-side.

The evidence file and its database entry are now created server-side as a single closed operation. Intermediate states (file without entry, or entry without file) are excluded.

Direct evidence-row inserts without a verified underlying file are consistently rejected at the database layer.

Additional protection layer for profile and obligation master data: server-side defaults for subscription, role, and archive fields are enforced on every insert — client-side manipulation of these fields is excluded.

The deletion rule for evidence files in storage is tightened: a file is removed only when no evidence entry still references it.

No visible behavior change for regular use.

On first login, PflichtPilot shows a one-time prompt: two questions clarify in one step what PflichtPilot is for (recurring + provable). Once confirmed, the prompt does not reappear.

The PDF evidence package now carries, in addition to the verify token, a QR code on the cover page that leads directly to the verify URL.

A new explanatory page ("How PflichtPilot works") summarises the flow from obligation to evidence package.

Public pages now measure reach with Plausible. EU-hosted, no cookies, no personal data. Inside the app (/app/) there's no tracking.

Privacy notice updated to match.

Audit PDFs now carry a thin footer line on every page with the short verify token. An auditor or insurer can tell where the package came from without installing anything.

Alongside that, a printable blank evidence package (maintenance, inspection, walkthrough, training). Free download behind the knowledge articles.

Pricing now shows three tiers instead of two. Pro Team ships with v2.0 — anyone who wants a heads-up can sign up on the page.

New section on the landing page with a solo-founder note and roadmap status. Live numbers only appear once they're real.

Founder Lifetime shows live how many of the 10 seats are still open.

Mobile settings in English mode: the help/info section was mistakenly mixed German/English — now fully translated.

Pricing page cleaned up: version numbers in announcement notes removed (PDF with hash anchors, public verify URL, and Stripe portal are now live).

Landing final-CTA streamlined: one click to request beta access. The former filter text moves to an optional onboarding question after login.

Evidence-package verify page now shows a subtle context line that the package was structured with PflichtPilot — no pitch, just context.

Ten new knowledge-base articles on concrete obligation topics (German market focus): BetrSichV maintenance proof, elevator inspection record, WEG property manager checklist, DGUV V3, playground inspection, Drinking Water Ordinance §14, fire safety helpers, landlord traffic-safety duty, heating maintenance log, ASR A2.2.

Each article covers legal basis, required contents, retention period, and a concrete practice checklist — written for property managers, facility managers, and landlords.

Pro users now see a 'Manage subscription' button in the settings area. One click opens the Stripe customer portal — plan, invoices, and cancellation are handled directly.

Plan switch (monthly ↔ yearly), invoice download, and cancellation are available in the portal. No email to support required.

If you cancel, Pro ends at the end of the period.

Every new PDF evidence package now includes a verify address: a short URL that lets third parties (auditor, insurer, authority) retrieve the manifest hash and export status stored at PflichtPilot, without an account, and compare them technically against the package they hold.

The verify page shows status, manifest hash, and date — no package contents, no obligation titles.

Verification is tied to the active subscription. If the subscription ends, online verification becomes inactive — the PDF itself stays with its owner.

Packages exported before v1.9.4 contain no verify URL — re-export to get one.

The PDF evidence package now contains full document metadata: title, author, subject, keywords, and date are written into the file-info block.

These fields are what archive systems use to identify and reliably index the package for long-term retention.

Every ZIP export of an obligation now contains integrity identifiers: for each file, each iteration, and the full chain.

Anyone reviewing your evidence package later can use standard tools to confirm that nothing was altered after export.

overview.json inside the ZIP and README.txt document the format in German and English.

Pro status is now activated automatically after successful payment — no manual step required. Successful checkouts, renewals, and cancellations are processed automatically.

If you cancel in the Stripe portal, Pro ends automatically at the end of the period. Failed payments propagate the status accordingly.

Founder Lifetime: one-time payment unlocks Pro permanently.

Pricing page now shows live whether the EARLY10 discount is still available. Once the 10 Founder spots are taken, the prefill disappears automatically.

