feat(beta): add beta testing features and privacy policy page

Implemented comprehensive beta testing system with tier badges and reorganized environment configuration for better maintainability. Beta Testing Features: - Beta banner component with dismissible state (localStorage) - Auto-assign SUPPORTER tier to new registrations (env controlled) - TierBadge component with SUPPORTER/COMFORT tier display - Badge shown in Navbar, ProfilePage, and PublicProfilePage - Environment variables: VITE_BETA_MODE, BETA_AUTO_SUPPORTER Environment Configuration Reorganization: - Moved .env files from root to frontend/ and backend/ directories - Created .env.{development,production}{,.example} structure - Updated docker-compose.yml to use env_file for frontend - All env vars properly namespaced and documented Privacy Policy Implementation: - New /privacy route with dedicated PrivacyPage component - Comprehensive GDPR/RODO compliant privacy policy (privacy.html) - Updated CookieConsent banner to link to /privacy - Added Privacy Policy links to all footers (HomePage, PublicFooter) - Removed privacy section from About Us page HTML Content System: - Replaced react-markdown dependency with simple HTML loader - New HtmlContentPage component for rendering .html files - Converted about-us.md and how-it-works.md to .html format - Inline CSS support for full styling control - Easier content editing without React knowledge Backend Changes: - Registration auto-assigns SUPPORTER tier when BETA_AUTO_SUPPORTER=true - Added accountTier to auth middleware and user routes - Updated public profile endpoint to include accountTier Files: - Added: frontend/.env.{development,production}{,.example} - Added: backend/.env variables for BETA_AUTO_SUPPORTER - Added: components/BetaBanner.jsx, TierBadge.jsx, HtmlContentPage.jsx - Added: pages/PrivacyPage.jsx - Added: public/content/{about-us,how-it-works,privacy}.html - Modified: docker-compose.yml (env_file configuration) - Modified: App.jsx (privacy route, beta banner) - Modified: auth.js (auto SUPPORTER tier logic)
2025-12-06 11:50:28 +01:00
parent a786b1d92d
commit e2b10387c2
28 changed files with 841 additions and 251 deletions
--- a/backend/.env.development.example
+++ b/backend/.env.development.example
@@ -67,3 +67,7 @@ TURNSTILE_SECRET_KEY=your-secret-key-here
 # Get your credentials from: https://dash.cloudflare.com/ -> Calls -> TURN
 CLOUDFLARE_TURN_TOKEN_ID=your-turn-token-id-here
 CLOUDFLARE_TURN_API_TOKEN=your-turn-api-token-here
 # Beta Testing
 # Auto-assign SUPPORTER tier to new registrations during beta
 BETA_AUTO_SUPPORTER=false
--- a/backend/.env.production.example
+++ b/backend/.env.production.example
@@ -62,3 +62,12 @@ MATCHING_MIN_INTERVAL_SEC=120
 # Cloudflare Turnstile (CAPTCHA)
 # Get your secret key from: https://dash.cloudflare.com/
 TURNSTILE_SECRET_KEY=your-production-secret-key-here
 # Cloudflare TURN/STUN
 # Get your credentials from: https://dash.cloudflare.com/ -> Calls -> TURN
 CLOUDFLARE_TURN_TOKEN_ID=your-production-turn-token-id-here
 CLOUDFLARE_TURN_API_TOKEN=your-production-turn-api-token-here
 # Beta Testing
 # Auto-assign SUPPORTER tier to new registrations during beta
 BETA_AUTO_SUPPORTER=false
--- a/backend/src/controllers/auth.js
+++ b/backend/src/controllers/auth.js
@@ -81,6 +81,10 @@ async function register(req, res, next) {
      ? `${firstName} ${lastName}`
      : username;
    // Check if beta auto-supporter is enabled
    const betaAutoSupporter = process.env.BETA_AUTO_SUPPORTER === 'true';
    const accountTier = betaAutoSupporter ? 'SUPPORTER' : 'BASIC';
    // Create user
    const user = await prisma.user.create({
      data: {
@@ -94,6 +98,7 @@ async function register(req, res, next) {
        verificationCode,
        verificationTokenExpiry,
        emailVerified: false,
        accountTier,
        avatar: `https://ui-avatars.com/api/?name=${encodeURIComponent(displayName)}&background=6366f1&color=fff`,
      },
      select: {
@@ -104,6 +109,7 @@ async function register(req, res, next) {
        lastName: true,
        wsdcId: true,
        emailVerified: true,
        accountTier: true,
        avatar: true,
        createdAt: true,
      },
--- a/backend/src/middleware/auth.js
+++ b/backend/src/middleware/auth.js
@@ -39,6 +39,7 @@ async function authenticate(req, res, next) {
        firstName: true,
        lastName: true,
        wsdcId: true,
        accountTier: true,
        avatar: true,
        createdAt: true,
        updatedAt: true,
--- a/backend/src/routes/users.js
+++ b/backend/src/routes/users.js
@@ -94,6 +94,7 @@ router.get('/:username', async (req, res, next) => {
        firstName: true,
        lastName: true,
        wsdcId: true,
        accountTier: true,
        youtubeUrl: true,
        instagramUrl: true,
        facebookUrl: true,
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -60,11 +60,11 @@ services:
    volumes:
      - ./frontend:/app
      - /app/node_modules
    env_file:
      - ./frontend/.env.development
    environment:
