Changelog
What we shipped.
The substantive changes since we started talking to customers. Security and infrastructure changes live separately on the trust center.
Entries are grouped by ship date, newest first. Anything that affected the cryptographic guarantees, the attestation chain, or the data we hold about you is also reflected on the trust center and in the privacy policy. Changes to subprocessors are posted on the subprocessors page at least thirty days before they take effect, per our DPA.
June 7, 2026
Public trust center, signed attestation chain, v1 launch
- The 8-node Merkle attestation chain that backs every meeting report is now Ed25519-signed. The public verifier is live at
/api/verify; the signing-key fingerprint is published on the security page. - The trust center, security overview, compliance status, subprocessors list, and responsible disclosure program are all live.
- Privacy policy, terms of service, cookie policy, and acceptable use policy published. Last revised June 7, 2026.
- Cross-region deletion now completes within thirty days of a verified request, with the deletion event itself written to the audit chain.
June 4, 2026
Workspace audit log and hash-chain verifier
- Every security-relevant event — sign-in, role change, MFA enrollment, export, delete, billing change, subprocessor acknowledgment — now writes a hash-chained row to the workspace audit log.
/admin/audit/verifyrecomputes the chain end-to-end and surfaces the first break, if any. Admins can export the log as JSON or CSV with the chain intact.- Audit log retention is seven years on Enterprise, one year on Professional, and thirty days on Starter.
June 1, 2026
TOTP multi-factor authentication and recovery codes
- TOTP MFA can be enrolled from Settings → Security. We support any RFC 6238 authenticator (1Password, Authy, Google Authenticator, Yubico Authenticator).
- Ten single-use recovery codes are shown once at enrollment and stored hashed. Codes can be regenerated at any time, which invalidates the previous set.
- Workspace admins can now require MFA for all members. New members are prompted to enroll on first sign-in; existing members get a fourteen-day grace window.
May 28, 2026
In-app onboarding walkthrough
- Step-by-step product tour for new workspaces covering Ask mode, Meeting mode, the speaker credibility arc, and the post-session report.
- Dismissable from any step and resumable from Settings → Help. Workspace admins can hide the tour for all members.
May 24, 2026
PDF, Markdown, and JSON export with embedded chain
- Reports now export as PDF, Markdown, or JSON. The PDF cover page shows the signing-key fingerprint and the SHA-256 root of the attestation chain.
- The JSON appendix includes all eight Merkle nodes, the Ed25519 signature, and the input hashes for each pipeline stage, so the chain can be re-verified by a third party without round-tripping through Felarity.
- Markdown export is plain text and chain-bearing — useful for archiving into a discovery system or a long-term content repository.
May 20, 2026
Stripe Customer Portal in Settings → Billing
- Workspace admins can now manage subscription tier, invoices, payment methods, and billing addresses from inside Felarity, via the embedded Stripe Customer Portal.
- Annual billing is selectable on Professional and Enterprise at checkout. Tier downgrades take effect at the next renewal so retention windows are honored.
May 15, 2026
Industry councils expanded to 30
- The council roster is now 30 specialist analysts: Legal (litigation, corporate, regulatory), Healthcare (clinical, administrative, research), Finance (investment, retail, compliance, audit), Technology (engineering, product, security), Government (federal, state, municipal), Manufacturing, Logistics, Aerospace, Consulting, Accounting, Media, Nonprofit, Hospitality, Pharma, Energy (oil and gas, utilities, renewables), Education (K-12, higher education).
- Workspace admins choose a primary industry at setup; the council weighting adjusts automatically. Industry can be changed at any time without losing prior session history.
May 10, 2026
Cryptographic attestation: first public verification
- The first attestation chain was verified end-to-end against the published public key using the in-browser verifier widget. The same widget now ships on every report page.
- Each of the eight chain nodes corresponds to a discrete post-session pipeline stage — concatenation, diarization, acoustic analysis, confrontation classification, speaker attribution, NLI re-scoring, topology, and final council synthesis — and is hashed in order, so tampering at any stage is detectable.
Subscribe
Want changelog entries by email? Send a message to changelog@felarity.com with the subject line subscribe. We send one digest per release, never more than weekly, and we do not share the list with anyone.
Looking for security and infrastructure history — subprocessor additions, incident reports, key rotations? Those live on the trust center and the subprocessors page, separately from product changes. For questions about a specific entry, write to hello@felarity.com.