Product roadmap

This page summarizes direction. It is not a binding delivery date. Detailed scope for optional bolt-ons lives in docs/LAUNCH-SCOPE.md in the operator repository.

Shipped (core platform)

Better Auth on Workers; Google OAuth (additional IdPs when secrets configured)
Turnstile on sensitive routes; widget.js + <capcha-auth> embed
POST /api/v1/capture, D1 metadata, R2 vault, per-tenant API keys, webhooks
Stripe subscriptions + webhook mirror; tenant JSON export + purge
Trust pages, compliance index, public support chat path

Next (product)

Organizations v0 — multiple users per tenant with basic roles (see docs/ORGS-V0-SPEC.md)
Webhook reliability UX — delivery visibility and operator replay patterns (docs/WEBHOOK-RELIABILITY.md)
SDKs / examples — thin wrappers for capture + webhooks under examples/
Public API reference — docs/API-OVERVIEW.md → generated OpenAPI when stable

Future bolt-ons (off by default)

Require separate product, legal, and DPIA review before enablement.

Consent-region video clip (opt-in) — short MediaRecorder clip of the consent surface; storage on R2 or Stream with strict retention; never enabled without tenant flag + informed consent copy.
Workers AI vision on sampled frames — optional QA/fraud hints on 1–n stills; billed per model invocation.

Enterprise certifications (long horizon)

See Compliance program and docs/COMPLIANCE-ROADMAP.md for SOC 2, ISO, HIPAA, FedRAMP-class programs — capital and anchor-customer gated.

← Home · Why CapchaCloud · Status