Changelog

2026.03.22

March 22, 2026

• Restructured homepage CTA hierarchy with Get Started as the primary action and sample report as secondary.
• Added FAQ section between pricing and bottom CTA to answer common buyer questions before conversion.
• Reframed How It Works and Dual-AI sections to lead with buyer outcomes instead of technical architecture.
• Expanded Enterprise pricing card with SLA, dedicated support, data residency, and compliance features.
• Added per-exercise unit cost breakdown to pricing tiers for easier plan comparison.
• Reduced hero top padding so the value proposition and CTAs appear above the fold on common desktop viewports.
• Passed plan context through pricing-to-sign-in flow so the sign-in page acknowledges the selected plan.
• Prepared social proof infrastructure for customer logos, testimonials, and metrics when available.

2026.03.22b

March 22, 2026

• Enabled 1-hour ISR caching on static marketing pages for faster edge delivery.
• Configured long-lived CDN caching for brand assets in /brand/ directory.
• Added dynamic OG image generation so each page gets a unique social card when shared.
• Created standalone /pricing page with dedicated metadata and JSON-LD structured data.
• Added JSON-LD structured data to pages that were missing it (about, contact, security, and others).
• Added internal links to ransomware and incident response landing pages from the homepage and footer.
• Added outbound external links to subprocessor vendor names on the trust page.

2026.03.22a

March 22, 2026

• Qualified framework references in the proof bar to clarify reports map to frameworks rather than implying vendor certification.
• Qualified audit-ready claims on the about page with specific report attributes.
• Expanded trust page into a full trust center with AI provider disclosure, subprocessor table, SLA targets, and data residency information.
• Expanded security page with encryption standards, infrastructure details, vulnerability disclosure policy, and disaster recovery sections.
• Added Data Processing Agreement (DPA) page for procurement and GDPR compliance.
• Added legal entity name and address to the site footer.
• Updated last-updated dates on security and trust pages.

2026.03.21

March 21, 2026

• Rewrote privacy policy to a comprehensive GDPR/CCPA-compliant document.
• Rewrote terms of service to a comprehensive legal document covering liability, termination, and governing law.
• Expanded cookie policy with a detailed cookie table and preference management section.
• Fixed cookie consent banner not rendering due to hydration mismatch.

2026.03.21a

March 21, 2026

• Darkened brand accent color to meet WCAG AA 4.5:1 contrast ratio for all primary buttons and active states.
• Consolidated sample-report modal to a single portal instance, reducing DOM duplication.
• Added ARIA attributes to sample-report dialog (aria-labelledby, aria-modal).
• Added aria-live regions to all forms for screen reader announcements of success and error states.
• Added aria-controls and panel IDs to FAQ accordion for proper screen reader association.
• Enforced 44px minimum touch targets on report tabs and sign-in link.
• Updated accessibility statement with explicit WCAG 2.2 AA target level.

2026.03.21b

March 21, 2026

• Implemented nonce-based Content Security Policy, replacing unsafe-inline for script-src.
• Tightened connect-src CSP directive to named WebSocket origins only.
• Added rate limiting middleware to public form API endpoints.
• Fixed reflected content injection on sign-in error parameter.
• Removed X-Powered-By header to reduce technology fingerprinting.
• Added upgrade-insecure-requests CSP directive.
• Returned generic error messages for API form validation failures.
• Fixed sign-in form to use POST method with CSRF protection.
• Added terms and privacy consent text to sign-in page.

2026.03.06

March 6, 2026

• Expanded public trust, accessibility, cookie, and starter-kit pages to give self-serve buyers more complete launch and procurement context.
• Moved Convex workspace providers off the public root path so marketing and legal pages stop loading app-only client dependencies.
• Shifted browser Sentry and PostHog bundles off the default public path so launch-facing pages carry less app-only JavaScript.

2026.03.03

March 3, 2026

• Published automated prelaunch verification coverage for SEO, security, and UX checks.
• Added web app manifest support and icon metadata improvements for platform installability.
• Introduced API/auth endpoint burst throttling protections for high-risk unauthenticated routes.

2026.02.28

February 28, 2026

• Added interactive starter kit walkthrough wizard with industry personalization for healthcare, financial services, manufacturing, technology, and government sectors.
• Revamped starter kit into a complete ransomware tabletop exercise kit with downloadable PDF checklist.
• Fixed email delivery pipeline so lead scoring does not block starter kit downloads.

2026.02.24

February 24, 2026

• Added marketing analytics funnel instrumentation for conversion tracking across the self-serve path.
• Integrated Loops lifecycle email and lead-state foundation for automated onboarding sequences.
• Added sample report download with email capture as a lightweight product evidence path.

2026.02.17

February 17, 2026

• Dashboard UX overhaul: user-friendly labels, color-coded KPIs, activity filtering, and empty state CTAs.
• Report visual overhaul: consulting-grade typography, layout, data visualization, and brand polish.
• Tightened PDF layout from 11 pages to 7 by eliminating empty spillover pages.
• Replaced heavy hero with editorial white cover design on report surfaces.

2026.02.10

February 10, 2026

• Fixed critical exercise room stability issues including preset seat defaults and reactive validation.
• Added exercise room breadcrumbs and decision capture guidance.
• Fixed report accuracy and navigation across multiple report views.
• Dashboard and form polish including improved validation states and loading behavior.

2026.01.27

January 27, 2026

• Migrated authentication from WorkOS to Convex Auth with magic link email flow.
• Added session state machine for reliable auth state transitions.
• Enforced billing and role checks for exercise access.
• Re-architected dashboard and app shell for improved navigation and organization support.

2026.01.15

January 15, 2026

• Added Inworld AI text-to-speech support for facilitator voice during exercises.
• Added option to disable turn timer for flexible exercise pacing.
• Improved error handling across facilitator voice, exercise creation, and Convex queries.

How to use this changelog

Use this page to confirm recent public-site and product-readiness updates before sign-in, plan selection, or procurement review. The changelog is intentionally concise: it captures meaningful release notes rather than every small implementation detail, copy tweak, or internal maintenance task.

For deeper context on current controls and review posture, continue to the Trust Center. If you want a lightweight way to evaluate the exercise workflow before account setup, start with the Starter Kit.

Release-note scope

We use this page for launch-facing notes that matter to buyers and operators: security posture language, reporting changes, reliability hardening, onboarding flow updates, and public-site adjustments that change how TTXLab is evaluated. Internal refactors that do not materially change customer behavior are generally omitted unless they directly improve launch readiness or supportability.

If you need a specific answer about roadmap timing, procurement review, or an operational workflow that is not covered here, use the contact page and reference the relevant release entry so the team can respond with the right context.

Looking for launch information?

Review the Trust Center for security and procurement posture, or start with the Starter Kit if you want a lightweight readiness checklist before entering the workspace.