WHY← Back

Release Notes

What's new in We Hear You. We ship updates regularly — check back to see what's changed.

v1.5May 7, 2026

History, Move to Campaign, and a Security Pass

Output flows now log every attempt — sent, failed, or filtered out — with human-readable reasons, so you can trace why any response did or didn’t publish. Move responses between campaigns from a single click on the response card; analysis re-runs under the new campaign’s schema and matching outputs re-fire. Plus a top-to-bottom security pass: secrets encrypted at rest, real RLS as a backstop, rate limits on AI-burning and public endpoints, and a stronger guard against prompt injection.

Output flow history

  • New History section on every Webflow output — every evaluation is logged with status (sent, failed, or skipped) and a one-line reason inline
  • Skipped attempts (filter mismatch, safety filter) now log with a human-readable reason; non-matches used to be silent
  • Skip reasons resolve campaign IDs to names (e.g. “Campaign should be ‘Dog Stories’ or ‘DOGCULTR Boulder Kick Off’”)
  • ANY-mode conditions on the same field collapse into a single readable phrase instead of repeating
  • Rows label the trigger record by person name (e.g. “New response · Leigh”) instead of a UUID prefix
  • History is collapsed by default with an event count; expand to see the list and full payload/response details

Filter prevention (Webflow outputs)

  • “What this output will do” plain-language summary card right above Save so you can read your filter back before committing
  • Match ALL / ANY toggle now has a one-line description explaining what each option does
  • Conditions that would create an unsatisfiable filter (e.g. Campaign is X AND Campaign is Y under ALL logic) are blocked at the dropdown level with an inline hint pointing to the fix
  • Save button is disabled and the warning is surfaced if an existing flow ends up in an impossible state

Response actions

  • Re-analyze action on individual response cards — re-runs analysis on one response without going through bulk select
  • Move to campaign picker on every response, with the current campaign shown in the footer label (e.g. “In Dog Stories”)
  • Picker is a true select/deselect list — click the current campaign to remove, click any other to move
  • Moving to a campaign re-runs analysis under that campaign’s schema and re-fires matching output flows so the response routes correctly

Bug fixes

  • Re-analyzed responses are now correctly evaluated against campaign filters (campaign_id was missing from the flow eval payload)
  • Imports no longer silently drop campaign_id when the campaign list hasn’t finished loading on the import page
  • Person timeline now refreshes immediately after a campaign move (the refresh callback wasn’t wired up)
  • Response cards show the actual assigned campaign instead of always reading “No campaign” (the API wasn’t selecting campaign_id)
  • Flow executions log against the response ID instead of the person ID at ingest time

Security pass

  • OAuth access and refresh tokens (Webflow, VideoAsk) now encrypted at rest with AES-256-GCM — plaintext columns dropped
  • Tenant webhook secrets encrypted at rest using the same scheme
  • Two tables (insight_cache, tenants) had broken or missing Row-Level Security; both now properly enforced
  • Eight tables had RLS policies keyed to a Postgres setting the app never set, meaning RLS was effectively off; replaced with auth.uid()-based policies that actually enforce tenant isolation
  • AI rate limiting on /api/dashboard/responses/reprocess and bulk reanalyze (100 per hour per tenant) protects against runaway cost from compromised admin accounts
  • IP-based rate limiting on /embed/response/[id] (60 per minute) blocks scraping of public embed pages
  • Prompt injection defense hardened with a post-guard so tenant-supplied analysis prompts can no longer override the security instructions
v1.0April 14, 2026

Campaigns, Outputs, Notifications, Video Feeds & Filter/Flow

The v1.0 milestone. Campaigns organize your data collection efforts with isolated Persona and Analysis configs. Outputs unify Notifications (Slack, in-app, email digest), Video Feeds (public embeddable feeds with safety filtering), and Custom Flows (webhook automations) under one roof. Plus safety classification on every analysis, campaign-aware filtering across the entire dashboard, and dozens of UI polish passes.

