Skip to main content
Showcase

Milestones

Recent ecosystem improvements at HumanKey.

  • Quarterly ecosystem review — Q2 2026

    Operator-initiated multi-stakeholder validation across customer-facing surfaces; the result for buyers is more consistent copy across the channels we publish.

    Read full post →
  • Team invite preview

    Invitees see who invited them and the role they will hold before accepting — acceptance is an explicit click.

    Read full post →
  • Cross-surface integrity safeguards

    New automated pre-publish checks ensure that what we show on one surface — dashboards, emails, public pages, documentation — stays aligned with what we show elsewhere, and that user-supplied content cannot influence the templates we render.

    Read full post →
  • In-app yearly billing switch

    Switching from monthly to yearly billing now happens in the dashboard with an explicit confirmation step that shows the prorated charge and the new renewal date before customers commit.

    Read full post →
  • Team workspace coherence

    When you switch into a team account you manage, your dashboard reflects that team's data — sites, plan, traffic, snippets — consistently across every surface.

    Read full post →
  • Member-management traceability for GDPR Right of Access

    Every team invitation, acceptance, and member removal is recorded in your account activity log — a traceable record that helps us answer a GDPR Art. 15 access request about team-membership changes.

    Read full post →
  • Right to Erasure now extends across team activity records

    When you exercise GDPR Art. 17, your email is now removed from team-invite and admin-action records held by other accounts — your tax-retention records remain under Polish accounting law.

    Read full post →
  • Disclosed data-handling figures now stay aligned with implementation

    Retention periods and processing limits shown in our privacy documents, marketing pages, and downloadable PDF agreements are tied to the same source as what our service actually does.

    Read full post →
  • Our audit trail now keeps only minimised identifiers

    The compliance log that tracks account changes (creates, updates, key rotations, billing events) now stores only hashed identifiers — never raw network details — matching what our privacy notices commit to.

    Read full post →
  • Our database changes ship behind a pre-flight verification gate

    Before any destructive change to the compliance trail database, an automated verification pass confirms the operation will not lose audit-trail integrity. The pattern caught a real issue this session and prevented data loss.

    Read full post →
  • Customers can now display their HumanKey verification publicly

    A new opt-in badge lets Pro+ customers embed a privacy-by-default verification mark on their websites, with a click-through page that confirms active monitoring without exposing visitor data.

    Read full post →
  • Our login and team-invite tokens are now strictly validated before reaching our database

    Our authentication and team-invitation flows now apply a stricter validation check on the security tokens they handle. Malformed input is rejected at the API edge with a uniform error response, reducing both the attack surface for our customers' data and unnecessary internal load.

    Read full post →
  • Re-authentication UI now preserves customer method selection during background identity validation

    When a customer chooses a sign-in method on our re-authentication prompt, their selection stays put. Background identity validation continues to run as before, without overriding the customer's choice — producing a predictable experience for the customer and a single source of truth for compliance reviewers.

    Read full post →
  • Traffic that goes past your plan limit is now still measured, and geography reflects the real visitor

    When your traffic exceeds your plan limit, it no longer goes dark — over-limit visits are still measured up to a generous ceiling, so you can see real growth and decide whether to upgrade. Visitor country and network signals are now computed from the real visitor rather than the delivery edge, so attribution and datacenter-bot detection are more accurate.

    Read full post →