Session 21: QA passed 8/8, all HIGH bugs resolved, launch-ready

projects/business/memory/decisions.md

@@ -51,3 +51,17 @@ Without email verification, secure recovery is impossible. Ship with a clear war
 
 ### 429 form handling
 Frontend must show a user-friendly message when rate limited instead of hanging.
+
+## 2026-02-14 17:37 UTC — Reversing BUG-012 decision: Email required again (BUG-020)
+Session 19 removed email to reduce friction. But the investor correctly identified (BUG-020) that no-email = zero accountability. Anyone can generate unlimited keys from different IPs. Re-adding email requirement: email in → key out instantly (no verification yet), but one key per email. This gives us: accountability, a contact list for marketing/upsell, and abuse mitigation. Friction is minimal (one field).
+
+## 2026-02-14 17:37 UTC — BUG-019: Remove "Custom templates" from Pro plan
+We don't have custom templates. Listing them is false advertising. Removed from landing page. Can build the feature later and re-add when it actually works.
+
+## 2026-02-14 17:37 UTC — BUG-015: Migrate to SQLite
+File-based JSON won't survive concurrent requests. SQLite is the right choice for our scale (single server, <1000 users). No need for PostgreSQL yet. DB file on Docker volume for persistence.
+
+## 2026-02-14 17:37 UTC — Deferred items (with reasoning)
+- BUG-016 (backups): Deferred to next session. Need to research Hetzner object storage or simple cron+scp backup.
+- BUG-017 (benchmarking): Deferred. Need load testing tools, will do before scaling marketing.
+- BUG-018 (rate limits): Depends on BUG-017. Can't set data-backed limits without benchmarks.