Aller au contenu
wheremyflow
Connexion Démarrer gratuitement
Fonctionnalités Tarifs Comparatif Manifeste Aide Audit Contact Démo Connexion

Changelog

Current version: 5.1 (sprint in progress). This page lists user-visible changes.

In progress — UX & export sprint (May 2026)

2026-05-15 — export overhaul

  • 🗑️ Per-card exports removed: no more "Export CSV" button on individual dashboard cards.
  • 🗑️ Per-tab PDF exports removed: no more "Export PDF" button in the tab header, no more global dashboard PDF.
  • 🗑️ Async-email ZIP system removed: no more background job, no more 24-hour link, no more "Your export is ready" Brevo email.
  • ⬇️ New "Download all data (CSV ZIP)" button on the Dashboard tab header and on the Compliance card — see Export and erasure.
  • Direct streaming (synchronous, no email wait).
  • 6 folders, 23 CSV files per export, column headers in English only.
  • Header button → currently selected period. Compliance card button → all data (90d, GDPR art. 20).
  • "!" click tooltip explaining contents and period.
  • ⚙️ Help pages chrome rework: signed-in users now see a dashboard-adapted shell (logo + "← Back to dashboard" button) instead of the public marketing chrome. Articles unchanged, single source of truth.
  • 🌍 DE/IT/ES/NL translation batch: 100 missing UI strings have been added to the 4 secondary languages (period pill, Behavior sub-tabs, Funnel/Revenue labels, DPA signing, abbreviated days/months, k-anon empty states).

Pre-2026-05-15 (April–May 2026)

  • 📚 Public legal pages: Legal notice, T&Cs, Privacy policy, DPA summary added to the documentation.
  • 🛡️ Right to erasure (GDPR art. 17): DELETE /api/dashboard/erase-site endpoint to immediately erase a site and all its data in cascade.
  • 🗃️ 30-day archive: reversible alternative to immediate erasure — POST /api/dashboard/archive-site.
  • 🧪 Auth test coverage: parameterised test covering requireSite enforcement across every /api/dashboard/* endpoint (33 routes).
  • 📐 Engagement rate: formula switched to 50% scroll OR 30 seconds of session (instead of 25% / 10s which overstated the metric).
  • 🤖 robots.txt: added to fence public marketing/docs vs private dashboard/billing/API.

v5.0.0 — privacy-first overhaul (April 2026)

  • 🇪🇺 Strictly EU-sovereign stack: Clever Cloud (Nantes, FR), DB-IP (FR), Brevo (FR), Mistral AI (FR), Mollie (NL).
  • 🚫 No tracking cookies: daily HMAC-SHA256 visitor identifier, monthly-rotating salt deleted atomically (Plausible / Fathom doctrine).
  • 🔒 Graduated k-anonymity: k=2 for URLs, k=5 for demographics, k=10 for cities and crosses.
  • 📊 Unified dashboard: Install / Dashboard (6 sections in sticky TOC: Overview / Content / Behavior / Sources / Audience / Technical) / Compliance.
  • 🔌 WordPress plugin v2 with 1st-party proxy + i18n + brand UI.
  • 🤖 Mistral AI insights: on-demand multilingual summary built from the site's anonymous aggregates.
  • 🔐 Ingest / dashboard role separation: two PostgreSQL roles with fail-closed regex guards.
  • Frozen GDPR tests: structural invariants (event whitelist, no UTM, k-anonymity, DNT/GPC opt-out) frozen in CI.

For the precise technical history, see the GitHub repository.