Campaigns

  • New organizational layer between your org and your data — each campaign gets its own Persona config, Analysis config, and form routing
  • Campaign picker in the sidebar and inline on every data page (Dashboard, People, Responses, Personas) so you always know what you’re looking at
  • Campaign selection persists across page navigation
  • Create, edit, duplicate, archive, and delete campaigns from Settings → Campaigns
  • Duplicating a campaign copies its Persona and Analysis config but not responses
  • Form name auto-routing: map VideoAsk form names to campaigns so ingest lands in the right place automatically
  • Multi-select form picker populated from your existing response data
  • “All Campaigns” aggregate view across the entire dashboard
  • Persona Config and Analysis Config require campaign selection — no more accidental org-wide edits
  • All existing data automatically migrated to a Default campaign per org

Filter & Flow (v0.8)

  • Visual flow builder: set conditions (persona, sentiment, mood, themes, source, form, campaign, transcription) with AND/OR logic
  • Webhook actions to Zapier, Make, or any URL — fires on new ingest and reanalysis
  • Test webhook button validates your connection before saving
  • Auto-generated flow names and plain-English preview sentence
  • Execution history log with status, timestamps, and HTTP responses
  • Edit, pause, and delete flows with confirmation
  • SSRF protection blocks internal/private URLs on all webhook targets
  • Retry failed executions up to 3 times

Outputs (v0.9)

  • Flows page renamed to Outputs with three sections: Notifications, Video Feeds, and Custom Flows
  • Each output can be scoped to a specific campaign or set org-wide
  • Edit, toggle, and delete controls on all output cards
  • Scope badges show which campaign each output belongs to

Notifications

  • Three channels: Slack (real-time), in-app (dashboard bell), and weekly email digest (Resend)
  • Slack notifications include person, persona, sentiment, mood, themes, transcript preview, and a “View Response” button linking to the dashboard
  • In-app notification bell in the sidebar with unread count and mark-all-read
  • Notifications fire on new ingest, reanalysis, and single-response reprocessing
  • Same condition system as Flows — only notify when criteria match

Video Feeds

  • Public embeddable video feeds at /feeds/[slug] — no auth needed, iframe-friendly
  • JSON API at /api/feeds/[slug] for headless CMS integration (Webflow, WordPress)
  • Built-in safety filters: PII, profanity, hate speech, and on-topic detection
  • Safety classification runs once at analysis time — no per-query cost
  • Random unguessable slug per feed; toggle active/inactive without losing the URL
  • CORS headers enabled for cross-origin fetch

Dashboard & UI polish

  • Recent Responses and Sentiment Breakdown in unified cards with bigger headlines
  • Audience Insights headline bumped for consistency
  • API key name pre-fills with org name
  • CSV imports now fetch video URLs from VideoAsk share links
  • Form names cleaned up from file paths to readable names
  • Flow detail page: status dot with glow, toggle switch, edit/delete as icons
  • Bulk re-analysis percentage removed (visual bar is sufficient)
  • Campaign condition field available in all flow/notification builders
  • Campaign names resolve in previews instead of UUIDs

Security & performance

  • CRON_SECRET required for digest endpoint — rejects requests if not configured
  • Webhook URL validation blocks localhost, private IPs, and AWS metadata endpoints
  • Category and condition field/operator validation on flow creation
  • Webhook URLs masked in UI (domain + last 8 chars only)
  • Sidebar counts fetch once on mount instead of every navigation
v0.9April 7, 2026

Outputs — Notifications and Video Feeds

Flows expands into Outputs: a new home for turning insights into action. Get notified via Slack, in-app, or weekly email digest. Publish curated, safety-filtered video feeds you can embed anywhere. All Claude analyses now include automatic safety classification (PII, profanity, hate speech, topics).

Notifications (new)

  • Three notification channels: Slack (real-time), in-app dashboard bell (real-time), and weekly email digest (powered by Resend)
  • Slack notifications post a formatted message with person, persona, sentiment, mood, themes, and transcript preview to any incoming webhook URL
  • In-app notifications appear in a new bell icon in the sidebar with unread count, dismissible per user, visible to all org members
  • Weekly email digests bundle every match for the week into a single styled email — sent every Monday morning
  • All notifications use the same condition system as Flows — filter by persona, sentiment, mood, themes, source, form, or transcription

Video Feeds (new)

  • Publish a curated video feed at a public URL like /feeds/abc123 — embeddable in any iframe (Webflow, Wordpress, Squarespace, Wix)
  • Or pull as JSON from /api/feeds/[slug] for custom builds and headless CMS integration
  • Filter videos by persona, sentiment, themes, etc. — same condition system as the rest of the platform
  • Built-in safety filters: hide videos containing PII, profanity, or hate speech, plus an on-topic filter that matches against your feed's topic description
  • Random unguessable slug per feed; toggle active/inactive without losing the URL
  • Copy embed snippet directly from the feed editor

