Internal log
April 12, 2026
Rewrote homepage hero with identity-first headline and trust row. Added dedicated trust block, credit explainer, plan decision guide, and pricing FAQ. Unified credit counts across all pages (200 on Starter). Removed model-name jargon from all primary conversion zones. Simplified CTAs to one dominant action per page. Updated gallery and case study copy.
April 12, 2026
Full OWASP pentesting checklist review. Added CSRF protection on all state-changing endpoints, EXIF metadata stripping on uploads, password reset flow, common password and disposable email blocklists, hash-DoS prevention, anti-enumeration on sign-up, Cache-Control hardening on authenticated routes, and security.txt.
April 12, 2026
Added SPF and DMARC DNS records for klamdo.app to prevent email spoofing and improve deliverability for transactional emails sent via Resend.
April 12, 2026
Added customer.subscription.updated Stripe webhook handler for real-time plan change, cancellation, and status sync. Consolidated /faq to /answers with a 301 redirect. Removed placeholder social links. Cleaned up sitemap.
March 30, 2026
Public pages now stay public while create, dashboard, profile, and reference-pack access require both an account and an active subscription.
March 30, 2026
Klamdo now uses a D1-backed account and session system with first-party sign-in, sign-up, and sign-out routes instead of the previous anonymous fallback.
March 30, 2026
Generation jobs continue to run through Queues, Workflows, Turnstile protection, and R2 asset persistence in production.