Recent platform updates
New features, integrations, and pricing changes — the customer-meaningful changes we release. Subscribe to platform updates from your account preferences once you're signed in.
- FEATURE 2026-05-31
Privacy Policy + Terms of Service refreshed to V2 (counsel-approved)
Both legal agreements are now the counsel-reviewed V2 drafts — Privacy Policy expands to 15 sections (CCPA/CPRA, GDPR, UK GDPR, LGPD, PIPEDA, APPI, Australia Privacy Act); Terms of Service expands to 19 sections including binding arbitration with a 30-day opt-out, class-action waiver, and a hard cap on liability. Sub-processors (MongoDB Atlas, Cloudflare, Stripe, Resend, PostHog) called out explicitly, with SCCs + UK IDTA for cross-border transfers.
Try it - FEATURE 2026-05-31
Defensive security pass — Stripe webhook strict-sig, CSP report-uri, COEP, body cap
A self-initiated red-team audit closed every High / Medium / Low finding in one sprint: Stripe webhook now hard-fails on signature mismatch (no silent fallback), Content Security Policy reports violations to a backend ingest for telemetry, Cross-Origin Embedder Policy is on for the docs surface, a global request-body cap blocks oversized payloads, SVG uploads validate by magic-byte (no more spoofed text/html), and admin passwords are rotated. Server-stack identifiers (`Server`, `X-Powered-By`) are stripped at the ingress.
Try it - FEATURE 2026-05-31
Slack ping on every successful Stripe charge (with FIRST-PAID banner)
The operator Slack channel now lights up the second a paid checkout lands — amount, plan, customer email (redacted past the @), Stripe session id, and live-vs-test mode. The very first paid conversion fires an additional 🎉 milestone banner so the team can't miss a revenue moment. Idempotent at the session level — webhook + success-poll can both fire and only one ping goes out.
- DEVELOPER 2026-05-30
QorBOM docs now ship a Stripe/Mintlify-style 3-column shell
The QorBOM developer docs are split into six distinct subpages — Quickstart, Auth, Endpoints, Webhooks, Errors, SDKs — each with its own URL, hash-anchored table of contents, and a left-rail nav so deep-linking finally works. A first-visit Quickstart tour overlays four floating coach-marks to point developers at the right starting place. Lives at qorbom.com/developers and docs.qorbom.com.
Try it - FEATURE 2026-05-30
Partner portal moves to its own subdomain — app.qorbom.com
QorBOM partners now sign in at app.qorbom.com (was qorbom.com/portal). Cleaner mental model — qorbom.com is the marketing front door, app.qorbom.com is the operating console — and Cloudflare routing keeps deep links to tabs like /overview, /keys, /scans, and /branding working without an extra redirect.
- FEATURE 2026-05-30
Status page now lives at status.qorbom.com
QorBOM's live operational status moves to status.qorbom.com — a dedicated subdomain so incidents and uptime never compete with marketing or app traffic. Cloudflare-routed, same 30-day uptime ribbon, latency sparklines, and synthetic monitoring as qortrace.com/status.
- BILLING 2026-05-23
Stripe live billing is on — real cards, real subscriptions, signed webhooks
qortrace.com now accepts production card payments end-to-end. Customer Portal (manage / cancel / change card) is configured in live mode, all 8 critical webhook events are wired with HMAC signature verification, and the public status endpoint confirms mode=live with webhook_signature_verified=true. Statement descriptor reads QORTRACE on customer card statements.
Try it - POLISH 2026-05-23
Every email we send just got way more readable
Site-wide email design refresh: brighter body text, wider cards (600px), more breathable line-height, and explicit text colors that survive Gmail / Outlook rewriters. All 30 transactional email templates — invites, password resets, audit deliveries, weekly digests, NDA notifications — landed the upgrade in one sweep.
- POLISH 2026-05-23
/changelog short-link
Type qortrace.com/changelog (or click it in any email footer) to land directly on the public release log. Previously only reachable through /docs/changelog.
Try it - FEATURE 2026-05-23
Audit-delivery emails now include 'Refer & Earn Credit'
Right after we hand off your shareable certificate, the delivery email surfaces a one-click path to your referral dashboard. Every paid conversion attributed to your code earns account credit — the highest-leverage moment to share QorTrace is the moment you've just received value from it.
Try it - FEATURE 2026-05-22
Status page: 30-day uptime ribbon + 24h latency sparklines
/status now ships a Cloudflare/Stripe-grade ribbon — 30 days of daily uptime per component, 24h latency sparklines on every probe, last-checked timestamps everywhere. The synthetic monitor extends to Audit, Scanner, Atlas, Compliance, and Trust Center endpoints with both slash-variants probed.
Try it - POLISH 2026-05-22
Password UX upgrade — live policy meter, breach checks, strong-password suggester
Every password form (signup, reset, 2FA backup, account settings) now shows a live policy meter, a strength bar, a one-click strong-password suggester, and a HIBP (HaveIBeenPwned) k-anonymity breach check that warns if your password has appeared in a known leak — all without sending your password anywhere.
