Web platform · signup fixes, security hardening & polish
A sweep across verge.calmhqstudio.com — the site you signed up on. Signup-flow bugs fixed, security tightened, and the platform instrumented so problems surface before you have to report them.
- ImprovedSecurity hardening: strict security headers site-wide, cross-site request protection on sign-in, rate limiting on public endpoints, and tighter handling of profile-link tokens
- ImprovedA temporary captcha outage no longer blocks signups with a "prove you're human" error — it's detected, retried, and reported honestly
- ImprovedPayment webhooks and checkout now record every failure for follow-up, so a paid subscription can never be silently lost
- ImprovedAccessibility: skip-to-content link, screen-reader announcements for form errors and journal save status, and full prefers-reduced-motion support
- FixedVerification emails that failed to send were reported as sent — failures are now caught and a "Resend it" button appears on the confirmation screen
- FixedThe signup page said "TestFlight on 1 July" and "beta is open now" at the same time — all copy now tracks the live beta state from one source of truth
- FixedA broken "Export this session" link in the dashboard returned a bare error page — now points at the working data-export
- FixedThe dashboard could fail entirely if one widget's data was briefly unavailable — a hiccup now degrades that widget instead of the whole page