      - NODE_ENV=development
      - VITE_HOST=0.0.0.0
      - VITE_ALLOWED_HOSTS=${VITE_ALLOWED_HOSTS:-all}
      - VITE_TURNSTILE_SITE_KEY=${VITE_TURNSTILE_SITE_KEY}
    stdin_open: true
    tty: true
    command: npm run dev
--- a/frontend/.env.development
+++ b/frontend/.env.development
@@ -0,0 +1,24 @@
 # Frontend - Vite Allowed Hosts
 # Comma-separated list of allowed hostnames
 # Use 'all' to allow all hosts (NOT recommended for production)
 VITE_ALLOWED_HOSTS=localhost,spotlight.cam,.spotlight.cam
 # Alternative: Allow all hosts (development only)
 # VITE_ALLOWED_HOSTS=all
 # Cloudflare Turnstile (CAPTCHA)
 # Get your keys from: https://dash.cloudflare.com/
 VITE_TURNSTILE_SITE_KEY=0x4AAAAAACE_ByYyzwZKe5sC
 # Google Analytics 4
 # Format: G-XXXXXXXXXX
 # Get your measurement ID from: https://analytics.google.com/
 VITE_GA_MEASUREMENT_ID=
 # Beta Testing Features
 # Set to 'true' to show beta banner and enable beta features
 VITE_BETA_MODE=true
 # Auto-assign SUPPORTER tier to new registrations during beta
 # Set to 'true' to automatically grant SUPPORTER tier to new users
 VITE_BETA_AUTO_SUPPORTER=true
--- a/frontend/.env.development.example
+++ b/frontend/.env.development.example
@@ -14,3 +14,11 @@ VITE_TURNSTILE_SITE_KEY=your-site-key-here
 # Format: G-XXXXXXXXXX
 # Get your measurement ID from: https://analytics.google.com/
 VITE_GA_MEASUREMENT_ID=
 # Beta Testing Features
 # Set to 'true' to show beta banner and enable beta features
 VITE_BETA_MODE=false
 # Auto-assign SUPPORTER tier to new registrations during beta
 # Set to 'true' to automatically grant SUPPORTER tier to new users
 VITE_BETA_AUTO_SUPPORTER=false
--- a/frontend/.env.production.example
+++ b/frontend/.env.production.example
@@ -0,0 +1,20 @@
 # Frontend - Vite Allowed Hosts
 # Comma-separated list of allowed hostnames
 VITE_ALLOWED_HOSTS=spotlight.cam,.spotlight.cam
 # Cloudflare Turnstile (CAPTCHA)
 # Get your keys from: https://dash.cloudflare.com/
 VITE_TURNSTILE_SITE_KEY=your-production-site-key-here
 # Google Analytics 4
 # Format: G-XXXXXXXXXX
 # Get your measurement ID from: https://analytics.google.com/
 VITE_GA_MEASUREMENT_ID=
 # Beta Testing Features
 # Set to 'true' to show beta banner and enable beta features
 VITE_BETA_MODE=false
 # Auto-assign SUPPORTER tier to new registrations during beta
 # Set to 'true' to automatically grant SUPPORTER tier to new users
 VITE_BETA_AUTO_SUPPORTER=false
--- a/frontend/public/content/about-us.html
+++ b/frontend/public/content/about-us.html
@@ -0,0 +1,108 @@
 <style>
  .content-wrapper {
    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
    line-height: 1.6;
    color: #333;
  }
  .content-wrapper h1 {
    font-size: 2.25rem;
    font-weight: 700;
    margin-bottom: 1.5rem;
    color: #1f2937;
  }
  .content-wrapper h2 {
    font-size: 1.875rem;
    font-weight: 700;
    margin-top: 2.5rem;
    margin-bottom: 1rem;
    color: #1f2937;
    border-bottom: 2px solid #e5e7eb;
    padding-bottom: 0.5rem;
  }
  .content-wrapper p {
    margin-bottom: 1.25rem;
    color: #4b5563;
  }
  .content-wrapper a {
    color: #6366f1;
    text-decoration: underline;
  }
  .content-wrapper a:hover {
    color: #4f46e5;
  }
  .content-wrapper hr {
    margin: 2.5rem 0;
    border: 0;
    border-top: 1px solid #e5e7eb;
  }
  .intro-text {
    font-size: 1.125rem;
    color: #1f2937;
    margin-bottom: 1.5rem;
  }
  .footer-links {
    margin-top: 2rem;
    padding-top: 1.5rem;
    border-top: 1px solid #e5e7eb;
    color: #6b7280;
    font-size: 0.875rem;
  }
 </style>
 <div class="content-wrapper">
  <h1>About Us</h1>
  <p class="intro-text">
    Hi, I'm Radek – a software engineer, a West Coast Swing dancer and the person behind <strong>spotlight.cam</strong>.
  </p>
  <p>
    Spotlight.cam is a project built by someone who actually stands in the same registration lines, dances in the same heats and scrolls through the same event pages as you :P
  </p>
  <p>
    If we ever meet at an event, I'll probably be somewhere near the dance floor, probably pressing "record" on someone's spotlight.
  </p>
  <p>
    To be fair, the original idea for this service was actually dropped on me by a friend who was tired of hunting for someone to film her dances – I just did what any backend developer / DevOps / Linux admin would do: said "okay, that shouldn't be that hard… right?", opened my editor, set up a few servers and scripts… and suddenly we had a new project on our hands 😅 I also had a not-so-secret teammate: AI. Without it, this would probably still be stuck in my "one day" folder for about a year 😄
  </p>
  <h2>The Vision</h2>
  <p>
    Our goal is to make it easier for dancers to capture and share their competition moments. No more running around looking for someone with a free hand to record your heat. No more missing your own spotlight because you were recording someone else's.
  </p>
  <p>
    We're building a platform that connects dancers who want to help each other out, making the whole process smoother, fairer, and more organized.