Sidebar clicks feel instant: PflichtPilot now warms up the target page when you hover over a sidebar item.

Iteration arrows on the obligation detail now cross-fade with a short slide — previous iteration slides in from the left, next from the right. Older browsers fall back to the normal page change.

Tap feedback on iteration arrows: a brief button-press effect on click.

Database interfaces hardened further: only the functions actually needed for the obligation flow are publicly callable — internal helpers are not.

All public pages now reach top scores in the three Lighthouse categories Accessibility, Best Practices, and SEO. Specifically fixed: color contrast on small hint texts, heading order on two knowledge pages, touch-target size of footer links.

Structured data extended: pricing pages now contain a full offer hierarchy for Google Rich Results.

New hint dialog the first time you create an obligation: two questions — recurring and provable — with brief explanation and examples. Makes it clear that PflichtPilot is for recurring, evidence-bound activities, not one-off to-dos.

Yes to both: one click — dialog gone, form ready. No to at least one: short explanation with 'Create anyway' or 'Back to overview'. No hard block.

The dialog appears once — after you confirm it, it does not appear again.

New 'Roadmap' page (DE and EN): what's coming next, grouped by theme. Order largely fixed, dates open.

New changelog feed: every release as an entry, subscribable in any RSS reader.

Direct link to the roadmap in the footer of all pages.

New 'Manifesto' page (DE and EN): ten dated commitments — what PflichtPilot deliberately does NOT do and will not do. No attention-grabbing notifications, no vanity metrics, no AI-generated records, no content analysis of uploaded files, no data selling, no retroactive paywalling of existing Free features, no hidden cancellation path, no unsupported claims, no hidden tracking, no silent changes to this list.

Personal commitment from the founder — dated and signed.

Direct links to Manifesto, Security, and Hosting in the footer of all pages.

Pricing page (DE and EN) extended: a notice about the current development stage and a section 'What documentation gaps can cost' with four neutral categories (audit delay, insurance discussion, authority inquiry, dispute) — neutral, without fine-promises.

New 'Security & Responsible Disclosure' page (DE and EN): contact path for vulnerability reports, confirmation within 5 working days, no cash rewards or fixed response times.

New 'Hosting & Data' page (DE and EN): factual description of where your data lives (Supabase EU region Frankfurt), which processors are involved, how data export and account deletion work.

Log-out button on mobile now correctly shows “Log out” in English mode instead of “Abmelden”.

Search snippets on the English pages now show the EARLY10 discount cleanly as “50 %” instead of a typo.

Search snippets on the landing pages now show the full price range (free through €499.99) instead of a placeholder value.

Pricing page is live and bookable with three tiers: Free, Pro Solo (€199.99/year ≈ €16.67/month — save 17 % — or €19.99/month) and Founder Lifetime (€499.99 one-time, limited to 10 spots, Pro Solo forever including all future Solo features). VAT is shown automatically at checkout.

EARLY10: 50 % discount for 12 months on Pro Solo — applied automatically at checkout, no code entry required. Limited to the first 10 buyers.

Free vs. Pro Solo clearly separated: Free covers creating, structuring and archiving obligations plus GDPR data export. Pro Solo unlocks proof upload and the structured evidence package (PDF/ZIP) for auditors, insurers or authorities. Note on the pricing page: the evidence package works only while a subscription is active.

Privacy policy (DE and EN) updated: Stripe added as a payment processor.

Log-out button now visible — on desktop next to the version indicator in the sidebar, on mobile in the “Account & Data” section next to export and delete. Contact email unified to [email protected] everywhere.

Logged-in users now reliably see the “To app” button on every public page — even after extended login time, and without a brief flash on load.

Guide, Knowledge base, Help & FAQ, Home and the version link now open in the same tab instead of a new one — clicking “To app” at the top brings you straight back. If you’ve already started entering a duty or record, the browser asks whether to discard your unsaved input before leaving.