Automatic safety classification

  • Every analyzed response now includes a safety object: contains_pii, contains_profanity, contains_hate_speech, and detected topics
  • Runs once at analysis time — no extra API cost when feeds are queried
  • Applies to all tenants automatically; existing analyses can be re-run via Reanalyze to gain safety classification

Outputs page

  • The Flows page is now Outputs, with three sections: Notifications, Video Feeds, and Custom Flows
  • Each section has its own list and create button — quick visual scan of everything wired up
  • Sidebar nav renamed from Flows to Outputs; count includes flows + video feeds
  • Old /dashboard/flows URL redirects to /dashboard/outputs to keep bookmarks working
v0.8April 6, 2026

Filter & Flow — Automated actions from your insights

Introducing Filter & Flow: a new way to turn insights into action. Build conditional flows that fire webhooks to Zapier, Make, or any tool when responses match your criteria. Plus dashboard polish, smarter API key naming, CSV import improvements, and inline video for CSV-imported responses.

Filter & Flow (new)

  • New Flows section in the main navigation — build automated actions triggered by your insights
  • Visual flow builder with field, operator, and value dropdowns for conditions
  • Filter on persona, mood, sentiment, themes, source, form, or transcription content
  • AND/OR logic toggle for combining conditions
  • Webhook actions send matching response and person data to Zapier, Make, or any URL
  • Live plain-English preview sentence updates as you build the flow
  • Auto-generated flow name and description based on your selections
  • Test webhook button sends a sample payload to verify the connection before saving
  • Edit and pause flows from the detail page; deletion requires confirmation
  • Execution history log shows every fire with status, timestamp, and HTTP response
  • Flows fire on new ingest and after reanalysis, so updated personas re-trigger automatically
  • Failed deliveries log for retry; up to 3 retries with permanent-fail status

Dashboard polish

  • Recent Responses now lives in a unified card with a bigger headline showing the total response count
  • Sentiment Breakdown wrapped in a matching card for visual consistency
  • Audience Insights headline bumped up to match the new card design
  • Sidebar now shows a live count of flows next to the Flows nav item

CSV import improvements

  • CSV imports now fetch the original VideoAsk video URL from each share link, so videos play inline just like webhook-imported responses
  • Backfilled video URLs for all 236 previously CSV-imported responses
  • Cleaned up form names that were stored as full file paths — 116 responses now show readable form names

API key generation

  • When generating a new API key, the name field now pre-fills with your organization name so you can quickly add a label like “Jumpsuit VideoAsk webhook”
v0.7April 2, 2026

Bulk Editing, CSV Import, Background Processing, Personas & Analytics

Bulk selection and management for people and responses, CSV import from VideoAsk exports, background job processing for all AI analysis, audience insights, personas data page, in-app analytics with PostHog, organization member management, and three rounds of security hardening.

Personas & Audience Insights

  • New Personas page in the main navigation — see your audience organized by persona with descriptions and people cards
  • Audience Insights card on the Dashboard — AI-generated summary of your audience, cached and refreshed automatically after 3 new responses
  • Manual refresh button with once-per-day rate limit to control API costs
  • Insight uses summary statistics (not raw transcriptions) for efficiency
  • Persona filter dropdown now dynamically populated from your taxonomy definitions on both People and Responses pages
  • Sidebar shows persona count next to the Personas nav item
  • Persona Config renamed from Personas Config and moved above Analysis Config in settings

Dashboard

  • Five stat cards: People, Responses, Top Persona, Top Mood, Avg Sentiment
  • People and Responses cards link to their respective pages
  • Top Persona card links to the Personas page
  • All stat values capitalized (Positive, not positive)
  • Audience Insights sits in the left column above Sentiment Breakdown

Background Processing

  • All AI analysis now runs in the background — CSV imports, multi-link imports, re-analysis, and bulk re-analysis no longer block the page
  • Persistent progress banner in the bottom-right corner follows you across all pages
  • Real-time progress bar with counts: processed, imported, skipped, failed
  • Jobs table stores state server-side so progress survives page navigation
  • Client-driven batch processing — each batch runs within Vercel’s timeout, then the next batch starts automatically
  • Completed jobs show for one hour with a dismiss button, failed jobs show with error details

Bulk Editing

  • Select multiple people or responses with checkboxes and a “Select all” toggle
  • Bulk actions: Hide, Re-analyze, Delete, and Move to another organization
  • Inline action bar with live count that stays visible while scrolling
  • Show/hide hidden items toggle at the bottom of each list
  • Delete confirmation dialog to prevent accidental removal