  </p>
  <h2>Technology</h2>
  <p>
    Under the hood, spotlight.cam uses modern web technologies to deliver a fast, secure, and reliable experience:
  </p>
  <ul>
    <li><strong>WebRTC peer-to-peer transfers</strong> - your videos are sent directly between devices, never stored on our servers</li>
    <li><strong>Real-time chat</strong> - coordinate with your recording partners instantly</li>
    <li><strong>Smart auto-matching</strong> - fairness algorithms ensure everyone gets help</li>
    <li><strong>End-to-end encryption</strong> - your data is protected at every step</li>
  </ul>
  <div class="footer-links">
    <p>
      Have questions? Check out our <a href="/how-it-works">How It Works</a> page,
      read our <a href="/privacy">Privacy Policy</a>, or <a href="/contact">contact us</a> directly.
    </p>
  </div>
 </div>
--- a/frontend/public/content/about-us.md
+++ b/frontend/public/content/about-us.md
@@ -1,33 +0,0 @@
 Hi, I'm Radek – a software engineer, a West Coast Swing dancer and the person behind **spotlight.cam**.
 Spotlight.cam is a project built by someone who actually stands in the same registration lines, dances in the same heats and scrolls through the same event pages as you :P
 If we ever meet at an event, I'll probably be somewhere near the dance floor, probably pressing "record" on someone's spotlight.
 To be fair, the original idea for this service was actually dropped on me by a friend who was tired of hunting for someone to film her dances – I just did what any backend developer / DevOps / Linux admin would do: said "okay, that shouldn't be that hard… right?", opened my editor, set up a few servers and scripts… and suddenly we had a new project on our hands 😅 I also had a not-so-secret teammate: AI. Without it, this would probably still be stuck in my "one day" folder for about a year 😄
 ---
 ## Privacy & Cookies
 We use cookies and similar technologies to provide you with a better experience. Here's what you should know:
 ### What cookies do we use?
 - **Essential cookies**: Required for authentication and core functionality (login sessions, security)
 - **Analytics**: To understand how people use the platform and improve it
 - **Preferences**: To remember your settings and preferences
 ### Your data
 We respect your privacy and comply with GDPR/RODO regulations. We:
 - Only collect data necessary for the service to function
 - Never sell your personal information to third parties
 - Store your data securely
 - Allow you to delete your account and data at any time
 ### Contact
 If you have any questions about privacy or cookies, feel free to reach out through our [contact page](/contact).
--- a/frontend/public/content/how-it-works.html
+++ b/frontend/public/content/how-it-works.html
@@ -0,0 +1,120 @@
 <style>
  .content-wrapper {
    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
    line-height: 1.6;
    color: #333;
  }
  .content-wrapper h1 {
    font-size: 2.25rem;
    font-weight: 700;
    margin-bottom: 1.5rem;
    color: #1f2937;
  }
  .content-wrapper h2 {
    font-size: 1.875rem;
    font-weight: 700;
    margin-top: 2.5rem;
    margin-bottom: 1rem;
    color: #1f2937;
    border-bottom: 2px solid #e5e7eb;
    padding-bottom: 0.5rem;
  }
  .content-wrapper h3 {
    font-size: 1.5rem;
    font-weight: 600;
    margin-top: 2rem;
    margin-bottom: 0.75rem;
    color: #374151;
  }
  .content-wrapper p {
    margin-bottom: 1.25rem;
    color: #4b5563;
  }
  .content-wrapper ol {
    list-style: decimal;
    margin-left: 1.5rem;
    margin-bottom: 1.25rem;
  }
  .content-wrapper li {
    margin-bottom: 0.75rem;
    color: #4b5563;
  }
  .content-wrapper strong {
    font-weight: 600;
    color: #1f2937;
  }
  .content-wrapper a {
    color: #6366f1;
    text-decoration: underline;
  }
  .content-wrapper a:hover {
    color: #4f46e5;
  }
  .content-wrapper hr {
    margin: 2.5rem 0;
    border: 0;
    border-top: 1px solid #e5e7eb;
  }
  .footer-text {
    font-style: italic;
    color: #6b7280;
    margin-top: 2rem;
  }
 </style>
 <div class="content-wrapper">
  <h1>How It Works</h1>
  <h2>Lorem Ipsum</h2>
  <p>
    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
  </p>
  <h2>Ut Enim Ad Minim</h2>
  <p>
    Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat:
  </p>
  <ol>
    <li><strong>Duis aute irure</strong> - Dolor in reprehenderit in voluptate velit esse cillum dolore</li>
    <li><strong>Eu fugiat nulla</strong> - Pariatur excepteur sint occaecat cupidatat non proident</li>
    <li><strong>Sunt in culpa</strong> - Qui officia deserunt mollit anim id est laborum</li>
  </ol>
  <h2>Sed Ut Perspiciatis</h2>
  <p>
    Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.
  </p>
  <h2>Nemo Enim Ipsam</h2>
  <p>
    Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.
  </p>
  <h3>Neque Porro Quisquam</h3>
  <p>
    Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.
  </p>
  <hr>
  <p class="footer-text">
    For questions or feedback, <a href="/contact">contact us</a>.
  </p>
 </div>
--- a/frontend/public/content/how-it-works.md
+++ b/frontend/public/content/how-it-works.md
@@ -1,29 +0,0 @@
 # How It Works
 ## Lorem Ipsum
 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
 ## Ut Enim Ad Minim
 Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat:
 1. **Duis aute irure** - Dolor in reprehenderit in voluptate velit esse cillum dolore
 2. **Eu fugiat nulla** - Pariatur excepteur sint occaecat cupidatat non proident
 3. **Sunt in culpa** - Qui officia deserunt mollit anim id est laborum
 ## Sed Ut Perspiciatis
 Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.
 ## Nemo Enim Ipsam
 Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.
 ### Neque Porro Quisquam
 Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.