Mobile users now have direct access to Guide, Knowledge base, Help & FAQ, Home and version display — via a new “Help & Information” block on the settings page. On desktop the sidebar remains the source; the block is hidden there.

Hero images on the landing page now show the actual app instead of a stylized mockup — same Pflichten and Overview views that logged-in users see.

Sidebar logo in the app rendered in stronger white contrast, recurring icon centered below the status pill. Privacy page with tighter address rows and a clearly separated processing-agreement note.

The app is now fully available in English — sidebar, topbar, mobile tab bar, forms, settings and filters all switch when EN is selected (previously some labels stayed in German).

New step-by-step guide: explains exactly what to click — from creating an obligation to exporting the records bundle. Linked from the app sidebar.

Version-bump bug fixed: earlier version bumps had accidentally overwritten the sidebar TOC link instead of adding a new entry.

Mobile menus respond reliably again: main menu, knowledge-base picker, light/dark/auto and language toggle work on all public pages.

Logged-in users see a direct link to the app on every public page.

Overview tidied up: more compact status cards on phones; “Upcoming iterations” and “Recent records” as swipeable tabs.

Duty list with filter pills (Overdue, Due, Proof available, No proof, Show archive) – multi-select. On phones, tucked behind a filter icon in the search bar.

Duty detail clearer: status centered at the bottom of the card, larger arrows between iterations, “End recurrence” next to “Archive” instead of inline. “Reactivate” is greyed out when a follow-up iteration already exists, with a tooltip explaining why.

New due-date field: type DD.MM.YYYY directly with auto-inserted dots, numeric keyboard on phones, calendar icon inside the field opens a larger picker.

“Add obligation” consistent everywhere – primary button in the topbar on desktop, round plus button in the bottom bar on phones. Leaving the create page with unsaved entries triggers a confirmation.

Notices about missing proofs now red instead of green – gaps look like gaps.

Due-date hints show only the date (no countdown). PflichtPilot is proof-continuity, not a calendar.

Light/dark/auto choice now reliably persists across navigations. New “Always show archive” toggle in Settings.

Many small consistency tweaks for spacing, icons and card frames.

Public website refreshed: hub pages for the knowledge base, new diagrams as HTML/CSS (theme-aware in light and dark), consistent sections, faster page loads.

Knowledge-base content polish: 17 FAQ questions and 16 glossary terms restored, all cross-references verified, jump-links fixed on 22 knowledge pages.

App shell redesigned: sidebar with branding, clear navigation and a profile area. The overview now shows four status cards and upcoming iterations alongside recent records.

Mobile navigation: fixed bottom bar with a central Add-obligation button — shorter paths on smartphones.

Settings extended: appearance (light/dark/auto) and language of the public site in one place, clearly labelled.

App and public-site bridge: logged-in users see a direct To-app link on every public page instead of login or beta access.

Paywall page restructured: feature overview with four cards (upload records, structured export, iteration continuity, EU hosting).

Security and performance improvements: obsolete stylesheets and image files removed (about 540 KB), 4-second visibility delay removed on 40 public pages.

Theme toggle (Light/Dark/Auto) works again: The buttons in the footer now reliably switch between light and dark appearance.

Version jump menu on the version page populated: The selector now lists all version entries and jumps directly to the chosen section.

Performance of the database permission check improved: user context is now evaluated once per query instead of per row.

Internal database optimization with no change to security logic or access rights.

Export manifests made fully immutable: Persisted snapshots can no longer be modified or deleted after creation.

Database protection anchored at schema level: Immutability is enforced by database triggers, independent of the API path.

Attack surface reduced: Unnecessary UPDATE permission removed.

PDF export stabilized: Download now works reliably without navigating away from the app.

Memory handling improved: Temporary blob URLs are properly released.

Download flow simplified: No unnecessary confirmation dialogs.

Export clarity improved: ZIP exports now include a README file explaining the structure.

Iterations are more clearly represented with additional context information.

Records per iteration are clearly identifiable.

Obligation ZIP export added: Users can download each obligation including all iterations and records as a ZIP.

