From f5cea97adf43511c2e9afbf3a69dba9ff70a0161 Mon Sep 17 00:00:00 2001
From: DocFast Bot <bot@docfast.dev>
Date: Tue, 17 Feb 2026 11:40:27 +0000
Subject: [PATCH] security: remove Change Email feature (leaked key = account
 hijack)

---
 public/change-email.html       | 353 ---------------------------------
 public/impressum.html          |   8 +-
 public/index.html              | 146 +++++++-------
 public/partials/_footer.html   |   1 -
 public/privacy.html            |   8 +-
 public/sitemap.xml             |   1 -
 public/src/change-email.html   | 293 ---------------------------
 public/status.html             |   1 -
 public/terms.html              |  10 +-
 src/index.ts                   |   8 -
 src/routes/email-change.ts     |  99 ---------
 templates/partials/footer.html |   1 -
 12 files changed, 80 insertions(+), 849 deletions(-)
 delete mode 100644 public/change-email.html
 delete mode 100644 public/src/change-email.html
 delete mode 100644 src/routes/email-change.ts

diff --git a/public/change-email.html b/public/change-email.html
deleted file mode 100644
index b1578ee..0000000
--- a/public/change-email.html
+++ /dev/null
@@ -1,353 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Change Email — DocFast</title>
-<meta name="description" content="Change the email address associated with your DocFast API key.">
-<link rel="canonical" href="https://docfast.dev/change-email">
-<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>⚡</text></svg>">
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
-<style>
-*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
-:root {
-  --bg: #0b0d11; --bg2: #12151c; --fg: #e4e7ed; --muted: #7a8194;
-  --accent: #34d399; --accent-hover: #5eead4; --accent-glow: rgba(52,211,153,0.12);
-  --card: #151922; --border: #1e2433;
-  --radius: 12px; --radius-lg: 16px;
-}
-body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--fg); line-height: 1.65; -webkit-font-smoothing: antialiased; }
-a { color: var(--accent); text-decoration: none; transition: color 0.2s; }
-a:hover { color: var(--accent-hover); }
-.container { max-width: 800px; margin: 0 auto; padding: 0 24px; }
-nav { padding: 20px 0; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--bg); z-index: 100; }
-nav .container { display: flex; align-items: center; justify-content: space-between; }
-.logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; text-decoration: none; }
-.logo span { color: var(--accent); }
-.nav-links { display: flex; gap: 28px; align-items: center; }
-.nav-links a { color: var(--muted); font-size: 0.9rem; font-weight: 500; }
-.nav-links a:hover { color: var(--fg); }
-.content { padding: 60px 0; min-height: 60vh; }
-.content h1 { font-size: 2rem; font-weight: 800; margin-bottom: 32px; letter-spacing: -1px; }
-.content h2 { font-size: 1.3rem; font-weight: 700; margin: 32px 0 16px; color: var(--fg); }
-.content h3 { font-size: 1.1rem; font-weight: 600; margin: 24px 0 12px; color: var(--fg); }
-.content p, .content li { color: var(--muted); margin-bottom: 12px; }
-.content ul, .content ol { padding-left: 24px; }
-.content strong { color: var(--fg); }
-footer { padding: 32px 0; border-top: 1px solid var(--border); margin-top: 60px; }
-footer .container { display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 16px; }
-.footer-left { color: var(--muted); font-size: 0.85rem; }
-.footer-links { display: flex; gap: 20px; flex-wrap: wrap; }
-.footer-links a { color: var(--muted); font-size: 0.85rem; }
-.footer-links a:hover { color: var(--fg); }
-@media (max-width: 768px) {
-  footer .container { flex-direction: column; text-align: center; }
-  .nav-links { gap: 16px; }
-}
-
-.sr-only { position: absolute; width: 1px; height: 1px; padding: 0; margin: -1px; overflow: hidden; clip: rect(0,0,0,0); white-space: nowrap; border: 0; }
-</style>
-<style>
-  .change-email-wrap {
-    max-width: 480px;
-    margin: 80px auto 60px;
-    padding: 0 24px;
-  }
-  .change-email-card {
-    background: var(--card);
-    border: 1px solid var(--border);
-    border-radius: 16px;
-    padding: 40px;
-  }
-  .change-email-card h1 {
-    font-size: 1.6rem;
-    margin-bottom: 8px;
-  }
-  .change-email-card .subtitle {
-    color: var(--muted);
-    margin-bottom: 28px;
-    font-size: 0.95rem;
-  }
-  .ce-field {
-    margin-bottom: 14px;
-  }
-  .ce-field label {
-    display: block;
-    font-size: 0.85rem;
-    color: var(--muted);
-    margin-bottom: 6px;
-  }
-  .ce-field input {
-    width: 100%;
-    padding: 12px 14px;
-    border: 1px solid var(--border);
-    background: var(--bg);
-    color: var(--fg);
-    border-radius: 8px;
-    font-size: 0.9rem;
-    font-family: inherit;
-    box-sizing: border-box;
-    transition: border-color 0.15s;
-  }
-  .ce-field input:focus {
-    outline: none;
-    border-color: var(--accent);
-  }
-  .ce-field input.monospace {
-    font-family: monospace;
-  }
-  .ce-field input.code-input {
-    font-family: monospace;
-    font-size: 1.4rem;
-    letter-spacing: 0.3em;
-    text-align: center;
-    padding: 14px;
-  }
-  .ce-btn {
-    width: 100%;
-    margin-top: 8px;
-  }
-  .ce-error {
-    background: rgba(239,68,68,0.1);
-    border: 1px solid rgba(239,68,68,0.3);
-    color: #f87171;
-    border-radius: 8px;
-    padding: 10px 14px;
-    font-size: 0.875rem;
-    margin-bottom: 16px;
-    display: none;
-  }
-  .ce-hint {
-    margin-top: 14px;
-    color: var(--muted);
-    font-size: 0.8rem;
-    text-align: center;
-  }
-  .ce-loading {
-    text-align: center;
-    padding: 20px 0;
-  }
-  .ce-success {
-    text-align: center;
-    padding: 10px 0;
-  }
-  .ce-success .success-icon {
-    font-size: 3rem;
-    margin-bottom: 16px;
-  }
-  .ce-success h2 {
-    margin-bottom: 12px;
-  }
-  .ce-success p {
-    color: var(--muted);
-    margin-bottom: 24px;
-  }
-  .step { display: none; }
-  .step.active { display: block; }
-</style>
-</head>
-<body>
-
-<nav aria-label="Main navigation">
-  <div class="container">
-    <a href="/" class="logo">⚡ Doc<span>Fast</span></a>
-    <div class="nav-links">
-      <a href="/#features">Features</a>
-      <a href="/#pricing">Pricing</a>
-      <a href="/docs">Docs</a>
-    </div>
-  </div>
-</nav>
-
-<div class="change-email-wrap">
-  <div class="change-email-card">
-
-    <!-- Step 1: Enter API key + new email -->
-    <div class="step active" id="ceStepInitial">
-      <h1>Change Email</h1>
-      <p class="subtitle">Enter your API key and new email address.</p>
-      <div class="ce-error" id="ceError"></div>
-      <div class="ce-field">
-        <label for="ceApiKey">Your API key</label>
-        <input type="text" id="ceApiKey" class="monospace" placeholder="df_free_... or df_pro_..." required autocomplete="off" spellcheck="false">
-      </div>
-      <div class="ce-field">
-        <label for="ceNewEmail">New email address</label>
-        <input type="email" id="ceNewEmail" placeholder="new.email@example.com" required>
-      </div>
-      <button class="btn btn-primary ce-btn" id="ceSendBtn">Send Verification Code →</button>
-      <p class="ce-hint">A 6-digit code will be sent to your new email address</p>
-    </div>
-
-    <!-- Step 2: Loading -->
-    <div class="step" id="ceStepLoading">
-      <div class="ce-loading">
-        <div class="spinner"></div>
-        <p style="color:var(--muted);margin:12px 0 0">Sending verification code…</p>
-      </div>
-    </div>
-
-    <!-- Step 3: Enter code -->
-    <div class="step" id="ceStepVerify">
-      <h1>Check your inbox</h1>
-      <p class="subtitle">We sent a 6-digit code to <strong id="ceEmailDisplay"></strong></p>
-      <div class="ce-error" id="ceVerifyError"></div>
-      <div class="ce-field">
-        <label for="ceCode">Verification code</label>
-        <input type="text" id="ceCode" class="code-input" placeholder="123456" maxlength="6" pattern="[0-9]{6}" inputmode="numeric" required>
-      </div>
-      <button class="btn btn-primary ce-btn" id="ceVerifyBtn">Verify →</button>
-      <p class="ce-hint">Code expires in 15 minutes</p>
-    </div>
-
-    <!-- Step 4: Success -->
-    <div class="step" id="ceStepSuccess">
-      <div class="ce-success">
-        <div class="success-icon">✅</div>
-        <h2>Email updated!</h2>
-        <p>Your account email has been changed to <strong id="ceSuccessEmail"></strong></p>
-        <a href="/" class="btn btn-primary">Back to Home →</a>
-      </div>
-    </div>
-
-  </div>
-</div>
-
-<footer aria-label="Footer">
-  <div class="container">
-    <div class="footer-left">© 2026 DocFast. Fast PDF generation for developers.</div>
-    <div class="footer-links">
-      <a href="/">Home</a>
-      <a href="/docs">Docs</a>
-      <a href="/status">API Status</a>
-      <a href="/change-email">Change Email</a>
-      <a href="/impressum">Impressum</a>
-      <a href="/privacy">Privacy Policy</a>
-      <a href="/terms">Terms of Service</a>
-    </div>
-  </div>
-</footer>
-
-<script>
-(function () {
-  var _apiKey = '';
-  var _newEmail = '';
-
-  function showStep(id) {
-    ['ceStepInitial','ceStepLoading','ceStepVerify','ceStepSuccess'].forEach(function(s) {