CSV Import

  • Upload a VideoAsk CSV export to import all responses at once — no OAuth or share links needed
  • Client-side CSV parsing with row-by-row processing to avoid server timeouts
  • Live progress bar showing import status in real time
  • Detailed results breakdown: imported, skipped (no email, no transcription, duplicate), and failed
  • Original response dates preserved from VideoAsk’s Date/Time column
  • Share URLs captured and stored for linking back to VideoAsk

Organization Management

  • Manage Members modal on the Admin page — list, invite, change roles, and remove members
  • Role validation enforced server-side (viewer, admin, owner only)
  • Organization switcher persists selection across page reloads and OAuth redirects
  • Full page reload on org switch to clear stale state
  • Org context banner on all settings pages showing which organization you’re editing

People & Responses

  • Sortable columns on the People table — click any header to sort by Name, Persona, Mood, Sentiment, Responses, or Responded date
  • New “Responded” column showing the actual date the person submitted their response (not the import date)
  • Matching filters on both pages: Sentiment, Mood, Persona, Source, Form, and Sort
  • Multi-row filter layout — search and source on the first row, analysis filters on the second
  • People table scrolls horizontally on smaller screens
  • Sidebar shows people and response counts next to each nav item
  • Page titles show counts: “120 Responses” instead of separate total

Response Cards

  • Wider metadata column for tags and pills to breathe
  • Inline video player — “Play video” toggles the original recording right in the card
  • “View on VideoAsk” link to the original conversation (when share URL is available)
  • Edit transcript fine print clarifying changes are only saved within We Hear You
  • Source labels cleaned up: “VideoAsk Import” instead of “videoask-link”
  • Form name displayed on each response when available

Brand & Design

  • W.H.Y. logo in Source Serif 4 with peach, seafoam, and sunshine dots
  • Logo placed on sidebar, login, reset password, and all secondary pages
  • Improved light mode contrast — darker tag colors for better readability against the warm background
  • Custom checkboxes with centered checkmarks and consistent sizing
  • Copy-to-clipboard fields on webhook URLs, header names, and API keys

Analytics

  • PostHog integration for page views, user identity, and custom event tracking
  • Tracked events: sign up, sign in, sign out, all import types, persona saves, config changes, transcript edits, and bulk actions
  • User identified by Supabase auth ID with email for cohort analysis

Security (Audit #3)

  • Cross-tenant data access fixed in bulk reanalyze — all queries now scoped by tenant_id
  • Member management scoped by tenant_id on all PUT/DELETE operations
  • Bulk operation IDs capped at 25 (reanalyze) or 100 (other actions) to prevent API abuse
  • Role validation on member invite and role change (viewer/admin/owner only)
  • Transcription sanitization added to all import and reprocess routes
  • Raw email removed from import-link API response
  • CSV import dedup key includes content hash to prevent collisions
  • Reanalyze added to bulk action validation whitelist (was silently blocked)
  • Auto-provisioning optimized to only run when user has zero memberships

Infrastructure

  • App moved to app.wehearyou.io subdomain (root domain reserved for marketing site)
  • All webhook URLs, OAuth callbacks, and instructions updated to new domain
  • Support page with FAQ, how-it-works guide, and contact information
v0.6April 1, 2026

Dashboard, Import Tools & Security Hardening

Major UX overhaul, VideoAsk quick import, AI-powered persona suggestions, neumorphic design system, comprehensive security fixes, and multi-organization management.

Design & UX

  • Neumorphic design system — soft raised cards, inset inputs, and tactile button states across the entire interface
  • W.H.Y. brand logo in Source Serif 4 with peach, seafoam, and sunshine accent dots
  • Light and dark mode with system preference detection and persistent toggle
  • Three-dot animated loading indicator in brand colors replaces all loading states
  • Consistent spacing, card sizing, and form styling across all pages
  • Instructional copy on every page written for non-technical users

Import Tools

  • Quick Import — paste a single VideoAsk share link to import and analyze one response instantly
  • Multi-link import — paste multiple share links (one per line) to batch import with live progress
  • Inline video playback — play the original video response directly within the response card
  • Edit transcript & re-process — modify a transcription and re-run AI analysis in place
  • VideoAsk OAuth integration for bulk import via the VideoAsk API
  • Per-tenant duplicate detection — the same response can exist in different organizations