Try it - POLISH 2026-05-22
Cmd-K search now self-tunes — and shows you what's trending today
Hit Cmd-K (or Ctrl-K) anywhere on qortrace.com. The site-wide search now learns from real query patterns: documents you actually open rise, the ones nobody clicks fall. A new 'Trending Today' rail surfaces what other operators have been hunting for this morning.
- DEVELOPER 2026-05-22
PQC Glossary expanded to 175 cross-linked terms
The /docs/glossary page now covers 175 post-quantum cryptography terms — from CRYSTALS-Kyber to Q-Day to NIST FIPS 203/204/205 — with cross-references between related entries. Built so a CISO or analyst landing cold on a PQC-heavy customer thread can decode any term in two clicks.
Try it - DEVELOPER 2026-05-22
Every API endpoint is now slash-agnostic — no more 307 redirects
Trailing-slash requests (/api/audits/ vs /api/audits) used to bounce through a 307 redirect — a small but real source of latency, broken Authorization headers (some HTTP libraries strip them on redirect), and CORS preflight pain. A new ASGI middleware flattens both variants to the same route. POST/PUT/DELETE included.
- POLISH 2026-05-21
GitHub repo scanner — clearer validation hints + clean handoffs
The GitHub repository scanner now shows inline format hints (owner/repo · or full https://github.com/...), validates as you type, and gracefully recovers from rate-limited GitHub responses. Newsletter signup scope bug fixed; broken email-link 404s repaired.
Try it - FEATURE 2026-05-07
Trust Center is live — SOC 2 + ISO 27001 + DORA + FFIEC posture, in the open
The new public Trust Center at /trust shows live compliance posture across all four frameworks, plus every published policy with version history. No more 'send me a PDF' on the first sales call — the numbers update from a real GRC console, not a slide.
Try it - FEATURE 2026-05-07
Community Pulse — what people ask QorTrace this week
The new /trends page surfaces the rising topics, doc gaps, and best-loved answers from across the QorTrace help center. Opt-in only — accounts can toggle whether their queries contribute, anonymised, from /account/settings.
Try it - FEATURE 2026-05-07
Qelli got a memory upgrade — vector retrieval + 'Why this answer?'
Qelli, our in-product AI guide, now uses OpenAI text-embedding-3-large to answer paraphrased questions even when no keyword overlaps. Every answer ships with an expandable 'Why this answer?' panel showing the source pages and similarity scores — so you can verify her grounding before trusting it.
Try it - POLISH 2026-05-07
Qelli now streams her answers in real time
Sub-second first token, smooth typing animation, and a thumbs-up / thumbs-down feedback loop on every answer. Multi-turn sessions persist so you can pick up a conversation right where you left off.
Try it - FEATURE 2026-05-07
New Help Center at /help — eight categories, instant Qelli search
Wiki + Qelli + a 'docs to write next' insights loop, all in one place. Eight curated categories (Getting Started · PQC Scanner · Audits · Atlas · Billing · Team · Integrations · Compliance) make 39 deep-dive pages findable in two clicks.
Try it
- BILLING 2026-05-05
Atlas portfolio scanning — Pro & Team plans
Atlas now supports monthly portfolio buckets: Pro ($199/mo) gets 25 imports per month with API + webhooks; Team ($999/mo) opens up 200/month with 6 seats. Free accounts continue to get one Atlas import to explore the product.
Try it - DEVELOPER 2026-05-04
Public webhook signature verifier
Drop a payload + secret + timestamp into the public verifier and it computes HMAC-SHA256 client-side via the Web Crypto API — nothing leaves the browser. Ships with copy-paste Node.js + Python reference snippets.
Try it - FEATURE 2026-05-04
README embed snippets for audit certificates
Customers can paste a markdown/HTML/URL badge into their repo README. The badge auto-updates as the security score improves on re-audit — and every paste becomes an inbound link.
- FEATURE 2026-05-04
Atlas portfolio CSV import
Drop a CSV of (chain, address, label) rows and Atlas batch-scans up to 100 wallets at ~1 row/sec, with live progress polling and a per-row results table.
Try it - DEVELOPER 2026-05-04
Outbound webhooks for monitoring + audit events
Stripe-style HMAC-SHA256 signed webhooks fire on monitoring.degraded and audit.delivered events. Three-attempt exponential-backoff retry, customer self-serve at /account/webhooks.
Try it - BILLING 2026-05-04
Stripe checkout for audit SKUs
One-Shot ($149), Builder ($49/mo or $490/yr), Team ($199/mo or $1,990/yr) — all wired through Stripe with the credit-grant model the FAQ promised (subs reset each cycle, top-ups stack).
Try it
Run a free wallet scan in 90 seconds
See the platform live — drop in a wallet address and get an instant post-quantum exposure score across 18 chains. No signup required.