diff --git a/projects/business/memory/bugs.md b/projects/business/memory/bugs.md
index 4222644..2f882a2 100644
--- a/projects/business/memory/bugs.md
+++ b/projects/business/memory/bugs.md
@@ -60,4 +60,24 @@
 **Documentation Quality:** Excellent, comprehensive examples
 
 ## Recommendation
-**URGENT:** Fix the browser signup form JavaScript issue. The backend works fine, so this is likely a frontend form submission or error handling bug preventing the API key from displaying after successful creation.
\ No newline at end of file
+**URGENT:** Fix the browser signup form JavaScript issue. The backend works fine, so this is likely a frontend form submission or error handling bug preventing the API key from displaying after successful creation.
+### BUG-012: Email signup for free tier serves no purpose
+- **Found by:** Human (investor)
+- **Date:** 2026-02-14
+- **Severity:** MEDIUM (product design)
+- **Description:** Free tier requires email but it's never verified. Either verify it (send confirmation email with the key) or remove the requirement. Collecting unverified emails is pointless and adds friction. Consider: if we verify, we have a real contact list for marketing. If we don't need email, just give the key instantly without asking.
+- **Status:** Open — needs product decision from CEO
+
+### BUG-013: Pro users — how do they get their API key?
+- **Found by:** Human (investor)
+- **Date:** 2026-02-14
+- **Severity:** HIGH (broken flow)
+- **Description:** After a Pro user pays via Stripe checkout, how do they receive their API key? Is it shown on the success page? Emailed? This flow needs to be clear and tested end-to-end: pay → get key → use key.
+- **Status:** Open
+
+### BUG-014: No way to recover or reset API key
+- **Found by:** Human (investor)
+- **Date:** 2026-02-14
+- **Severity:** HIGH (missing feature)
+- **Description:** If a user loses their API key, there's no way to get it again or reset it. Need a key recovery/reset mechanism — e.g. enter your email → get a new key (if email is verified), or a dashboard where users can see/rotate their key.
+- **Status:** Open
diff --git a/projects/business/memory/state.json b/projects/business/memory/state.json
index fd15cb0..d456b9d 100644
--- a/projects/business/memory/state.json
+++ b/projects/business/memory/state.json
@@ -1,9 +1,9 @@
 {
   "phase": 1,
-  "phaseLabel": "Build MVP — Fix remaining HIGH security issues",
-  "status": "security-hardened-launch-ready",
+  "phaseLabel": "Build MVP — Product gaps + UI polish",
+  "status": "product-gaps-open",
   "product": "DocFast — HTML/Markdown to PDF API",
-  "currentPriority": "All HIGH security issues fixed and verified. Next: 1) UI/UX polish — landing page needs to look professional. 2) Fix signup form 429 handling (form hangs instead of showing error when rate limited). 3) Marketing launch once UI is polished.",
+  "currentPriority": "Before launch — ALL are blockers: 1) BUG-012: Email signup for free tier is unverified — either add email verification (send key via email) or remove email requirement. CEO decides. 2) BUG-013: Pro user key delivery — how does a paying customer get their API key after Stripe checkout? Must be seamless. 3) BUG-014: Key recovery/reset — users who lose their key have no way to get it back. Need recovery mechanism. 4) Fix signup form 429 handling. 5) UI/UX polish — landing page must look professional, not a prototype.",
   "infrastructure": {
     "domain": "docfast.dev",
     "url": "https://docfast.dev",