-      var el = document.getElementById(s);
-      if (el) el.classList.remove('active');
-    });
-    var target = document.getElementById(id);
-    if (target) target.classList.add('active');
-  }
-
-  function showError(elId, msg) {
-    var el = document.getElementById(elId);
-    if (!el) return;
-    el.textContent = msg;
-    el.style.display = 'block';
-  }
-
-  function hideError(elId) {
-    var el = document.getElementById(elId);
-    if (el) el.style.display = 'none';
-  }
-
-  async function handleSend() {
-    var apiKey = document.getElementById('ceApiKey').value.trim();
-    var newEmail = document.getElementById('ceNewEmail').value.trim();
-
-    hideError('ceError');
-
-    if (!apiKey) {
-      showError('ceError', 'Please enter your API key.');
-      return;
-    }
-    if (!newEmail || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(newEmail)) {
-      showError('ceError', 'Please enter a valid email address.');
-      return;
-    }
-
-    var btn = document.getElementById('ceSendBtn');
-    btn.disabled = true;
-    showStep('ceStepLoading');
-
-    try {
-      var res = await fetch('/v1/email-change', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ apiKey: apiKey, newEmail: newEmail })
-      });
-      var data = await res.json();
-
-      if (!res.ok) {
-        showStep('ceStepInitial');
-        showError('ceError', data.error || 'Something went wrong. Please try again.');
-        btn.disabled = false;
-        return;
-      }
-
-      _apiKey = apiKey;
-      _newEmail = newEmail;
-      document.getElementById('ceEmailDisplay').textContent = newEmail;
-      showStep('ceStepVerify');
-      document.getElementById('ceCode').focus();
-    } catch (err) {
-      showStep('ceStepInitial');
-      showError('ceError', 'Network error. Please try again.');
-      btn.disabled = false;
-    }
-  }
-
-  async function handleVerify() {
-    var code = document.getElementById('ceCode').value.trim();
-    hideError('ceVerifyError');
-
-    if (!code || !/^\d{6}$/.test(code)) {
-      showError('ceVerifyError', 'Please enter the 6-digit code.');
-      return;
-    }
-
-    var btn = document.getElementById('ceVerifyBtn');
-    btn.disabled = true;
-
-    try {
-      var res = await fetch('/v1/email-change/verify', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ apiKey: _apiKey, newEmail: _newEmail, code: code })
-      });
-      var data = await res.json();
-
-      if (!res.ok) {
-        showError('ceVerifyError', data.error || 'Verification failed. Please try again.');
-        btn.disabled = false;
-        return;
-      }
-
-      document.getElementById('ceSuccessEmail').textContent = data.newEmail || _newEmail;
-      showStep('ceStepSuccess');
-    } catch (err) {
-      showError('ceVerifyError', 'Network error. Please try again.');
-      btn.disabled = false;
-    }
-  }
-
-  document.addEventListener('DOMContentLoaded', function () {
-    document.getElementById('ceSendBtn').addEventListener('click', handleSend);
-    document.getElementById('ceVerifyBtn').addEventListener('click', handleVerify);
-
-    // Allow Enter key in inputs
-    document.getElementById('ceNewEmail').addEventListener('keydown', function(e) {
-      if (e.key === 'Enter') handleSend();
-    });
-    document.getElementById('ceCode').addEventListener('keydown', function(e) {
-      if (e.key === 'Enter') handleVerify();
-    });
-  });
-})();
-</script>
-
-</body>
-</html>
diff --git a/public/impressum.html b/public/impressum.html
index 7c13fc2..201a558 100644
--- a/public/impressum.html
+++ b/public/impressum.html
@@ -20,7 +20,7 @@ body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Robo
 a { color: var(--accent); text-decoration: none; transition: color 0.2s; }
 a:hover { color: var(--accent-hover); }
 .container { max-width: 800px; margin: 0 auto; padding: 0 24px; }
-nav { padding: 20px 0; border-bottom: 1px solid var(--border); }
+nav { padding: 20px 0; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--bg); z-index: 100; }
 nav .container { display: flex; align-items: center; justify-content: space-between; }
 .logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; text-decoration: none; }
 .logo span { color: var(--accent); }
@@ -44,6 +44,8 @@ footer .container { display: flex; justify-content: space-between; align-items:
   footer .container { flex-direction: column; text-align: center; }
   .nav-links { gap: 16px; }
 }
+
+.sr-only { position: absolute; width: 1px; height: 1px; padding: 0; margin: -1px; overflow: hidden; clip: rect(0,0,0,0); white-space: nowrap; border: 0; }
 </style>
 </head>
 <body>
@@ -96,9 +98,7 @@ footer .container { display: flex; justify-content: space-between; align-items:
     <div class="footer-links">
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
-      <a href="/health">API Status</a>
-      <a href="/#change-email" class="open-email-change">Change Email</a>
-      <a href="mailto:support@docfast.dev">Support</a>
+      <a href="/status">API Status</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
diff --git a/public/index.html b/public/index.html
index fd15056..d576f45 100644
--- a/public/index.html
+++ b/public/index.html
@@ -17,7 +17,7 @@
 <link rel="preconnect" href="https://fonts.googleapis.com">
 <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
 <script type="application/ld+json">
-{"@context":"https://schema.org","@type":"SoftwareApplication","name":"DocFast","url":"https://docfast.dev","applicationCategory":"DeveloperApplication","operatingSystem":"Web","description":"Convert HTML and Markdown to beautiful PDFs with a simple API call. Fast, reliable, developer-friendly.","offers":[{"@type":"Offer","price":"0","priceCurrency":"EUR","name":"Free","description":"100 PDFs/month"},{"@type":"Offer","price":"9","priceCurrency":"EUR","name":"Pro","description":"5,000 PDFs per month","billingIncrement":"P1M"}]}
+{"@context":"https://schema.org","@type":"SoftwareApplication","name":"DocFast","url":"https://docfast.dev","applicationCategory":"DeveloperApplication","operatingSystem":"Web","description":"Convert HTML and Markdown to beautiful PDFs with a simple API call. Fast, reliable, developer-friendly.","offers":[{"@type":"Offer","price":"0","priceCurrency":"EUR","name":"Free","description":"100 PDFs/month"},{"@type":"Offer","price":"9","priceCurrency":"EUR","name":"Pro","description":"2,500 PDFs per month","billingIncrement":"P1M"}]}
 </script>
 <link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>⚡</text></svg>">
 <style>
@@ -25,22 +25,44 @@
 :root {
   --bg: #0b0d11; --bg2: #12151c; --fg: #e4e7ed; --muted: #7a8194;
   --accent: #34d399; --accent-hover: #5eead4; --accent-glow: rgba(52,211,153,0.12);
-  --accent2: #60a5fa; --card: #151922; --border: #1e2433;
+  --card: #151922; --border: #1e2433;
   --radius: 12px; --radius-lg: 16px;
 }
 body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--fg); line-height: 1.65; -webkit-font-smoothing: antialiased; }
 a { color: var(--accent); text-decoration: none; transition: color 0.2s; }
 a:hover { color: var(--accent-hover); }
-.container { max-width: 1020px; margin: 0 auto; padding: 0 24px; }
-
-/* Nav */
-nav { padding: 20px 0; border-bottom: 1px solid var(--border); }
+.container { max-width: 800px; margin: 0 auto; padding: 0 24px; }
+nav { padding: 20px 0; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--bg); z-index: 100; }
 nav .container { display: flex; align-items: center; justify-content: space-between; }
-.logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; }
+.logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; text-decoration: none; }
 .logo span { color: var(--accent); }
 .nav-links { display: flex; gap: 28px; align-items: center; }
 .nav-links a { color: var(--muted); font-size: 0.9rem; font-weight: 500; }
 .nav-links a:hover { color: var(--fg); }
+.content { padding: 60px 0; min-height: 60vh; }
+.content h1 { font-size: 2rem; font-weight: 800; margin-bottom: 32px; letter-spacing: -1px; }
+.content h2 { font-size: 1.3rem; font-weight: 700; margin: 32px 0 16px; color: var(--fg); }
+.content h3 { font-size: 1.1rem; font-weight: 600; margin: 24px 0 12px; color: var(--fg); }
+.content p, .content li { color: var(--muted); margin-bottom: 12px; }
+.content ul, .content ol { padding-left: 24px; }
+.content strong { color: var(--fg); }
+footer { padding: 32px 0; border-top: 1px solid var(--border); margin-top: 60px; }
+footer .container { display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 16px; }
+.footer-left { color: var(--muted); font-size: 0.85rem; }
+.footer-links { display: flex; gap: 20px; flex-wrap: wrap; }
+.footer-links a { color: var(--muted); font-size: 0.85rem; }
+.footer-links a:hover { color: var(--fg); }
+@media (max-width: 768px) {
+  footer .container { flex-direction: column; text-align: center; }
+  .nav-links { gap: 16px; }
+}
+
+.sr-only { position: absolute; width: 1px; height: 1px; padding: 0; margin: -1px; overflow: hidden; clip: rect(0,0,0,0); white-space: nowrap; border: 0; }
+</style>
+<style>
+/* Index-page extra vars */
+:root { --accent2: #60a5fa; }
+.container { max-width: 1020px; }
 