Full documentation chain exportable: The ZIP contains all iterations chronologically with associated record files.

Overview file included in export: overview.json documents chain length, metadata, and order of all iterations.

Data export (ZIP) added: Users can download their entire account including obligations, records, and exports.

Full data access before deletion enabled: The export is available directly in the account section.

Structured export for local archiving: Obligations, records, and exports are packaged in a clear directory structure within the ZIP.

GDPR-compliant account deletion added: Users can fully and irreversibly delete their account and all associated data.

Deletion flow designed clearly and transparently: Two confirmation steps ensure deletion is intentional.

Complete removal of all user data: Obligations, records, exports, and uploaded files are fully deleted.

Structured GEO definitions added: Core descriptions on main and topic pages are now machine-readable for AI systems and search engines.

Hreflang x-default added on all public pages: All public HTML pages now include the x-default alternate link for international SEO.

English content brought to DE parity: Positioning, definitions, and links in the English version now match the German version.

Pricing metadata updated: Title and description now reflect the current Free/Pro status.

Compatibility with stricter browser security policies established: Pages now initialize fully under strict content security policies.

Initialization unified across public and protected pages: Loading logic for all pages has been consolidated and is now more maintainable.

Language selection, navigation, and login flows further stabilized: Affected elements now load reliably.

Security and privacy hardening completed: Internal security and privacy items have been fully cleaned up and resolved.

Reporting and configuration items cleaned up: Internal reporting mechanisms have been made more data-frugal.

Security audit completed: All identified security items have been evaluated, fixed, or consciously accepted.

Session and login behavior hardened: Expired sessions are now reliably detected and no longer used for requests.

Handling of expired sessions improved: Stale credentials are automatically cleaned up on next access.

Client-server consistency increased: Client state now reflects server state even more reliably.

Export consistency improved: Internal references in exports are now consistent throughout.

Internal references in exports unified: Multiple requests for the same export return identical references.

Unused export fields cleaned up: Fields without valid data have been removed from the export.

Content Security Policy enforced: The security policy switches from report-only to enforce. Unauthorized script and resource sources are now actively blocked.

External script sources fully removed: Allowed script sources are now restricted to the own server only.

Client dependencies further localized: External script dependencies in the app core have been further reduced. The app core no longer loads runtime scripts from external CDN sources.

Frontend security baseline further hardened: All essential client-side dependencies are now served locally.

PDF export dependency localized: The library used for PDF export is now served locally instead of loaded from an external CDN.

Export integrity further hardened: Stored export manifests can no longer be modified after creation.

Protected page protection unified: Behavior on session expiration and logout is now consistent across all protected app pages.

Export accuracy improved: Active obligations without records are no longer falsely counted as incomplete in exports.

Privacy notice updated: Cloudflare documented as CDN and DDoS protection provider in the privacy notice (DE/EN).

Export manifest introduced as foundation: Exports are now based on a persisted snapshot rather than scattered live reads.

Integrity anchor added: Manifests are canonically serialized, hashed with SHA-256, and persisted consistently with hash reference.

Integrity block visible in PDF: Export ID, timestamps, status, iterations, record counts, and concise notes are documented early in the export.

Export status more reliable: Erroneous PARTIAL flags due to temporarily unreachable records are reduced.

Login emails improved: Logos and dark mode variant render reliably in mail clients.

Login completion comprehensively hardened: Login links are bound to the original request context and are only accepted in valid context.

Recovery protection increased: Recovery codes run only as fallback, are server-side validated, and limited after multiple failed attempts.

URL security tightened: The recovery code is no longer transported via the login link.

Callback user guidance improved: Recovery and error cases are clearly guided, including direct action to request a new login link.

Theme consistency DE/EN extended: Login emails and callback consistently adopt the chosen light/dark mode, including dark branding in the mail footer.

Logout strict even on browser back: After logout, protected app pages are no longer visible from browser cache.

Return to homepage: After logout, PflichtPilot now reliably returns to the public landing page.

