diff --git a/projects/business/memory/state.json b/projects/business/memory/state.json
index d822d2b..cecbeb1 100644
--- a/projects/business/memory/state.json
+++ b/projects/business/memory/state.json
@@ -11,6 +11,9 @@
     "OFF-SITE BACKUPS: BorgBackup installed and running locally. Need Hetzner Storage Box for true off-site. Ask investor to provision one (~€3/mo for 100GB).",
     "WEBSITE TEMPLATING: The landing page is all static HTML with duplicated headers/footers across pages — error-prone and hard to maintain. Fix this. Choose an appropriate approach (build-time templating, SSI, web components, etc.) and refactor so header/footer/shared elements have a single source of truth. CEO decides the approach.",
     "PRO PLAN LIMITS: Pro plan currently shows 'unlimited PDFs' — this is wrong. Research competitors (PDFShift, DocRaptor, html2pdf.app, etc.) and set competitive PDF limits for the Pro tier. Must be sustainable on our CAX11 server. Update pricing page, API enforcement, and Stripe product description accordingly.",
+    "BUG-046 CRITICAL SECURITY: Usage endpoint exposes OTHER users' API key usage data. This is a data leak / GDPR violation. Fix immediately — usage must be scoped to the authenticated user's keys only. Investigate why the security agent missed this. Review and harden all endpoints for proper auth scoping.",
+    "BUG-047: Pro key success page has no copy button for the API key. Add a click-to-copy button so users can easily copy their new key.",
+    "BUG-048: Change email functionality is broken. Investigate and fix.",
     "CI/CD PIPELINE: Forgejo Actions workflow created. Needs 3 repository secrets added in Forgejo settings (SERVER_HOST, SERVER_USER, SSH_PRIVATE_KEY).",
     "REPRODUCIBLE INFRASTRUCTURE: DONE — setup.sh, docker-compose, configs, disaster recovery docs all in infrastructure/ directory."
   ],
@@ -19,8 +22,8 @@
     "smtpWorking": true,
     "dnsRecordsLive": true,
     "userAccountSystem": false,
-    "proPaymentFlow": "partial",
-    "proPaymentFlowNote": "Webhook handler deployed with signature verification + product_id filtering. Stripe price now EUR (€9/mo). Needs real E2E test payment.",
+    "proPaymentFlow": true,
+    "proPaymentFlowNote": "E2E tested 2026-02-16. Payment + Pro key provisioning works. UX issues: no copy button (BUG-047).",
     "postgresqlMigration": true,
     "keyRecovery": true,
     "databaseBackups": true,
@@ -69,8 +72,8 @@
     "specialists": ["Backend Developer", "UI/UX Developer", "QA Tester", "Security Expert", "Marketing Agent"]
   },
   "openBugs": {
-    "CRITICAL": [],
-    "HIGH": [],
+    "CRITICAL": ["BUG-046: Usage endpoint leaks other users' data"],
+    "HIGH": ["BUG-047: No copy button on Pro key page", "BUG-048: Change email broken"],
     "MEDIUM": [],
     "LOW": [],
     "note": "All bugs (040-045) resolved as of Session 40"