 /* Hero */
 .hero { padding: 100px 0 80px; text-align: center; position: relative; }
@@ -121,13 +143,10 @@ section { position: relative; }
   .eu-icon { font-size: 2.5rem; }
 }
 
-/* Footer */
-footer { padding: 40px 0; border-top: 1px solid var(--border); }
+/* Footer (index override) */
+footer { padding: 40px 0; }
 footer .container { display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 16px; }
-.footer-left { color: var(--muted); font-size: 0.85rem; }
-.footer-links { display: flex; gap: 24px; flex-wrap: wrap; }
-.footer-links a { color: var(--muted); font-size: 0.85rem; }
-.footer-links a:hover { color: var(--fg); }
+.footer-links { gap: 24px; }
 
 /* Modal */
 .modal-overlay { display: none; position: fixed; inset: 0; background: rgba(0,0,0,0.75); backdrop-filter: blur(4px); z-index: 100; align-items: center; justify-content: center; }
@@ -156,6 +175,20 @@ footer .container { display: flex; align-items: center; justify-content: space-b
 .warning-box .icon { font-size: 1.1rem; flex-shrink: 0; }
 .signup-error { color: #f87171; font-size: 0.85rem; margin-bottom: 16px; display: none; padding: 10px 14px; background: rgba(248,113,113,0.06); border: 1px solid rgba(248,113,113,0.15); border-radius: 8px; }
 
+/* Recovery modal states */
+#recoverInitial, #recoverLoading, #recoverVerify, #recoverResult { display: none; }
+#recoverInitial.active { display: block; }
+#recoverLoading.active { display: flex; flex-direction: column; align-items: center; padding: 40px 0; text-align: center; }
+#recoverResult.active { display: block; }
+#recoverVerify.active { display: block; }
+
+/* Email change modal states */
+#emailChangeInitial, #emailChangeLoading, #emailChangeVerify, #emailChangeResult { display: none; }
+#emailChangeInitial.active { display: block; }
+#emailChangeLoading.active { display: flex; flex-direction: column; align-items: center; padding: 40px 0; text-align: center; }
+#emailChangeResult.active { display: block; }
+#emailChangeVerify.active { display: block; }
+
 /* Responsive */
 @media (max-width: 640px) {
   .hero { padding: 72px 0 56px; }
@@ -193,9 +226,9 @@ footer .container { display: flex; align-items: center; justify-content: space-b
   }
 }
 
-/* Additional mobile overflow fixes */
+/* Mobile overflow fixes — overflow-x: clip (not hidden) preserves position:sticky */
 html, body {
-  overflow-x: hidden !important;
+  overflow-x: clip !important;
   max-width: 100vw !important;
 }
 
@@ -204,7 +237,7 @@ html, body {
     max-width: 100% !important;
   }
   body { 
-    overflow-x: hidden !important; 
+    overflow-x: clip !important; 
   }
   .container { 
     overflow-x: hidden !important; 
@@ -246,20 +279,6 @@ html, body {
   }
 }
 
-/* Recovery modal states */
-#recoverInitial, #recoverLoading, #recoverVerify, #recoverResult { display: none; }
-#recoverInitial.active { display: block; }
-#recoverLoading.active { display: flex; flex-direction: column; align-items: center; padding: 40px 0; text-align: center; }
-#recoverResult.active { display: block; }
-#recoverVerify.active { display: block; }
-
-/* Email change modal states */
-#emailChangeInitial, #emailChangeLoading, #emailChangeVerify, #emailChangeResult { display: none; }
-#emailChangeInitial.active { display: block; }
-#emailChangeLoading.active { display: flex; flex-direction: column; align-items: center; padding: 40px 0; text-align: center; }
-#emailChangeResult.active { display: block; }
-#emailChangeVerify.active { display: block; }
-
 /* Focus-visible for accessibility */
 .btn:focus-visible, a:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
 </style>
@@ -273,14 +292,15 @@ html, body {
   <div class="container">
     <a href="/" class="logo">⚡ Doc<span>Fast</span></a>
     <div class="nav-links">
-      <a href="#features">Features</a>
-      <a href="#pricing">Pricing</a>
+      <a href="/#features">Features</a>
+      <a href="/#pricing">Pricing</a>
       <a href="/docs">Docs</a>
     </div>
   </div>
 </nav>
 
-<main class="hero" role="main">
+<main role="main">
+<section class="hero">
   <div class="container">
     <div class="badge">🚀 Simple PDF API for Developers</div>
     <h1>HTML to <span class="gradient">PDF</span><br>in one API call</h1>
@@ -306,7 +326,7 @@ html, body {
       </div>
     </div>
   </div>
-</main>
+</section>
 
 <section class="trust">
   <div class="container">
@@ -336,7 +356,7 @@ html, body {
     <div class="eu-badge">
       <div class="eu-icon">🇪🇺</div>
       <div class="eu-content">
-        <h3>Hosted in the EU</h3>
+        <h2>Hosted in the EU</h2>
         <p>Your data never leaves the EU • GDPR Compliant • Hetzner Germany (Nuremberg)</p>
       </div>
     </div>
@@ -404,7 +424,7 @@ html, body {
         <div class="price-amount">€9<span> /mo</span></div>
         <div class="price-desc">For production apps and businesses</div>
         <ul class="price-features">
-<li>5,000 PDFs per month</li>
+<li>2,500 PDFs per month</li>
           <li>All conversion endpoints</li>
           <li>All templates included</li>
           <li>Priority support (<a href="mailto:support@docfast.dev">support@docfast.dev</a>)</li>
@@ -415,15 +435,15 @@ html, body {
   </div>
 </section>
 
+</main>
+
 <footer aria-label="Footer">
   <div class="container">
     <div class="footer-left">© 2026 DocFast. Fast PDF generation for developers.</div>
     <div class="footer-links">
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
-      <a href="/health">API Status</a>
-      <a href="/#change-email" class="open-email-change">Change Email</a>
-      <a href="mailto:support@docfast.dev">Support</a>
+      <a href="/status">API Status</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
@@ -434,12 +454,13 @@ html, body {
 <!-- Signup Modal -->
 <div class="modal-overlay" id="signupModal" role="dialog" aria-label="Sign up for API key">
   <div class="modal">
-    <button class="close" id="btn-close-signup">&times;</button>
+    <button class="close" id="btn-close-signup" aria-label="Close">&times;</button>
 