 ---
 *For questions or feedback, [contact us](/contact).*
--- a/frontend/public/content/privacy.html
+++ b/frontend/public/content/privacy.html
@@ -0,0 +1,240 @@
 <style>
  .privacy-wrapper {
    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
    line-height: 1.6;
    color: #333;
  }
  .privacy-wrapper h1 {
    font-size: 2.25rem;
    font-weight: 700;
    margin-bottom: 1.5rem;
    color: #1f2937;
  }
  .privacy-wrapper h2 {
    font-size: 1.875rem;
    font-weight: 700;
    margin-top: 2.5rem;
    margin-bottom: 1rem;
    color: #1f2937;
    border-bottom: 2px solid #e5e7eb;
    padding-bottom: 0.5rem;
  }
  .privacy-wrapper h3 {
    font-size: 1.5rem;
    font-weight: 600;
    margin-top: 2rem;
    margin-bottom: 0.75rem;
    color: #374151;
  }
  .privacy-wrapper p {
    margin-bottom: 1.25rem;
    color: #4b5563;
  }
  .privacy-wrapper ul {
    list-style: disc;
    margin-left: 1.5rem;
    margin-bottom: 1.25rem;
  }
  .privacy-wrapper li {
    margin-bottom: 0.5rem;
    color: #4b5563;
  }
  .privacy-wrapper strong {
    font-weight: 600;
    color: #1f2937;
  }
  .privacy-wrapper a {
    color: #6366f1;
    text-decoration: underline;
  }
  .privacy-wrapper a:hover {
    color: #4f46e5;
  }
  .privacy-wrapper hr {
    margin: 2.5rem 0;
    border: 0;
    border-top: 1px solid #e5e7eb;
  }
  .intro-text {
    font-size: 1.125rem;
    color: #1f2937;
    margin-bottom: 1.5rem;
    background-color: #f3f4f6;
    padding: 1rem;
    border-radius: 0.5rem;
    border-left: 4px solid #6366f1;
  }
  .last-updated {
    color: #6b7280;
    font-size: 0.875rem;
    margin-bottom: 2rem;
  }
 </style>
 <div class="privacy-wrapper">
  <h1>Privacy Policy & Cookie Policy</h1>
  <p class="last-updated">Last updated: December 2025</p>
  <p class="intro-text">
    At <strong>spotlight.cam</strong>, we respect your privacy and are committed to protecting your personal data.
    This policy explains how we collect, use, and safeguard your information in compliance with GDPR/RODO regulations.
  </p>
  <h2>Information We Collect</h2>
  <h3>Account Information</h3>
  <ul>
    <li><strong>Registration data</strong>: Email address, username, password (encrypted), first and last name</li>
    <li><strong>Profile information</strong>: Optional profile details, social media links, location (country and city)</li>
    <li><strong>WSDC integration</strong>: Optional WSDC ID for auto-filling profile data from worldsdc.com</li>
  </ul>
  <h3>Usage Data</h3>
  <ul>
    <li><strong>Activity logs</strong>: Login history, event participation, match requests, and chat activity</li>
    <li><strong>Technical data</strong>: IP address (for security and rate limiting), browser type, device information</li>
    <li><strong>Analytics</strong>: Page views, feature usage, and user interactions (via Google Analytics 4, only if cookies accepted)</li>
  </ul>
  <h3>Communication Data</h3>
  <ul>
    <li><strong>Chat messages</strong>: Event chat and private match chat messages (stored securely)</li>
    <li><strong>Contact form submissions</strong>: Name, email, subject, and message content</li>
  </ul>
  <h2>Cookies We Use</h2>
  <p>
    We use cookies and similar technologies to provide you with a better experience. Here's what cookies we use:
  </p>
  <h3>Essential Cookies (Always Active)</h3>
  <ul>
    <li><strong>Authentication cookies</strong>: Keep you logged in securely (JWT tokens)</li>
    <li><strong>Security cookies</strong>: CSRF protection, session management</li>
    <li><strong>Preference cookies</strong>: Remember your settings and choices</li>
  </ul>
  <p><em>These cookies are necessary for the platform to function and cannot be disabled.</em></p>
  <h3>Analytics Cookies (Optional)</h3>
  <ul>
    <li><strong>Google Analytics 4</strong>: Helps us understand how users interact with the platform</li>
    <li><strong>Usage tracking</strong>: Page views, feature usage, user flow analysis</li>
  </ul>
  <p><em>These cookies are only activated after you accept them via the cookie consent banner.</em></p>
  <h2>How We Use Your Data</h2>
  <p>We use your personal data for the following purposes:</p>
  <ul>
    <li><strong>Account management</strong>: Create and maintain your user account</li>
    <li><strong>Service delivery</strong>: Provide matchmaking, chat, WebRTC file transfer, and event participation features</li>
    <li><strong>Communication</strong>: Send verification emails, password reset links, and service notifications</li>
    <li><strong>Security</strong>: Prevent fraud, detect abuse, enforce rate limits, and protect user accounts</li>
    <li><strong>Analytics</strong>: Improve the platform based on usage patterns (only if cookies accepted)</li>
    <li><strong>Legal compliance</strong>: Maintain activity logs for security audits and comply with legal obligations</li>
  </ul>
  <h2>Data Sharing & Third Parties</h2>
  <p>We respect your privacy. Here's what we <strong>do</strong> and <strong>don't do</strong> with your data:</p>
  <h3>We DO:</h3>
  <ul>
    <li><strong>Use AWS SES</strong> for sending transactional emails (verification, password reset)</li>
    <li><strong>Use Cloudflare</strong> for CAPTCHA (Turnstile) and WebRTC TURN/STUN servers</li>
    <li><strong>Use Google Analytics 4</strong> for usage analytics (only if you accept cookies)</li>
    <li><strong>Integrate with worldsdc.com</strong> to auto-fill profile data (if you provide WSDC ID)</li>
  </ul>
  <h3>We DON'T:</h3>
  <ul>
    <li><strong>Sell your data</strong> to third parties or advertisers</li>
    <li><strong>Share your personal information</strong> with anyone without your consent (except as required by law)</li>
    <li><strong>Store your videos</strong> on our servers - WebRTC transfers are peer-to-peer and end-to-end encrypted</li>
  </ul>
  <h2>Data Security</h2>
  <p>We implement industry-standard security measures to protect your data:</p>
  <ul>
    <li><strong>Password encryption</strong>: Passwords are hashed using bcrypt (10 salt rounds)</li>
    <li><strong>JWT authentication</strong>: Secure token-based authentication with httpOnly cookies in production</li>
    <li><strong>HTTPS encryption</strong>: All data transmitted over secure HTTPS connections</li>
    <li><strong>Rate limiting</strong>: Protection against brute force attacks and spam</li>
    <li><strong>Account lockout</strong>: Automatic account protection after failed login attempts</li>
    <li><strong>WebRTC encryption</strong>: P2P file transfers are end-to-end encrypted (DTLS/SRTP)</li>
    <li><strong>Database security</strong>: Parameterized queries prevent SQL injection attacks</li>
  </ul>
  <h2>Your Rights (GDPR/RODO)</h2>
  <p>Under GDPR/RODO, you have the following rights:</p>
  <ul>
    <li><strong>Right to access</strong>: Request a copy of your personal data</li>
    <li><strong>Right to rectification</strong>: Correct inaccurate or incomplete data</li>
    <li><strong>Right to erasure</strong>: Delete your account and all associated data</li>
    <li><strong>Right to data portability</strong>: Export your data in a machine-readable format</li>
    <li><strong>Right to object</strong>: Object to certain types of data processing</li>
    <li><strong>Right to withdraw consent</strong>: Withdraw cookie consent at any time</li>
  </ul>
  <p>
    To exercise any of these rights, please <a href="/contact">contact us</a>.
