Issues

## Problem We plan to email up to 39K legacy users who signed up 8–14 years ago on salon.io. Under GDPR (EU users are the majority), we need a compliant basis for contacting them. ## Requirements ### Legal Basis - **Legitimate interest** (Art. 6(1)(f) GDPR) is the most viable basis — we have an existing customer relationship and are informing them about a successor service for their data/content. - Document the legitimate interest assessment (LIA) before sending. ### Email Content Requirements - Every email must include a working **unsubscribe link** (one-click, per CAN-SPAM and GDPR) - Every email must link to the **privacy policy**: https://docs.salon.io/docs/en/legal/privacy - Every email must link to the **terms of service**: https://docs.salon.io/docs/en/legal/terms - Emails must clearly identify the sender (salon.io / New Salon, Stefan) - Physical address in footer (required by CAN-SPAM, good practice for GDPR) ### Technical Requirements - Resend supports one-click unsubscribe headers (List-Unsubscribe) - CRM must track unsubscribe status — never re-email someone who unsubscribed - SPF/DKIM/DMARC must be configured on sending domain before any volume send - Bounce handling: remove hard bounces from future sends ### Tiered Send Strategy (Risk Mitigation) - **Test batch**: 10 emails to known addresses — verify deliverability - **Tier 1**: 210 VIP users — warm, engaged, low risk - **Tier 2–6**: Graduated sends per [Kickfund PRD](https://docs.salon.io/docs/en/legal/terms) - **Tier 8**: 32K bulk send — only after earlier tiers prove deliverability and low complaint rates - Monitor spam complaint rate: stay under 0.1% (Google/Yahoo requirement) ### Data Handling - Legacy user emails stored in MongoDB (CRM). Do not export to third-party tools without DPA. - Users who migrate to New Salon consent to new [Terms](https://docs.salon.io/docs/en/legal/terms) and [Privacy Policy](https://docs.salon.io/docs/en/legal/privacy) during signup/account linking. - Provide data export/deletion path for legacy users who request it (GDPR Art. 15/17) ## Acceptance Criteria - [ ] Legitimate Interest Assessment documented - [ ] Unsubscribe mechanism working in Resend - [ ] CRM tracks unsubscribe status per user - [ ] SPF/DKIM/DMARC verified on sending domain - [ ] Email templates include: unsubscribe link, privacy policy link, terms link, physical address - [ ] Bounce handling configured - [ ] Test batch sent and verified before Tier 1

- Account for legacy `margin-right`, `padding` values when calculating column config - Map legacy `fixedwidthconfig` gap/margin to new column layout gutter setting - Preserve visual density (e.g. 3 items at 300px with 10px gap on 960px container = 3 columns with 10px gutter) - Import ALL i18n language variants (currently only imports German preferentially) - Set `default_language` from legacy user language field, `languages` array from found content **Files:** `app/api/migration/import-stream/route.ts`, `src/lib/legacy-layout-mapper.ts`

The slideshow mode does not run reliably. In some cases, the slideshow does not start at all. In other cases, it starts but stops after a few images (e.g. after 2–3 slides). This issue occurs inconsistently and affects both desktop and mobile devices.

Enable automatic_tax in Stripe checkout sessions. Requires EU OSS registration. Add tax_id_collection for B2B reverse charge. Full checklist in docs/ongoing/TAX-AND-PAYMENTS-PLAN.md (all items unchecked). Split from #14 — tier enforcement is complete, Tax is not started.

user: "trying to create a page called "home" gives error, probably because internally you have home by default"

user is asked me for his interests on access request but then again when user clicks confirms link from email

- Enable Stripe Tax for EU VAT compliance (needs EU OSS registration) - Update `tier-enforcement.ts` to read `websites.tier` instead of `user_profiles.tier` - Webhook handler to update `websites.tier` on subscription changes **Files:** `src/lib/tier-enforcement.ts`, `app/api/webhooks/stripe/route.ts`

The Side panel open button is inbisible when the lightbox is open in edit mode. z-index issue

When using the Canvas layout in combination with horizontal scrolling, the page frequently resets partially after closing the editor or switching between edit and preview modes. This results in multiple layout settings being changed or lost without user input. Examples of affected settings include: - Background color - Horizontal / vertical orientation - Overall layout size - Layout position - Lightbox (enabled/disabled) - Section width and padding Expected behavior: All layout settings should persist consistently after switching modes or reopening the page. Actual behavior: Various layout settings reset randomly, causing loss of work and requiring repeated adjustments. Impact: This is a critical issue, especially for complex layouts, as it can result in significant time loss and repeated manual reconfiguration.

When using the "Variable Size" layout option, the background image is displayed at a much larger scale than intended. The same background image behaves correctly in all other layout options, where it keeps the selected size. The issue only occurs when "Variable Size" is enabled.

slideshow does not advance in autoplay mode. slideshows only advances on hover --- *Related doc: `layouts/slideshow`*

When i change settings, the sticker header setting is not respected. always unsticky.