     <div id="signupInitial" class="active">
       <h2>Get your free API key</h2>
       <p>Enter your email to get started. No credit card required.</p>
       <div class="signup-error" id="signupError"></div>
+      <label for="signupEmail" class="sr-only">Email address</label>
       <input type="email" id="signupEmail" placeholder="your.email@example.com" style="width:100%;padding:12px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:0.9rem;margin-bottom:16px;" required>
       <button class="btn btn-primary" style="width:100%" id="signupBtn">Generate API Key →</button>
       <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">100 free PDFs/month • All endpoints included<br><a href="#" class="open-recover" style="color:var(--muted)">Lost your API key? Recover it →</a></p>
@@ -454,6 +475,7 @@ html, body {
       <h2>Enter verification code</h2>
       <p>We sent a 6-digit code to <strong id="verifyEmailDisplay"></strong></p>
       <div class="signup-error" id="verifyError"></div>
+      <label for="verifyCode" class="sr-only">Verification code</label>
       <input type="text" id="verifyCode" placeholder="123456" maxlength="6" pattern="[0-9]{6}" inputmode="numeric" style="width:100%;padding:14px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:1.4rem;letter-spacing:0.3em;text-align:center;margin-bottom:16px;font-family:monospace;" required>
       <button class="btn btn-primary" style="width:100%" id="verifyBtn">Verify →</button>
       <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">Code expires in 15 minutes</p>
@@ -476,14 +498,15 @@ html, body {
 
 
 <!-- Recovery Modal -->
-<div class="modal-overlay" id="recoverModal" role="dialog" aria-label="Recover API key">
+<div class="modal-overlay" id="recoverModal" role="dialog" aria-modal="true" aria-label="Recover API key">
   <div class="modal">
-    <button class="close" id="btn-close-recover">&times;</button>
+    <button class="close" id="btn-close-recover" aria-label="Close">&times;</button>
 
     <div id="recoverInitial" class="active">
       <h2>Recover your API key</h2>
       <p>Enter the email you signed up with. We'll send a verification code.</p>
       <div class="signup-error" id="recoverError"></div>
+      <label for="recoverEmailInput" class="sr-only">Email address</label>
       <input type="email" id="recoverEmailInput" placeholder="your.email@example.com" style="width:100%;padding:12px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:0.9rem;margin-bottom:16px;" required>
       <button class="btn btn-primary" style="width:100%" id="recoverBtn">Send Verification Code →</button>
       <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">Your key will be shown here after verification — never sent via email</p>
@@ -498,6 +521,7 @@ html, body {
       <h2>Enter verification code</h2>
       <p>We sent a 6-digit code to <strong id="recoverEmailDisplay"></strong></p>
       <div class="signup-error" id="recoverVerifyError"></div>
+      <label for="recoverCode" class="sr-only">Verification code</label>
       <input type="text" id="recoverCode" placeholder="123456" maxlength="6" pattern="[0-9]{6}" inputmode="numeric" style="width:100%;padding:14px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:1.4rem;letter-spacing:0.3em;text-align:center;margin-bottom:16px;font-family:monospace;" required>
       <button class="btn btn-primary" style="width:100%" id="recoverVerifyBtn">Verify →</button>
       <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">Code expires in 15 minutes</p>
@@ -519,43 +543,7 @@ html, body {
 </div>
 
