Skip to content

Version 1.0 · Last updated 22 May 2026

This document is provided as a plain-language draft and is pending legal review. If you spot an issue, email legal@inboxdesk.ai.

Changelog

What's shipped, when, and why.

2026-05-22 — Security and trust hygiene pass

  • Privacy Policy bumped to v1.2: corrected 7-day backup retention (was 30) and added new sub-processors (Cloudflare Turnstile, Upstash Redis) to §7
  • Terms of Service bumped to v1.1: removed unused free-trial clause; "Free tier IS the trial" wording
  • New pages: /security, /trust, /status, /accessibility, and this changelog
  • Anti-bot signup defences hardened with a six-layer stack (Turnstile challenge, hashed-IP sliding-window rate limit, input validation on names/emails, deferred tenant creation until email confirm, daily cleanup of stale unconfirmed signups, plus a one-time cleanup of three Turkish-gambling-spam bots that surfaced 2026-05-20)
  • Dashboard polish: realtime-reconnect indicator with fallback poll, bulk-approve confirmation gate, send-confirmation toast, in-app help link, error-banner for revoked Gmail OAuth
  • Privacy: account-identity row added to the GDPR export so Article 20 portability covers controller-side data too
  • Multiple internal hardening migrations: search_path lockdown on auth trigger functions, Stripe webhook event-ID deduplication, cron-job heartbeat table

2026-05-13 — DPA v1.1 published

External legal review (Radcliffe Enterprise Law) completed for DPA Schedules 1 and 2, Article 28, Section 11, and the audit clause. Substantive amendments incorporated.

2026-04-29 — Pricing tiers locked

Free / Starter (£19/mo) / Pro (£49/mo) / Scale (£99/mo). Annual at 17% off (two months free). Hard caps with clear upgrade prompts.

Earlier

Build progress before this changelog existed was tracked internally. From the public launch onwards, every meaningful customer-facing change lands here within a week of shipping.

Effective date

This page was last updated 2026-05-22.