Changelog

Added

• Public per-note share links. Toggle Share on any note to mint a public, read-only URL — anyone with the link can read; toggle off to revoke instantly. Pages set noindex so search engines won't list them.
• Service limits page at /limits — single canonical reference for every cap and rate limit, pulled live from running configuration.
• End-User License Agreement at /eula.
• Per-user API error log at /settings/api_errors — every 4xx your bearer-token requests received, newest first.
• Idempotency-Key header on API write endpoints — opt-in, 24h dedup window per user, stable error code on conflict.
• Free-tier usage meter on the dashboard and notes list.
• Welcome note auto-created on first signup; welcome email sent on first confirmation.
• Folder view pagination (60 notes per page).
• SEO metadata: per-page descriptions, Open Graph / Twitter cards, canonical URLs, branded titles.
• Sign-up rate limit (5/hour/IP) and per-email login throttle (5/20 min) in Rack::Attack.
• Honeypot field on the sign-up form.
• API tier (Dev / Dev-pro plans) — bearer-token REST API at /api/v1, with notes and folders resources, atomic append, bulk creates (Dev-pro), append-by-filename addressing, and /settings/api_tokens for token management.
• Pricing redesigned to four tiers: Free, Paid, Dev ($99/yr), Dev-pro ($199/yr).
• Lapsed paid users transition to read-only — every existing note remains readable + exportable forever.
• Plan-change flow with downgrade gates — switching to a lower tier surfaces a per-cap blocker list.
• Public API docs at /docs.
• bin/backup — Postgres dump runner with retention pruning and optional rsync/S3 off-host copy.
• Sentry error tracking (no-op unless SENTRY_DSN is set).

Changed

• Full-account export is now async, delivered by email. Options → Download all enqueues a background job, builds the archive off-request, and emails a one-time signed download link valid for 24 hours.
• API token expiry policy. Tokens default to 90-day expiry; user-set expiries beyond 1 year are rejected.
• Notes list Latest sort now orders by updated_at (most recently edited) rather than created_at.

Security

• Email-change abuse window tightened. Devise's email-change endpoint is capped at 3/day per account and 3/day per target address.
• Tighter throttles on expensive surfaces. Note writes 120 → 30/min/user; per-note PDF/DOCX/TXT downloads 60 → 10/min; billing portal/change-plan 30 → 5/min; full-account export request 5 → 2/hour.
• api_errors log scoping. The per-user error log is read through current_user.api_errors only — wrong-owner lookups return nothing rather than leaking another user's request paths.

Removed

• Monthly subscription plan — annual ($19 / year) is now the only paid plan.
• 30-day trial infrastructure — the freemium 10-note cap replaced it.