 
-<!-- Email Change Modal -->
-<div class="modal-overlay" id="emailChangeModal" role="dialog" aria-label="Change email">
-  <div class="modal">
-    <button class="close" id="btn-close-email-change">&times;</button>
-
-    <div id="emailChangeInitial" class="active">
-      <h2>Change your email</h2>
-      <p>Enter your API key and new email address.</p>
-      <div class="signup-error" id="emailChangeError"></div>
-      <input type="text" id="emailChangeApiKey" placeholder="Your API key (df_free_... or df_pro_...)" style="width:100%;padding:12px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:0.9rem;margin-bottom:12px;font-family:monospace;" required>
-      <input type="email" id="emailChangeNewEmail" placeholder="new.email@example.com" style="width:100%;padding:12px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:0.9rem;margin-bottom:16px;" required>
-      <button class="btn btn-primary" style="width:100%" id="emailChangeBtn">Send Verification Code →</button>
-      <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">A verification code will be sent to your new email</p>
-    </div>
-
-    <div id="emailChangeLoading">
-      <div class="spinner"></div>
-      <p style="color:var(--muted);margin:0">Sending verification code…</p>
-    </div>
-
-    <div id="emailChangeVerify">
-      <h2>Enter verification code</h2>
-      <p>We sent a 6-digit code to <strong id="emailChangeEmailDisplay"></strong></p>
-      <div class="signup-error" id="emailChangeVerifyError"></div>
-      <input type="text" id="emailChangeCode" placeholder="123456" maxlength="6" pattern="[0-9]{6}" inputmode="numeric" style="width:100%;padding:14px;border:1px solid var(--border);background:var(--bg);color:var(--fg);border-radius:8px;font-size:1.4rem;letter-spacing:0.3em;text-align:center;margin-bottom:16px;font-family:monospace;" required>
-      <button class="btn btn-primary" style="width:100%" id="emailChangeVerifyBtn">Verify →</button>
-      <p style="margin-top:16px;color:var(--muted);font-size:0.8rem;text-align:center;">Code expires in 15 minutes</p>
-    </div>
-
-    <div id="emailChangeResult">
-      <h2>✅ Email updated!</h2>
-      <p>Your account email has been changed to <strong id="emailChangeNewDisplay"></strong></p>
-      <p style="margin-top:20px;color:var(--muted);font-size:0.9rem;"><a href="/docs">Read the docs →</a></p>
-    </div>
-  </div>
-</div>
-
 <script src="/app.js"></script>
+
 </body>
 </html>
diff --git a/public/partials/_footer.html b/public/partials/_footer.html
index 2e91056..4a74af3 100644
--- a/public/partials/_footer.html
+++ b/public/partials/_footer.html
@@ -5,7 +5,6 @@
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
       <a href="/status">API Status</a>
-      <a href="/change-email">Change Email</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
diff --git a/public/privacy.html b/public/privacy.html
index 9a30228..488d9ef 100644
--- a/public/privacy.html
+++ b/public/privacy.html
@@ -20,7 +20,7 @@ body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Robo
 a { color: var(--accent); text-decoration: none; transition: color 0.2s; }
 a:hover { color: var(--accent-hover); }
 .container { max-width: 800px; margin: 0 auto; padding: 0 24px; }
-nav { padding: 20px 0; border-bottom: 1px solid var(--border); }
+nav { padding: 20px 0; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--bg); z-index: 100; }
 nav .container { display: flex; align-items: center; justify-content: space-between; }
 .logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; text-decoration: none; }
 .logo span { color: var(--accent); }
@@ -44,6 +44,8 @@ footer .container { display: flex; justify-content: space-between; align-items:
   footer .container { flex-direction: column; text-align: center; }
   .nav-links { gap: 16px; }
 }
+
+.sr-only { position: absolute; width: 1px; height: 1px; padding: 0; margin: -1px; overflow: hidden; clip: rect(0,0,0,0); white-space: nowrap; border: 0; }
 </style>
 </head>
 <body>
@@ -178,9 +180,7 @@ footer .container { display: flex; justify-content: space-between; align-items:
     <div class="footer-links">
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
-      <a href="/health">API Status</a>
-      <a href="/#change-email" class="open-email-change">Change Email</a>
-      <a href="mailto:support@docfast.dev">Support</a>
+      <a href="/status">API Status</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
diff --git a/public/sitemap.xml b/public/sitemap.xml
index c5ae34a..967a532 100644
--- a/public/sitemap.xml
+++ b/public/sitemap.xml
@@ -5,5 +5,4 @@
   <url><loc>https://docfast.dev/impressum</loc><lastmod>2026-02-16</lastmod><changefreq>monthly</changefreq><priority>0.3</priority></url>
   <url><loc>https://docfast.dev/privacy</loc><lastmod>2026-02-16</lastmod><changefreq>monthly</changefreq><priority>0.3</priority></url>
   <url><loc>https://docfast.dev/terms</loc><lastmod>2026-02-16</lastmod><changefreq>monthly</changefreq><priority>0.3</priority></url>
-  <url><loc>https://docfast.dev/change-email</loc><lastmod>2026-02-17</lastmod><changefreq>monthly</changefreq><priority>0.5</priority></url>
 </urlset>
diff --git a/public/src/change-email.html b/public/src/change-email.html
deleted file mode 100644
index 0e57e71..0000000
--- a/public/src/change-email.html
+++ /dev/null
@@ -1,293 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Change Email — DocFast</title>
-<meta name="description" content="Change the email address associated with your DocFast API key.">
-<link rel="canonical" href="https://docfast.dev/change-email">
-<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>⚡</text></svg>">
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap" rel="stylesheet">
-{{> styles_base}}
-<style>
-  .change-email-wrap {
-    max-width: 480px;
-    margin: 80px auto 60px;
-    padding: 0 24px;
-  }
-  .change-email-card {
-    background: var(--card);
-    border: 1px solid var(--border);
-    border-radius: 16px;
-    padding: 40px;
-  }
-  .change-email-card h1 {
-    font-size: 1.6rem;
-    margin-bottom: 8px;
-  }
-  .change-email-card .subtitle {
-    color: var(--muted);
-    margin-bottom: 28px;
-    font-size: 0.95rem;
-  }
-  .ce-field {
-    margin-bottom: 14px;
-  }
-  .ce-field label {
-    display: block;
-    font-size: 0.85rem;
-    color: var(--muted);
-    margin-bottom: 6px;
-  }
-  .ce-field input {
-    width: 100%;
-    padding: 12px 14px;
-    border: 1px solid var(--border);
-    background: var(--bg);
-    color: var(--fg);
-    border-radius: 8px;
-    font-size: 0.9rem;
-    font-family: inherit;
-    box-sizing: border-box;
-    transition: border-color 0.15s;
-  }
-  .ce-field input:focus {
-    outline: none;
-    border-color: var(--accent);
-  }
-  .ce-field input.monospace {
-    font-family: monospace;
-  }
-  .ce-field input.code-input {
-    font-family: monospace;
-    font-size: 1.4rem;
-    letter-spacing: 0.3em;
-    text-align: center;
-    padding: 14px;
-  }
-  .ce-btn {
-    width: 100%;
-    margin-top: 8px;
-  }
-  .ce-error {
-    background: rgba(239,68,68,0.1);
-    border: 1px solid rgba(239,68,68,0.3);
-    color: #f87171;
-    border-radius: 8px;
-    padding: 10px 14px;
-    font-size: 0.875rem;
-    margin-bottom: 16px;
-    display: none;
-  }
-  .ce-hint {
-    margin-top: 14px;
-    color: var(--muted);
-    font-size: 0.8rem;
-    text-align: center;
-  }
-  .ce-loading {
-    text-align: center;
-    padding: 20px 0;
-  }
-  .ce-success {
-    text-align: center;
-    padding: 10px 0;
-  }
-  .ce-success .success-icon {
-    font-size: 3rem;
-    margin-bottom: 16px;
-  }
-  .ce-success h2 {
-    margin-bottom: 12px;
-  }
-  .ce-success p {
-    color: var(--muted);
-    margin-bottom: 24px;
-  }
-  .step { display: none; }
-  .step.active { display: block; }
-</style>
-</head>
-<body>
-
-{{> nav}}
-
-<div class="change-email-wrap">
-  <div class="change-email-card">
-
-    <!-- Step 1: Enter API key + new email -->