  </p>
  <h2>Data Retention</h2>
  <ul>
    <li><strong>Active accounts</strong>: Data retained as long as your account is active</li>
    <li><strong>Deleted accounts</strong>: Personal data permanently deleted within 30 days of account deletion</li>
    <li><strong>Activity logs</strong>: Security logs retained for 90 days for audit purposes</li>
    <li><strong>Chat messages</strong>: Retained as long as the match/event exists or account is active</li>
  </ul>
  <h2>Children's Privacy</h2>
  <p>
    Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children.
    If you believe a child has provided us with personal data, please <a href="/contact">contact us</a> immediately.
  </p>
  <h2>Changes to This Policy</h2>
  <p>
    We may update this Privacy Policy from time to time. We will notify users of significant changes via email or
    prominent notice on the platform. The "Last updated" date at the top of this page shows when the policy was last revised.
  </p>
  <h2>Contact Us</h2>
  <p>
    If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data,
    please contact us through our <a href="/contact">contact page</a>.
  </p>
  <hr>
  <p style="color: #6b7280; font-size: 0.875rem; text-align: center;">
    <strong>spotlight.cam</strong> - Dance Event Video Exchange Platform<br>
    Built with privacy and security in mind. 🔒
  </p>
 </div>
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -26,10 +26,12 @@ import ContactMessagesPage from './pages/admin/ContactMessagesPage';
 import ContactPage from './pages/ContactPage';
 import AboutUsPage from './pages/AboutUsPage';
 import HowItWorksPage from './pages/HowItWorksPage';
 import PrivacyPage from './pages/PrivacyPage';
 import NotFoundPage from './pages/NotFoundPage';
 import VerificationBanner from './components/common/VerificationBanner';
 import InstallPWA from './components/pwa/InstallPWA';
 import CookieConsent from './components/common/CookieConsent';
 import BetaBanner from './components/BetaBanner';
 // Protected Route Component with Verification Banner
 const ProtectedRoute = ({ children }) => {
@@ -98,6 +100,9 @@ function App() {
    <BrowserRouter>
      <AuthProvider>
        <AnalyticsWrapper>
          {/* Beta Testing Banner */}
          <BetaBanner />
          {/* PWA Install Prompt */}
          <InstallPWA />
@@ -263,6 +268,9 @@ function App() {
          {/* How It Works Page - Public route */}
          <Route path="/how-it-works" element={<HowItWorksPage />} />
          {/* Privacy Policy Page - Public route */}
          <Route path="/privacy" element={<PrivacyPage />} />
          {/* Public Profile - /u/username format (no auth required) */}
          <Route path="/u/:username" element={<PublicProfilePage />} />
--- a/frontend/src/components/BetaBanner.jsx
+++ b/frontend/src/components/BetaBanner.jsx
@@ -0,0 +1,63 @@
 import { useState, useEffect } from 'react';
 import { X } from 'lucide-react';
 const BetaBanner = () => {
  const [isVisible, setIsVisible] = useState(false);
  const [isClosing, setIsClosing] = useState(false);
  const betaMode = import.meta.env.VITE_BETA_MODE === 'true';
  useEffect(() => {
    if (!betaMode) {
      setIsVisible(false);
      return;
    }
    // Check if banner was dismissed
    const dismissed = localStorage.getItem('betaBannerDismissed');
    if (!dismissed) {
      setIsVisible(true);
    }
  }, [betaMode]);
  const handleDismiss = () => {
    setIsClosing(true);
    setTimeout(() => {
      setIsVisible(false);
      localStorage.setItem('betaBannerDismissed', 'true');
    }, 300); // Match animation duration
  };
  if (!isVisible || !betaMode) {
    return null;
  }
  return (
    <div
      className={`bg-gradient-to-r from-purple-600 to-blue-600 text-white px-4 py-3 shadow-lg transition-all duration-300 ${
        isClosing ? 'opacity-0 -translate-y-full' : 'opacity-100 translate-y-0'
      }`}
    >
      <div className="max-w-7xl mx-auto flex items-center justify-between gap-4">
        <div className="flex items-center gap-3 flex-1">
          <span className="bg-white/20 backdrop-blur-sm px-3 py-1 rounded-full text-sm font-semibold uppercase tracking-wide">
            Beta
          </span>
          <p className="text-sm md:text-base">
            <span className="font-semibold">Welcome to our beta testing!</span>
            <span className="hidden sm:inline"> Help us improve by reporting any issues or suggestions.</span>
            <span className="ml-2 text-purple-200">All beta testers get SUPPORTER status! 🎉</span>
          </p>
        </div>
        <button
          onClick={handleDismiss}
          className="flex-shrink-0 p-1 hover:bg-white/20 rounded-lg transition-colors duration-200"
          aria-label="Dismiss banner"
        >
          <X className="w-5 h-5" />
        </button>
      </div>
    </div>
  );
 };
 export default BetaBanner;
--- a/frontend/src/components/HtmlContentPage.jsx
+++ b/frontend/src/components/HtmlContentPage.jsx
@@ -0,0 +1,70 @@
 import { useState, useEffect } from 'react';
 import PublicLayout from './layout/PublicLayout';
 import { Loader2 } from 'lucide-react';
 /**
 * Generic component for rendering HTML content from public/content/*.html files
 * Supports inline CSS and full HTML structure
 */
 export default function HtmlContentPage({ contentFile, pageTitle = 'Page' }) {
  const [content, setContent] = useState('');
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState('');
  useEffect(() => {
