Changelog

What's new in Predax

Feature releases, detection improvements, and platform updates. We ship continuously — this page lists customer-visible changes from the most recent few months. Older entries are summarised, not exhaustive.

featureimprovement

Outbound usage webhooks + clearer usage limits

  • Outbound usage webhooks shipped: register a signed HTTPS endpoint (HMAC-SHA256 via the X-Predax-Signature header) and get notified the moment you cross 80%, 90%, or 100% of your daily or monthly quota — no more polling the dashboard. Manage them under Dashboard → API Settings.
  • Usage meters on the dashboard now show both daily and monthly consumption with colour-escalating progress bars and an upgrade prompt as you approach your cap.
  • Daily usage warning emails — previously only monthly thresholds were emailed; lower tiers that hit the daily wall first now get an 80% / 90% / 100% heads-up too.
  • Rate-limit and quota errors (402 / 413 / 429) now tell you exactly which limit you hit and which plan lifts it, with an upgrade link in the response headers.
improvementcontentfix

Site polish, honest docs, smoother onboarding

  • Anonymized the case studies — composite scenarios drawn from real deployments, no fictional company names.
  • Corrected API examples across /use-cases and the Help Center — endpoints now point to POST /api/v1/check/ip with the real response shape.
  • IP report pages no longer show "Unknown" placeholders for missing fields — sections render only when data is present.
  • API Settings dashboard rewritten to honestly mark webhooks as Coming Soon and surface IP allowlisting on the API Keys page.
  • New /changelog page (this one) — public log of what we ship.
  • Welcome email now sent on signup with a copy-pasteable curl example and your initial API key.
  • Email verification softened from a hard login gate to a 72-hour grace banner — you can use the API immediately.
  • Register form trimmed to four required fields (email, password, name, country); the rest moved to optional profile completion.
  • 80% / 90% / 100% monthly-quota notifications now actually fire (in-app banner + email). Previously promised, now delivered.
  • Plugin v1.9.2 for WordPress: removed a hardening toggle that was flagged in plugin review.
feature

Apple Private Relay + Cloudflare WARP detection live

  • /api/v1/check/ip now returns first-class is_private_relay and is_warp flags alongside is_datacenter.
  • Apple's daily egress feed (~286k prefixes) is correctly tagged kind=private_relay — previously was being miscategorized as VPN.
  • Cloudflare WARP detection cross-references published edge ranges; surfaced as advisory since WARP and CDN-fronted Cloudflare share IPs.
  • Companion blog post explains the 2026 calibration story for risk-scoring around consumer privacy networks.
content

Better internal navigation across the blog

  • All 16 blog posts now end with a Related Guides section linking to peer posts and integration pages.
  • High-buyer-intent posts (VPN detection, fraud, ATO, scrapers, etc.) include a contextual /pricing CTA.
feature

Per-category email preferences + RFC 8058 one-click unsubscribe

  • New /unsubscribe/{token} public page with per-category toggles (weekly_report, product_updates, security_alerts).
  • Logged-in users can manage preferences at /dashboard/email-preferences.
  • Weekly security reports include List-Unsubscribe headers — Gmail's one-click unsubscribe button works.
  • Transactional mail (password reset, magic links, billing receipts, 2FA) is unaffected — those are contractual under GDPR/PECR.
feature

Two-factor authentication (TOTP + backup codes)

  • Enable TOTP-based 2FA from Dashboard → Security. Compatible with Google Authenticator, Authy, 1Password, etc.
  • Backup codes generated once at setup time, stored bcrypt-hashed, single-use.
  • Login flow gates access on the second factor for accounts that have it enabled.
  • Disable requires re-entering your password to prevent session-hijack-based downgrade.
fix

Sub-processor disclosure corrected

  • Privacy Policy and DPA now correctly list Hostinger UK Limited (United Kingdom) as the hosting sub-processor.
  • VPS data centre confirmed in the UK — no cross-border transfer, no IDTA/SCCs needed for the hosting leg.
improvement

Comfort-blanket weekly security report

  • Weekly digest rewritten with a warmer, dark-themed design.
  • Adapts when there were no threats: "All quiet this week" instead of an empty threats table.
  • Three-tile stats layout (checks run / attacks stopped / clean %).
feature

AI support chatbot

  • Floating support widget now available on every page with a session memory.
  • Answers product, integration, and billing questions sourced from our docs and help center.
content

Integrations hub + plugin detail pages

  • New /integrations hub with dedicated pages for WordPress, WooCommerce, and Shopify.
  • Each integration page includes setup steps, screenshots, and trust signals.

Got feedback or a feature request?

We prioritise based on customer signal — if there's something you'd like to see, let us know.

Get in touch