-    <div class="step active" id="ceStepInitial">
-      <h1>Change Email</h1>
-      <p class="subtitle">Enter your API key and new email address.</p>
-      <div class="ce-error" id="ceError"></div>
-      <div class="ce-field">
-        <label for="ceApiKey">Your API key</label>
-        <input type="text" id="ceApiKey" class="monospace" placeholder="df_free_... or df_pro_..." required autocomplete="off" spellcheck="false">
-      </div>
-      <div class="ce-field">
-        <label for="ceNewEmail">New email address</label>
-        <input type="email" id="ceNewEmail" placeholder="new.email@example.com" required>
-      </div>
-      <button class="btn btn-primary ce-btn" id="ceSendBtn">Send Verification Code →</button>
-      <p class="ce-hint">A 6-digit code will be sent to your new email address</p>
-    </div>
-
-    <!-- Step 2: Loading -->
-    <div class="step" id="ceStepLoading">
-      <div class="ce-loading">
-        <div class="spinner"></div>
-        <p style="color:var(--muted);margin:12px 0 0">Sending verification code…</p>
-      </div>
-    </div>
-
-    <!-- Step 3: Enter code -->
-    <div class="step" id="ceStepVerify">
-      <h1>Check your inbox</h1>
-      <p class="subtitle">We sent a 6-digit code to <strong id="ceEmailDisplay"></strong></p>
-      <div class="ce-error" id="ceVerifyError"></div>
-      <div class="ce-field">
-        <label for="ceCode">Verification code</label>
-        <input type="text" id="ceCode" class="code-input" placeholder="123456" maxlength="6" pattern="[0-9]{6}" inputmode="numeric" required>
-      </div>
-      <button class="btn btn-primary ce-btn" id="ceVerifyBtn">Verify →</button>
-      <p class="ce-hint">Code expires in 15 minutes</p>
-    </div>
-
-    <!-- Step 4: Success -->
-    <div class="step" id="ceStepSuccess">
-      <div class="ce-success">
-        <div class="success-icon">✅</div>
-        <h2>Email updated!</h2>
-        <p>Your account email has been changed to <strong id="ceSuccessEmail"></strong></p>
-        <a href="/" class="btn btn-primary">Back to Home →</a>
-      </div>
-    </div>
-
-  </div>
-</div>
-
-{{> footer}}
-
-<script>
-(function () {
-  var _apiKey = '';
-  var _newEmail = '';
-
-  function showStep(id) {
-    ['ceStepInitial','ceStepLoading','ceStepVerify','ceStepSuccess'].forEach(function(s) {
-      var el = document.getElementById(s);
-      if (el) el.classList.remove('active');
-    });
-    var target = document.getElementById(id);
-    if (target) target.classList.add('active');
-  }
-
-  function showError(elId, msg) {
-    var el = document.getElementById(elId);
-    if (!el) return;
-    el.textContent = msg;
-    el.style.display = 'block';
-  }
-
-  function hideError(elId) {
-    var el = document.getElementById(elId);
-    if (el) el.style.display = 'none';
-  }
-
-  async function handleSend() {
-    var apiKey = document.getElementById('ceApiKey').value.trim();
-    var newEmail = document.getElementById('ceNewEmail').value.trim();
-
-    hideError('ceError');
-
-    if (!apiKey) {
-      showError('ceError', 'Please enter your API key.');
-      return;
-    }
-    if (!newEmail || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(newEmail)) {
-      showError('ceError', 'Please enter a valid email address.');
-      return;
-    }
-
-    var btn = document.getElementById('ceSendBtn');
-    btn.disabled = true;
-    showStep('ceStepLoading');
-
-    try {
-      var res = await fetch('/v1/email-change', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ apiKey: apiKey, newEmail: newEmail })
-      });
-      var data = await res.json();
-
-      if (!res.ok) {
-        showStep('ceStepInitial');
-        showError('ceError', data.error || 'Something went wrong. Please try again.');
-        btn.disabled = false;
-        return;
-      }
-
-      _apiKey = apiKey;
-      _newEmail = newEmail;
-      document.getElementById('ceEmailDisplay').textContent = newEmail;
-      showStep('ceStepVerify');
-      document.getElementById('ceCode').focus();
-    } catch (err) {
-      showStep('ceStepInitial');
-      showError('ceError', 'Network error. Please try again.');
-      btn.disabled = false;
-    }
-  }
-
-  async function handleVerify() {
-    var code = document.getElementById('ceCode').value.trim();
-    hideError('ceVerifyError');
-
-    if (!code || !/^\d{6}$/.test(code)) {
-      showError('ceVerifyError', 'Please enter the 6-digit code.');
-      return;
-    }
-
-    var btn = document.getElementById('ceVerifyBtn');
-    btn.disabled = true;
-
-    try {
-      var res = await fetch('/v1/email-change/verify', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ apiKey: _apiKey, newEmail: _newEmail, code: code })
-      });
-      var data = await res.json();
-
-      if (!res.ok) {
-        showError('ceVerifyError', data.error || 'Verification failed. Please try again.');
-        btn.disabled = false;
-        return;
-      }
-
-      document.getElementById('ceSuccessEmail').textContent = data.newEmail || _newEmail;
-      showStep('ceStepSuccess');
-    } catch (err) {
-      showError('ceVerifyError', 'Network error. Please try again.');
-      btn.disabled = false;
-    }
-  }
-
-  document.addEventListener('DOMContentLoaded', function () {
-    document.getElementById('ceSendBtn').addEventListener('click', handleSend);
-    document.getElementById('ceVerifyBtn').addEventListener('click', handleVerify);
-
-    // Allow Enter key in inputs
-    document.getElementById('ceNewEmail').addEventListener('keydown', function(e) {
-      if (e.key === 'Enter') handleSend();
-    });
-    document.getElementById('ceCode').addEventListener('keydown', function(e) {
-      if (e.key === 'Enter') handleVerify();
-    });
-  });
-})();
-</script>
-
-</body>
-</html>
diff --git a/public/status.html b/public/status.html
index 9ba85f1..aa51b31 100644
--- a/public/status.html
+++ b/public/status.html
@@ -95,7 +95,6 @@ footer .container { display: flex; justify-content: space-between; align-items:
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
       <a href="/status">API Status</a>
-      <a href="/change-email">Change Email</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
diff --git a/public/terms.html b/public/terms.html
index 7a0ad71..8c9d0ca 100644
--- a/public/terms.html
+++ b/public/terms.html
@@ -20,7 +20,7 @@ body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Robo
 a { color: var(--accent); text-decoration: none; transition: color 0.2s; }
 a:hover { color: var(--accent-hover); }
 .container { max-width: 800px; margin: 0 auto; padding: 0 24px; }
-nav { padding: 20px 0; border-bottom: 1px solid var(--border); }
+nav { padding: 20px 0; border-bottom: 1px solid var(--border); position: sticky; top: 0; background: var(--bg); z-index: 100; }
 nav .container { display: flex; align-items: center; justify-content: space-between; }
 .logo { font-size: 1.25rem; font-weight: 700; letter-spacing: -0.5px; color: var(--fg); display: flex; align-items: center; gap: 8px; text-decoration: none; }
 .logo span { color: var(--accent); }
@@ -44,6 +44,8 @@ footer .container { display: flex; justify-content: space-between; align-items:
   footer .container { flex-direction: column; text-align: center; }
   .nav-links { gap: 16px; }
 }
+
+.sr-only { position: absolute; width: 1px; height: 1px; padding: 0; margin: -1px; overflow: hidden; clip: rect(0,0,0,0); white-space: nowrap; border: 0; }
 </style>
 </head>
 <body>
@@ -138,7 +140,7 @@ footer .container { display: flex; justify-content: space-between; align-items:
     <ul>
       <li><strong>Target:</strong> 99.5% uptime (best effort, no SLA for free tier)</li>
       <li><strong>Maintenance:</strong> Scheduled maintenance with advance notice</li>
-      <li><strong>Status page:</strong> <a href="/health">https://docfast.dev/health</a></li>
+      <li><strong>Status page:</strong> <a href="/status">https://docfast.dev/status</a></li>
     </ul>
 
