A small service is best evaluated by the record it leaves behind. Every change to the service, every internal review, every incident lands here in the order it happened. Nothing is rewritten after the fact.
Session handling tightened to the middleware layer. No change to data flow or retention; the change is internal and mechanical — documented here because the commit touched authenticated paths.
The full kickoff-to-live sequence was walked through end-to-end on a non-production store. The output was a tightened runbook and a shorter kickoff-call agenda.
99.9% uptime; credit schedule published; language matches /trust verbatim. The commitment is contractual, not aspirational — see Terms §9.
Category-level disclosure on the Privacy page. The named list is available to controllers and regulators on written request under confidentiality; material changes notify with thirty days to object.
Four-part public statement: the stake, the beliefs, what we refuse to do, what the owner gets back. Drafted as a document, not a landing page.
How this page works
Technical detail is kept off this page on purpose — a public log shouldn't double as a map for attackers. For full depth or our sub-processor list, email vadim@loomaru.com.