Home link in app context refined: The footer “Home” link from within the app now opens the public homepage instead of jumping back to the overview.

Auth flow DE/EN hardened: Request, completion, and language guidance run consistently across both language variants.

Link protection refined: Reused or manipulated login links are consistently rejected.

Archive integrity refined: Recurring obligations avoid intermediate states between archiving and follow-up iteration.

Record truth unified: Only file-based entries count consistently as existing records.

Chain hints clearer: Incomplete prior iterations are visibly marked in detail view and history.

History chronological: Earlier iterations appear in clear chronological order.

Export status more honest: No deceivingly precise quotas are shown when record completeness is unknown.

Export more robust: Documentation chains with three or more iterations are processed stably.

EN document titles corrected: English app pages set consistent document titles again.

EN coverage extended: Public EN counterparts for core content and legal pages have been completed.

DE/EN consistency tightened: Navigation, links, and page titles have been unified across languages.

Login flow stabilized: Request, callback, and guard paths run consistently with clear error states.

Token protection hardened: Login token is removed from the URL after processing and no longer logged as sensitive query string.

Local auth state hardened: Invalid or stale states are consistently treated as logged out.

Performance improved: Overview, detail view, and export load record/chain data with fewer roundtrips.

Wait time more transparent: On temporary request lock, the login page shows the remaining wait time as a countdown.

Internal stability and maintenance improvements.

Export >50 refined: For very long histories, the current subset is clearly applied.

Record titles consistent: Titles remain consistent in detail view and export.

Entry behavior stabilized: App and billing start respond more reliably on load.

Callback description refined: Public documentation has been written more clearly.

Detail view >50 records refined: Truncated lists are clearly marked as partial view.

Export >50 records flagged: Truncated documentation files are clearly indicated.

Upload risk reduced: On failed save, uploaded files are immediately cleaned up.

Detail view more robust: Conflicts in documentation chains are clearly visible.

Login completion hardened: Login completion processes link data more stably.

Archive flow simplified: Single read errors no longer block the archive path preemptively.

Archiving more reliable: Results are clearly and consistently reported.

Reactivation refined: The reactivation path runs separately with clear conflict checking.

Chain conflicts safeguarded: Ambiguous follow-up iterations are clearly treated as conflicts.

Status display refined: The Pro success page only confirms activation when profile status is established.

Record flow hardened: Uploads to archived obligations are consistently blocked.

Public discoverability sharpened: Relevant page signals were aligned consistently.

Public consistency: Public URL variants, DE/EN landing links, and target paths were unified to clear main paths.

Content sharpened: Core knowledge pages and internal links in DE/EN were refined and structurally aligned.

Record presentation improved: Export and chain communication became clearer.

Core stabilized: Archive flow and documentation chains were made more robust for ongoing operation.

Knowledge hub built: Core information pages (How-it-works, FAQ, Glossary, Knowledge) were introduced in DE/EN and basically linked.

Public foundation laid: DE/EN structure and page mapping were built consistently.

Login and user guidance were stabilized; typical everyday flow problems were reduced.

Archiving and recurring behavior were made reliable, error cases handled more clearly.

Terminology and DE/EN landing were merged and kept consistent.

Recurring stabilized: Month/year intervals for obligations were implemented robustly.

Archiving as trigger: Follow-up obligations are created exclusively on archiving.

History clearer: Archiving and history are presented traceably in the overview.

Legal notices (Terms, Privacy, Imprint) were added and refined.

Security-relevant hardenings were implemented.

Minor corrections for date, footer, and operational flows.

Privacy notes were updated and delivery improved.

Maintenance release with minor stability improvements.

Minor UI corrections and stabilization of the PDF export.

PDF export introduced: Obligations and records can be exported as a documentation file.

Small fixes in Pro/paywall flow and plan display.

Overview expanded: Search, status, and archive view were introduced.

Record and Pro flow: Record management and Pro/Free flow were added.

Multiple records per obligation as well as basic record types were introduced.

Web MVP: Obligation creation, due dates, and magic-link login were released as starting version.