No hardcoded production secrets
Client secrets are removed from code. Runtime values come from secure environment configuration.
Security and compliance
Controls for integrity, update governance and legal operations
The platform is designed to keep operational truth consistent while preparing for subscription-based access control.
Release manifest guardrails
Version policy is centralized in stable.json and consumed by app bootstrap logic.
Future entitlement-ready API surface
The website already defines endpoints for magic-link auth, billing and signed downloads.
Operational rollback path
If a bad release ships, manifest values can immediately force or relax update requirements.
Legal baseline (EU/DE orientation)
This website includes legal placeholders for imprint, privacy and terms. Final legal review is still mandatory before paid launch.
- Imprint and provider information pages are linked globally.
- Privacy and consent language is present for waitlist data capture.
- Terms page prepares paid-access conditions before checkout activation.