    // Fetch HTML content
    fetch(`/content/${contentFile}`)
      .then(response => {
        if (!response.ok) {
          throw new Error('Failed to load content');
        }
        return response.text();
      })
      .then(html => {
        setContent(html);
        setLoading(false);
      })
      .catch(err => {
        console.error(`Error loading ${contentFile}:`, err);
        setError('Failed to load page content');
        setLoading(false);
      });
  }, [contentFile]);
  if (loading) {
    return (
      <PublicLayout pageTitle={pageTitle}>
        <div className="min-h-screen flex items-center justify-center">
          <Loader2 className="w-8 h-8 text-primary-600 animate-spin" />
        </div>
      </PublicLayout>
    );
  }
  if (error) {
    return (
      <PublicLayout pageTitle={pageTitle}>
        <div className="min-h-screen flex items-center justify-center">
          <div className="text-center">
            <p className="text-red-600 text-lg mb-2">{error}</p>
            <p className="text-gray-600">Please try again later.</p>
          </div>
        </div>
      </PublicLayout>
    );
  }
  return (
    <PublicLayout pageTitle={pageTitle}>
      <div className="min-h-screen bg-gray-50 py-12">
        <div className="max-w-4xl mx-auto px-4">
          {/* Render raw HTML with inline styles */}
          <div
            className="bg-white rounded-lg shadow-sm p-8"
            dangerouslySetInnerHTML={{ __html: content }}
          />
        </div>
      </div>
    </PublicLayout>
  );
 }
--- a/frontend/src/components/common/CookieConsent.jsx
+++ b/frontend/src/components/common/CookieConsent.jsx
@@ -57,12 +57,12 @@ const CookieConsent = () => {
                We use cookies and similar technologies to enhance your experience, analyze site traffic,
                and for authentication purposes. By clicking "Accept", you consent to our use of cookies.{' '}
                <a
-                  href="/about-us"
+                  href="/privacy"
                  className="text-primary-600 hover:text-primary-700 underline"
                  target="_blank"
                  rel="noopener noreferrer"
                >
-                  Learn more
+                  Privacy Policy
                </a>
              </p>
            </div>
--- a/frontend/src/components/common/TierBadge.jsx
+++ b/frontend/src/components/common/TierBadge.jsx
@@ -0,0 +1,71 @@
 import { Crown, Sparkles, User } from 'lucide-react';
 const TierBadge = ({ tier, size = 'sm', showLabel = false }) => {
  if (!tier || tier === 'BASIC') {
    return null; // Don't show badge for BASIC tier
  }
  const configs = {
    SUPPORTER: {
      icon: Sparkles,
      label: 'Supporter',
      bgColor: 'bg-blue-100',
      textColor: 'text-blue-700',
      borderColor: 'border-blue-300',
      iconColor: 'text-blue-600',
    },
    COMFORT: {
      icon: Crown,
      label: 'Comfort',
      bgColor: 'bg-purple-100',
      textColor: 'text-purple-700',
      borderColor: 'border-purple-300',
      iconColor: 'text-purple-600',
    },
  };
  const config = configs[tier];
  if (!config) return null;
  const sizeClasses = {
    xs: {
      container: 'px-1.5 py-0.5 text-xs',
      icon: 'w-3 h-3',
    },
    sm: {
      container: 'px-2 py-1 text-xs',
      icon: 'w-3.5 h-3.5',
    },
    md: {
      container: 'px-2.5 py-1.5 text-sm',
      icon: 'w-4 h-4',
    },
  };
  const sizes = sizeClasses[size] || sizeClasses.sm;
  const Icon = config.icon;
  if (!showLabel) {
    // Icon only - for compact display
    return (
      <span
        className={`inline-flex items-center justify-center ${config.bgColor} ${config.borderColor} border rounded-full ${sizes.container}`}
        title={config.label}
      >
        <Icon className={`${sizes.icon} ${config.iconColor}`} />
      </span>
    );
  }
  // Full badge with label
  return (
    <span
      className={`inline-flex items-center gap-1 ${config.bgColor} ${config.textColor} ${config.borderColor} border rounded-full ${sizes.container} font-medium`}
    >
      <Icon className={`${sizes.icon} ${config.iconColor}`} />
      <span>{config.label}</span>
    </span>
  );
 };
 export default TierBadge;
--- a/frontend/src/components/layout/Navbar.jsx
+++ b/frontend/src/components/layout/Navbar.jsx
@@ -2,6 +2,7 @@ import { Link, useNavigate } from 'react-router-dom';
 import { useAuth } from '../../contexts/AuthContext';
 import { Video, LogOut, User, History, Users, Menu, X, LayoutDashboard, Calendar, Shield, Mail, Activity, ChevronDown } from 'lucide-react';
 import Avatar from '../common/Avatar';
 import TierBadge from '../common/TierBadge';
 import { useState, useEffect, useRef } from 'react';
 import { matchesAPI } from '../../services/api';
 import { connectSocket, disconnectSocket, getSocket } from '../../services/socket';
@@ -178,7 +179,10 @@ const Navbar = ({ pageTitle = null }) => {
              className="flex items-center space-x-3 px-3 py-2 rounded-md hover:bg-gray-100"
            >
              <Avatar src={user?.avatar} username={user.username} size={32} />
              <div className="flex items-center gap-2">
                <span className="text-sm font-medium text-gray-700">{user.username}</span>
                <TierBadge tier={user.accountTier} size="xs" />
              </div>
            </Link>
            <button
--- a/frontend/src/components/layout/PublicFooter.jsx
+++ b/frontend/src/components/layout/PublicFooter.jsx
