What shipped. What broke.

Public-scan funnel retired.

The historical self-serve scan surface and the multi-vendor enrichment pipeline behind it were removed in full — every public route, every backing script, every third-party integration, every dashboard built on top. The work that mattered moves to two more focused offers: the monitoring service and the per-domain evaluation tool. The cleanup also closes a non-trivial attack surface the live funnel didn't need.

Regional consent live for California visitors.

Visitors connecting from California now see a Do-Not-Sell-or-Share control in the site footer and a dedicated regional disclosure page in the privacy section, in addition to the standard consent banner everyone sees. The region is classified at the edge and applied before the first byte of HTML reaches the visitor. The control is honored both forward and backward — any tag already permitted is silenced if the visitor opts out after the fact.

Consent-state race on third-party tags.

Third-party tags that loaded after a prior consent decision could occasionally initialise before the visitor's persisted choice was re-applied — a race that briefly violated their stated preference. The fix pre-applies the persisted decision synchronously on every page-load and re-fires it once the tag library reports ready. Verified across the consent-bridge integration and the booking-conversion attribution path.

Single-tier offer published for Wix-based stores.

A separate offer aimed at Wix storefronts went live today: one tier, one annual price, one quarterly evaluation by the team, refund terms aligned with the headline service. The Wix surface is a tighter integration than the headline offer, so the price reflects what we actually do — not what we'd like to charge.

Log entries moved to a shared file.

Until today, the list of entries you're reading was kept inside the /log page itself. We moved it into a shared file so the notification bell that's about to appear in the site header can read the same list — instead of us keeping two copies in sync every time a new entry ships. A test confirmed /log renders identically to yesterday's version: same entries, same order, same icons. Nothing changed for readers; the plumbing is now ready for the bell to plug in.

Pre-expansion refactor shipped on schedule.

A planned structural change landed in a quiet window between feature waves, ahead of the next phase of expansion work. It clears the path for upcoming additions to ship without edits to the live path that moves merchant traffic. Behavior verified unchanged by a byte-for-byte test.

Encryption-at-rest hardened with per-merchant key isolation.

Five-week rollup release deployed.

A large rollup covering five weeks of work shipped today. During the rollout, automated checks caught four secondary defects that would otherwise have reached merchants; all four were patched and shipped later the same day. The story isn't that we had bugs — it's that every gate fired exactly when it was supposed to.

Tamper-proofing on safety-critical automation.

Supply-chain hardening on review tooling.