     <h3>5.2 Performance</h3>
@@ -250,9 +252,7 @@ footer .container { display: flex; justify-content: space-between; align-items:
     <div class="footer-links">
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
-      <a href="/health">API Status</a>
-      <a href="/#change-email" class="open-email-change">Change Email</a>
-      <a href="mailto:support@docfast.dev">Support</a>
+      <a href="/status">API Status</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>
       <a href="/terms">Terms of Service</a>
diff --git a/src/index.ts b/src/index.ts
index 3562e2f..006bd61 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -12,7 +12,6 @@ import { healthRouter } from "./routes/health.js";
 import { signupRouter } from "./routes/signup.js";
 import { recoverRouter } from "./routes/recover.js";
 import { billingRouter } from "./routes/billing.js";
-import { emailChangeRouter } from "./routes/email-change.js";
 import { authMiddleware } from "./middleware/auth.js";
 import { usageMiddleware, loadUsageData } from "./middleware/usage.js";
 import { getUsageStats } from "./middleware/usage.js";
@@ -56,7 +55,6 @@ app.use((req, res, next) => {
   const isAuthBillingRoute = req.path.startsWith('/v1/signup') || 
                              req.path.startsWith('/v1/recover') || 
                              req.path.startsWith('/v1/billing') ||
-                             req.path.startsWith('/v1/email-change');
   
