Changelog What shipped recently in the Hub

We ship fast, and the changelog shows it.

This is the public record of visible product work. It stays in JSON so new entries can be added without touching the template.

May 20, 2026 feature

GDPR self-service and cookie consent

Added authenticated data export, 30-day account deletion scheduling, cancel and purge flows, and a shared cookie consent banner for public and logged-in shells.

May 20, 2026 fix

CSRF protection and HSTS

Cookie-authenticated POST requests now require a per-session CSRF token, and HSTS is enabled when the Hub runs behind HTTPS or HUB_FORCE_HSTS=1.

May 20, 2026 feature

Unified Reports module

Added branded reports that roll up SEO, Content, Social, Web, and Ads into a single dashboard module with download and summary views.

May 20, 2026 feature

Paid Ads Co-pilot

Launched the ads module with campaign drafts, deterministic copy generation, status updates, CSV export, and dashboard access when licensed.

May 20, 2026 improvement

Mobile responsive pass and Playwright smoke

Tightened the public and dashboard layouts for 375/414px screens, closed drawer links on tap, and added the first Playwright smoke test for the public pages.

May 20, 2026 feature

Soft email verification and audit log

Signup now verifies email softly, resend requests are rate-limited, and the admin audit log captures login, password lifecycle, plan, and license changes.

May 20, 2026 feature

Help, FAQ, and contact flow

Shipped a public help page with real SMB FAQs and a support contact form that saves messages and emails Juan and Ana with reply-to support.

May 20, 2026 improvement

Legal pages and branded error responses

Added public terms and privacy pages, linked them from the login footer, and rendered branded HTML for 404 and 500 errors while keeping JSON for API clients.