web/docs/review-notes.md

# Web Review Notes and Applied Fixes

## Scope Reviewed

- `/public/index.html`
- `/public/privacy/index.html`
- `/public/terms/index.html`
- `/docs/secret-system-spec.md`

## Fixes Applied

1. Repaired legal-page integrity.
- Rebuilt terms page because source file was truncated and invalid HTML.
- Added complete legal sections, contact address, and governing-language clause.

2. Corrected public copy conflicts.
- Removed claims that conflict with private-IP posture.
- Removed categorical anti-crypto statement that conflicted with roadmap flexibility.
- Kept language high-level and architecture-accurate.

3. Implemented multilingual landing behavior.
- Added language detection from `navigator.language`.
- Added locale persistence in `localStorage`.
- Added fallback chain to English.
- Added 12 locale bundles and full localized context abstracts.
- Preserved immutable identity string: `edut · עֵדוּת`.

4. Improved accessibility behavior.
- Added translatable skip-link and interaction hint.
- Kept hidden context layer readable for assistive technology.
- Added per-node RTL direction handling for Arabic and Hebrew text.

5. Updated secret system architecture to wallet-first membership flow.
- Replaced SMS/email-first assumptions with wallet signature + membership mint sequence.
- Added membership-gate framing (`membership required`, `membership != product license`).
- Kept notification email optional and post-membership.

6. Privacy policy hardening.
- Removed over-broad ad-tech assumptions.
- Tightened wording to match likely current data handling.
- Added English-authoritative language clause.

## Remaining Advisory Notes

- If legal counsel requires jurisdiction-specific disclosures, privacy/terms should receive formal legal review.
- If deployment serves `/public` as docroot, configure static routing for `/translations` or mirror translation assets accordingly.