   if (isAuthBillingRoute) {
     res.setHeader("Access-Control-Allow-Origin", "https://docfast.dev");
@@ -97,7 +95,6 @@ app.use("/health", healthRouter);
 app.use("/v1/signup", signupRouter);
 app.use("/v1/recover", recoverRouter);
 app.use("/v1/billing", billingRouter);
-app.use("/v1/email-change", emailChangeRouter);
 
 // Authenticated routes — conversion routes get tighter body limits (500KB)
 const convertBodyLimit = express.json({ limit: "500kb" });
@@ -217,11 +214,6 @@ app.get("/terms", (_req, res) => {
   res.sendFile(path.join(__dirname, "../public/terms.html"));
 });
 
-app.get("/change-email", (_req, res) => {
-  res.setHeader('Cache-Control', 'public, max-age=3600');
-  res.sendFile(path.join(__dirname, "../public/change-email.html"));
-});
-
 app.get("/status", (_req, res) => {
   res.setHeader("Cache-Control", "public, max-age=60");
   res.sendFile(path.join(__dirname, "../public/status.html"));
diff --git a/src/routes/email-change.ts b/src/routes/email-change.ts
deleted file mode 100644
index bf4fdd2..0000000
--- a/src/routes/email-change.ts
+++ /dev/null
@@ -1,99 +0,0 @@
-import { Router } from "express";
-import type { Request, Response } from "express";
-import rateLimit from "express-rate-limit";
-import { createPendingVerification, verifyCode } from "../services/verification.js";
-import { sendVerificationEmail } from "../services/email.js";
-import { getAllKeys, updateKeyEmail } from "../services/keys.js";
-import logger from "../services/logger.js";
-
-const router = Router();
-
-const changeLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 3,
-  message: { error: "Too many attempts. Please try again in 1 hour." },
-  standardHeaders: true,
-  legacyHeaders: false,
-});
-
-router.post("/", changeLimiter, async (req: Request, res: Response) => {
-  const apiKey = req.headers.authorization?.replace(/^Bearer\s+/i, "") || req.body?.apiKey;
-  const newEmail = req.body?.newEmail;
-
-  if (!apiKey || typeof apiKey !== "string") {
-    res.status(400).json({ error: "API key is required (Authorization header or body)." });
-    return;
-  }
-  if (!newEmail || typeof newEmail !== "string" || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(newEmail)) {
-    res.status(400).json({ error: "A valid new email address is required." });
-    return;
-  }
-
-  const cleanEmail = newEmail.trim().toLowerCase();
-  const keys = getAllKeys();
-  const userKey = keys.find((k: any) => k.key === apiKey);
-
-  if (!userKey) {
-    res.status(401).json({ error: "Invalid API key." });
-    return;
-  }
-
-  const existing = keys.find((k: any) => k.email === cleanEmail);
-  if (existing) {
-    res.status(409).json({ error: "This email is already associated with another account." });
-    return;
-  }
-
-  const pending = await createPendingVerification(cleanEmail);
-
-  sendVerificationEmail(cleanEmail, (pending as any).code).catch((err: Error) => {
-    logger.error({ err, email: cleanEmail }, "Failed to send email change verification");
-  });
-
-  res.json({ status: "verification_sent", message: "Verification code sent to your new email address." });
-});
-
-router.post("/verify", changeLimiter, async (req: Request, res: Response) => {
-  const apiKey = req.headers.authorization?.replace(/^Bearer\s+/i, "") || req.body?.apiKey;
-  const { newEmail, code } = req.body || {};
-
-  if (!apiKey || !newEmail || !code) {
-    res.status(400).json({ error: "API key, new email, and code are required." });
-    return;
-  }
-
-  const cleanEmail = newEmail.trim().toLowerCase();
-  const cleanCode = String(code).trim();
-
-  const keys = getAllKeys();
-  const userKey = keys.find((k: any) => k.key === apiKey);
-  if (!userKey) {
-    res.status(401).json({ error: "Invalid API key." });
-    return;
-  }
-
-  const result = await verifyCode(cleanEmail, cleanCode);
-
-  switch (result.status) {
-    case "ok": {
-      const updated = await updateKeyEmail(apiKey, cleanEmail);
-      if (updated) {
-        res.json({ status: "updated", message: "Email address updated successfully.", newEmail: cleanEmail });
-      } else {
-        res.status(500).json({ error: "Failed to update email." });
-      }
-      break;
-    }
-    case "expired":
-      res.status(410).json({ error: "Verification code has expired. Please request a new one." });
-      break;
-    case "max_attempts":
-      res.status(429).json({ error: "Too many failed attempts. Please request a new code." });
-      break;
-    case "invalid":
-      res.status(400).json({ error: "Invalid verification code." });
-      break;
-  }
-});
-
-export { router as emailChangeRouter };
diff --git a/templates/partials/footer.html b/templates/partials/footer.html
index 6c642fe..3659347 100644
--- a/templates/partials/footer.html
+++ b/templates/partials/footer.html
@@ -5,7 +5,6 @@
       <a href="/">Home</a>
       <a href="/docs">Docs</a>
       <a href="/health">API Status</a>
-      <a href="/#change-email" class="open-email-change">Change Email</a>
       <a href="mailto:support@docfast.dev">Support</a>
       <a href="/impressum">Impressum</a>
       <a href="/privacy">Privacy Policy</a>