@@ -54,6 +54,11 @@ const PublicFooter = () => {
                  Contact Us
                </Link>
              </li>
              <li>
                <Link to="/privacy" className="text-gray-600 hover:text-primary-600 transition-colors">
                  Privacy Policy
                </Link>
              </li>
            </ul>
          </div>
        </div>
--- a/frontend/src/pages/AboutUsPage.jsx
+++ b/frontend/src/pages/AboutUsPage.jsx
@@ -1,91 +1,5 @@
-import { useState, useEffect } from 'react';
+import HtmlContentPage from '../components/HtmlContentPage';
 import ReactMarkdown from 'react-markdown';
 import PublicLayout from '../components/layout/PublicLayout';
 export default function AboutUsPage() {
-  const [content, setContent] = useState('');
+  return <HtmlContentPage contentFile="about-us.html" pageTitle="About Us" />;
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState('');
  useEffect(() => {
    // Fetch markdown content
    fetch('/content/about-us.md')
      .then(response => {
        if (!response.ok) {
          throw new Error('Failed to load content');
        }
        return response.text();
      })
      .then(text => {
        setContent(text);
        setLoading(false);
      })
      .catch(err => {
        console.error('Error loading about-us content:', err);
        setError('Failed to load page content');
        setLoading(false);
      });
  }, []);
  if (loading) {
    return (
      <PublicLayout>
        <div className="bg-gray-50 flex items-center justify-center py-12">
          <div className="text-center">
            <div className="w-12 h-12 border-4 border-primary-600 border-t-transparent rounded-full animate-spin mx-auto mb-4"></div>
            <p className="text-gray-600">Loading...</p>
          </div>
        </div>
      </PublicLayout>
    );
  }
  if (error) {
    return (
      <PublicLayout>
        <div className="bg-gray-50 flex items-center justify-center py-12">
          <div className="text-center">
            <p className="text-red-600">{error}</p>
          </div>
        </div>
      </PublicLayout>
    );
  }
  return (
    <PublicLayout>
      <div className="bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
        <div className="max-w-4xl mx-auto">
          <article className="bg-white rounded-lg shadow-sm p-8 md:p-12 prose prose-lg max-w-none">
            <ReactMarkdown
              components={{
                // Customize link rendering to use React Router for internal links
                a: ({ node, href, children, ...props }) => {
                  const isInternal = href && href.startsWith('/');
                  if (isInternal) {
                    return (
                      <a href={href} {...props}>
                        {children}
                      </a>
                    );
                  }
                  return (
                    <a href={href} target="_blank" rel="noopener noreferrer" {...props}>
                      {children}
                    </a>
                  );
                },
                // Ensure images are responsive
                img: ({ node, ...props }) => (
                  <img className="rounded-lg shadow-md" {...props} alt={props.alt || ''} />
                ),
              }}
            >
              {content}
            </ReactMarkdown>
          </article>
        </div>
      </div>
    </PublicLayout>
  );
 }
--- a/frontend/src/pages/HomePage.jsx
+++ b/frontend/src/pages/HomePage.jsx
@@ -284,6 +284,11 @@ const HomePage = () => {
                    Contact Us
                  </Link>
                </li>
                <li>
                  <Link to="/privacy" className="hover:text-primary-400 transition">
                    Privacy Policy
                  </Link>
                </li>
              </ul>
            </div>
--- a/frontend/src/pages/HowItWorksPage.jsx
+++ b/frontend/src/pages/HowItWorksPage.jsx
@@ -1,91 +1,5 @@
-import { useState, useEffect } from 'react';
+import HtmlContentPage from '../components/HtmlContentPage';
 import ReactMarkdown from 'react-markdown';
 import PublicLayout from '../components/layout/PublicLayout';
 export default function HowItWorksPage() {
-  const [content, setContent] = useState('');
+  return <HtmlContentPage contentFile="how-it-works.html" pageTitle="How It Works" />;
  const [loading, setLoading] = useState(true);
  const [error, setError] = useState('');
  useEffect(() => {
    // Fetch markdown content
    fetch('/content/how-it-works.md')
      .then(response => {
        if (!response.ok) {
          throw new Error('Failed to load content');
        }
        return response.text();
      })
      .then(text => {
        setContent(text);
        setLoading(false);
      })
      .catch(err => {
        console.error('Error loading how-it-works content:', err);
        setError('Failed to load page content');
        setLoading(false);
      });
  }, []);
  if (loading) {
    return (
      <PublicLayout>
        <div className="bg-gray-50 flex items-center justify-center py-12">
          <div className="text-center">
            <div className="w-12 h-12 border-4 border-primary-600 border-t-transparent rounded-full animate-spin mx-auto mb-4"></div>
            <p className="text-gray-600">Loading...</p>
          </div>
        </div>
      </PublicLayout>
    );
  }
  if (error) {
    return (
      <PublicLayout>
        <div className="bg-gray-50 flex items-center justify-center py-12">
