What's new
A running log of changes to GatiFlow that affect customers. Hand-curated; internal refactors and minor fixes are omitted.
v2.9
June 2026- Download JSON button on the Report page — export the full intelligence payload with one tap.
- Hiring & Opportunity Signals now load collapsed for faster scrolling, with a Show All toggle to expand when needed.
v2.8
June 2026- Weekly Digest and Saturday Deep Dive emails now arrive at your local time — Monday 7 AM and Saturday 9 AM respectively — instead of a fixed UTC hour.
- Your timezone is detected automatically when you register. You can also change it anytime in Settings.
v2.7
June 2026- Insights is now a true daily brief: one narrative synthesized each day from the day's four collection cycles, instead of mirroring weekly content.
- Weekly Digest redesigned to look forward: the Monday email now opens with the week-ahead outlook, grounded in up to six months of signal history.
- Digest emails include a plaintext version for better deliverability and accessibility, and the subject always carries the send date.
- Research-paper coverage restored: the arXiv source is back online after an upstream change, with safeguards added across all data sources.
v2.6
May 2026- Landing page rebuilt with a responsive in-product preview — readable on mobile and accessible to screen readers.
- Saturday Deep Dive preview on the landing page now renders multiple paragraphs with a soft fade-out instead of a mid-sentence cut.
- Trend Reading 101 email course: confirmation email matches the visual identity of the lessons; clicking confirm lands on a dedicated confirmation page.
- Account verification emails now deliver reliably.
v2.5
May 2026- AI-generated content now declares itself in report metadata (EU AI Act compliance).
- Confidence intervals exposed on every report — see the score range, not just the headline number.
- Trial Grace Period state now visually distinct from active trial in dashboard.
- Double opt-in for the academy email course (CAN-SPAM-safe).
- Monthly cap on AI spend prevents runaway billing in case of stuck cron.
v2.4
April 2026- Stripe webhook idempotency made robust against partial failures.
- Watchlist signal collection moved to background tasks — internal cron no longer blocks on slow orgs.
- Sentry sampling on /collect reduced from 100% to 20% to extend free-tier capacity.
- Body size limit middleware streams chunks instead of buffering — no more OOM risk on chunked uploads.
v2.3
March 2026- Centralized opt-out filter — opted-out subjects now reliably excluded from all report paths.
- Registration requires explicit Terms + Privacy consent (LGPD/GDPR).
- DPO/Encarregado named on privacy page; data inquiry response time tightened to 15 business days.
- Stripe webhook signature validation now has explicit test coverage.
- Real client IP propagation: per-user rate limits and audit logs now reflect the actual caller, not the BFF edge.
v2.2
February 2026- Saturday Deep Dive: 1800-word weekly investigative article with web-grounded fact-checking.
- Daily intelligence narratives use Claude Sonnet with fact-check pass against numeric facts.
- RS256 JWT activated in production. Refresh token rotation hardening.
- Body size limit middleware (1 MB cap) — prevents accidental DoS via large payloads.
- Public report endpoint with caching for landing-page preview.
v2.1
February 2026- Token blacklisting via Redis (jti in JWT, /auth/logout endpoint).
- Refresh token set as httpOnly cookie (XSS protection).
- Auth rate limiting (10 attempts/min per IP).
- Stripe webhook signature validation (stripe.Webhook.construct_event).
- Quota race condition fix: increment only after successful report.
- PDF export reads plan and timestamp from canonical fields.
v2.0
February 2026- Unified monorepo: 9 separate repos consolidated into one.
- Full intelligence pipeline: RealCollector → Enricher → Scorer → Assembler.
- First production deployment of Pro and Business plans.
For incident reports and uptime, see status updates.