User-facing release notes for the Plotbun platform. Implementation history lives in the spec status file; this is the human-readable summary.
Add `?format=csv` to /api/gdpr/export to receive a JSON envelope of CSV files (one per data class — acceptance log, erasure requests, follows, orders, refunds, disputes). The legacy JSON download still works without the param.
Every GDPR data export now contains a `legalBasis` section listing — for each data class the platform stores — which Article 6 lawful basis covers it (consent / contract / legitimate interest / legal obligation) plus a short rationale. Closes the Article 5(2) accountability requirement.
Users landing on /profile without a display name now see a prominent banner with a deep-link to the handle picker, so new accounts have a clear next step instead of appearing as Anonymous.
Closing the pause or backlog overlay in the player now returns keyboard focus to the element that opened it, matching standard a11y dialog patterns.
The editor now surfaces a daily AI usage counter next to the AI Image controls so creators can see how many image / text generations remain before they need to slow down. Tied to the existing per-user `/api/llm/quota`.
When an admin removes a community listing, both the listing-detail page and its OpenGraph metadata now render a generic "Listing Removed" notice instead of leaking the title or synopsis. Owners signed in on the same browser see an additional appeal CTA.
Sharing a community listing now renders a custom OG image with the listing cover, title, author, monetization label, and genre. Creator pages also get a profile-styled OG image.
All authoring-time LLM and image generation requests now run through a local moderation classifier before forwarding to the provider. Obviously harmful prompts are rejected with a clear error.
Profile now includes an Email Verification card, and /forgot + /reset are wired for password recovery. Tokens are surfaced in-product today; a future cloud build will deliver them via email.
Profile now exposes a Danger Zone for one-click account deletion. We submit a GDPR erasure intent server-side and clear every personal-namespace `godengine:*` key from local storage on the device.
Admins can now take down or restore community listings from /admin/listings. Every admin mutation appends to a persisted audit log readable at /admin/audit.
Community listing detail now shows an "AI-Assisted" badge when the underlying project uses AI-generated assets. Provenance metadata (provider, model, prompt digest, generated-at) is recorded on each AI-generated asset.
Accounts now have a canonical `@handle` you can edit on /profile. The platform no longer leaks internal user IDs into UI surfaces — community routes, reviews, and analytics all bind to the handle.
Acceptance log, erasure requests, and data export now have dedicated UI pages under /account/gdpr/ instead of returning raw JSON to the user.