AI Features

  • AI-suggested personas — analyze your responses and get persona recommendations with confidence levels and example quotes
  • Gap detection — identify emerging patterns that don’t fit existing personas
  • Starter persona templates — choose from Buyer Personas, User Personas, or Brand Archetypes to get started quickly
  • Suggest a prompt — AI generates an optimized system prompt based on your analysis fields and personas

Organization Management

  • Create organizations from the Admin panel with name, slug, allowed domains, and admin invites
  • Domain-based auto-provisioning — users with matching email domains join automatically on signup
  • Organization switcher in the sidebar for users with access to multiple workspaces
  • Super admin can switch between and manage all organizations

Connections & Setup

  • Combined Connections page with API keys, webhook setup guides, and active sources
  • Step-by-step VideoAsk webhook setup with exact field values matching VideoAsk’s UI
  • API key generation with Bearer prefix pre-included for easy copy-paste
  • Inline “Generate Key” button within the setup guide flow
  • Scope explainer (ingest, read, admin) with color-coded badges

Security

  • Tenant isolation enforced on all 13+ dashboard API routes via shared auth utility
  • Role-based access control — admin required for state-changing operations, viewer for reads
  • OAuth state parameter signed with HMAC to prevent CSRF and state forgery
  • Prompt injection guard always prepended to system prompts (cannot be removed by tenants)
  • Error messages sanitized — no internal details leaked to clients
  • Per-tenant email uniqueness constraint (same email can exist in different organizations)
  • URL validation and hostname allowlists on all external fetch operations
  • Pagination bounded to prevent memory-heavy queries

Performance

  • Stats route optimized — sentiment and theme counting from limited dataset instead of loading all rows
  • Admin tenants route reduced from 2N queries to 3 total queries
  • Bulk import processes contacts in parallel batches of 3 instead of serially
  • Tab-focus no longer triggers full page reload (tenant resolution cached by user ID)

Pages & Navigation

  • Support page with FAQ, how-it-works guide, and contact information
  • Release notes page (you’re reading it)
  • Privacy policy and terms of service with wehearyou.io contact emails
  • Password reset flow with email link + new password form
  • Cross-linking throughout — response cards link to person profiles, dashboard links to full lists
  • Sidebar divider between data views and settings sections
  • Sign out properly redirects to login page
  • “No access” page includes support link and sign out button
v0.5March 31, 2026

Foundation Release

The first version of We Hear You — a complete platform for capturing, analyzing, and classifying qualitative feedback from video and transcription sources.

Dashboard

  • Overview page with real-time stats, sentiment breakdown, top themes, and recent responses
  • People directory with filtering by persona, sentiment, and search
  • Individual person profiles with full response timelines
  • Response feed with full-text search and filtering by source, sentiment, and date

AI Analysis

  • Configurable analysis engine powered by Claude — define exactly what insights you want to extract
  • Visual schema builder for adding custom fields (text, lists, choices, numbers, yes/no) without writing code
  • System prompt editor for fine-tuning how the AI interprets your data
  • Live preview — test your analysis configuration with a sample transcription before saving

Personas

  • Define custom personas with names, descriptions, and classification criteria
  • Automatic classification — every new response is sorted into a persona
  • Re-analyze existing responses when you update your persona definitions

Sources & Integrations

  • VideoAsk adapter — connect your VideoAsk forms with one webhook URL
  • Custom adapter — send data from any tool that supports webhooks
  • Per-source API keys with scoped permissions (ingest, read, admin)
  • Webhook signature verification for secure data delivery

Organizations & Access

  • Multi-tenant architecture — each organization gets a fully isolated workspace
  • Domain-based auto-provisioning — add an email domain and anyone at that company can sign up and join automatically
  • Role-based access: Admin (full control) and Viewer (read-only)
  • Email/password authentication with password reset flow

Security & Privacy

  • AES-256-GCM encryption for all personally identifiable information at rest
  • Row-level security ensuring no organization can access another’s data
  • Per-tenant rate limiting to prevent API abuse
  • Input sanitization and prompt injection defenses on all AI processing
  • Security headers on all endpoints (HSTS, X-Content-Type-Options, X-Frame-Options)

Design

  • Light and dark mode with system preference detection
  • Soft, minimal interface with peach, seafoam, and sunshine accents
  • Instructional copy on every page — built for non-technical users
  • Privacy policy, terms of service, and release notes