          <div className="text-center">
            <p className="text-red-600">{error}</p>
          </div>
        </div>
      </PublicLayout>
    );
  }
  return (
    <PublicLayout>
      <div className="bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
        <div className="max-w-4xl mx-auto">
          <article className="bg-white rounded-lg shadow-sm p-8 md:p-12 prose prose-lg max-w-none">
            <ReactMarkdown
              components={{
                // Customize link rendering to use React Router for internal links
                a: ({ node, href, children, ...props }) => {
                  const isInternal = href && href.startsWith('/');
                  if (isInternal) {
                    return (
                      <a href={href} {...props}>
                        {children}
                      </a>
                    );
                  }
                  return (
                    <a href={href} target="_blank" rel="noopener noreferrer" {...props}>
                      {children}
                    </a>
                  );
                },
                // Ensure images are responsive
                img: ({ node, ...props }) => (
                  <img className="rounded-lg shadow-md" {...props} alt={props.alt || ''} />
                ),
              }}
            >
              {content}
            </ReactMarkdown>
          </article>
        </div>
      </div>
    </PublicLayout>
  );
 }
--- a/frontend/src/pages/PrivacyPage.jsx
+++ b/frontend/src/pages/PrivacyPage.jsx
@@ -0,0 +1,5 @@
 import HtmlContentPage from '../components/HtmlContentPage';
 export default function PrivacyPage() {
  return <HtmlContentPage contentFile="privacy.html" pageTitle="Privacy Policy" />;
 }
--- a/frontend/src/pages/ProfilePage.jsx
+++ b/frontend/src/pages/ProfilePage.jsx
@@ -2,6 +2,7 @@ import { useState } from 'react';
 import { useAuth } from '../contexts/AuthContext';
 import Layout from '../components/layout/Layout';
 import Avatar from '../components/common/Avatar';
 import TierBadge from '../components/common/TierBadge';
 import { ProfileForm, PasswordChangeForm } from '../components/profile';
 import { User, Lock } from 'lucide-react';
@@ -25,9 +26,12 @@ const ProfilePage = () => {
                title={user?.username}
              />
              <div>
                <div className="flex items-center gap-3">
                  <h1 className="text-2xl font-bold text-gray-900">
                    {user?.firstName || user?.username}
                  </h1>
                  <TierBadge tier={user?.accountTier} size="md" showLabel={true} />
                </div>
                <p className="text-gray-600">@{user?.username}</p>
                {!user?.emailVerified && (
                  <p className="text-sm text-yellow-600 mt-1">
--- a/frontend/src/pages/PublicProfilePage.jsx
+++ b/frontend/src/pages/PublicProfilePage.jsx
@@ -4,6 +4,7 @@ import { authAPI, ratingsAPI } from '../services/api';
 import Layout from '../components/layout/Layout';
 import { User, MapPin, Globe, Hash, Youtube, Instagram, Facebook, Award, Star, Calendar, Loader2, ThumbsUp } from 'lucide-react';
 import Avatar from '../components/common/Avatar';
 import TierBadge from '../components/common/TierBadge';
 import NotFoundPage from './NotFoundPage';
 const PublicProfilePage = () => {
@@ -80,11 +81,14 @@ const PublicProfilePage = () => {
                title={profile.username}
              />
              <div className="flex-1 min-w-0">
-                <h1 className="text-3xl font-bold text-gray-900 mb-1">
+                <div className="flex items-center gap-3 mb-1">
                  <h1 className="text-3xl font-bold text-gray-900">
                    {profile.firstName && profile.lastName
                      ? `${profile.firstName} ${profile.lastName}`
                      : profile.username}
                  </h1>
                  <TierBadge tier={profile.accountTier} size="md" showLabel={true} />
                </div>
                <p className="text-lg text-gray-600 mb-4">@{profile.username}</p>
                {/* Location */}
--- a/test-beta-registration.sh
+++ b/test-beta-registration.sh
@@ -0,0 +1,44 @@
 #!/bin/bash
 # Test script for beta registration with SUPPORTER tier
 API_URL="http://localhost:8080/api"
 TIMESTAMP=$(date +%s)
 TEST_USERNAME="betatester${TIMESTAMP}"
 TEST_EMAIL="beta${TIMESTAMP}@example.com"
 TEST_PASSWORD="BetaTest123!"
 echo "================================"
 echo "Beta Registration Test"
 echo "================================"
 echo "Username: $TEST_USERNAME"
 echo "Email: $TEST_EMAIL"
 echo ""
 # Register new user (skip Turnstile for testing)
 echo "1. Registering new user..."
 REGISTER_RESPONSE=$(curl -s -X POST "${API_URL}/auth/register" \
  -H "Content-Type: application/json" \
  -d "{
    \"username\": \"$TEST_USERNAME\",
    \"email\": \"$TEST_EMAIL\",
    \"password\": \"$TEST_PASSWORD\",
    \"firstName\": \"Beta\",
    \"lastName\": \"Tester\",
    \"turnstileToken\": \"dummy-token-for-dev\"
  }")
 echo "Response: $REGISTER_RESPONSE"
 echo ""
 # Extract user ID and account tier
 ACCOUNT_TIER=$(echo "$REGISTER_RESPONSE" | grep -o '"accountTier":"[^"]*"' | cut -d'"' -f4)
 if [ "$ACCOUNT_TIER" == "SUPPORTER" ]; then
  echo "✅ SUCCESS: User registered with SUPPORTER tier!"
 else
  echo "❌ FAILED: Expected SUPPORTER tier, got: $ACCOUNT_TIER"
 fi
 echo ""
 echo "================================"