Apa's dihantar, what's next, and what we're not building.

Dynamic destination URLs

Edit where a printed QR points without reprinting. Source of truth is a shortcode, not the URL on the paper. Live.

Privacy-first analytics

Day-bucketed scan counts by country and device class. No IP storage, no raw user agents, no cross-site tracking. Live.

Static backup QR

Every Pro code ships with a static-QR backup of the destination URL. Prints next to your dynamic code; keeps working even if Abundera disappears. Live.

90-day cancellation grace

Cancel, and your codes keep resolving for 90 days. No overnight deadlinks. Printed material outlives the subscription long enough to react. Live.

Keep-Alive tier

Read-only preservation tiered to your prior plan. KA-Team $10/mo annual, KA-Agency $29/mo annual, KA-Enterprise $149/mo annual (10-year prepay options on each). Codes keep resolving forever; destinations are frozen at the cancel snapshot. No new codes, no team seats, no API. Solo customers downgrade direct to Free; their static-forever codes keep working regardless. Live (Apr 2026).

Multi-seat teams

Business and up. Owner / admin / member roles. Codes scoped to the team, not individual users. 12 seats (Business), 30 seats (Team), 75 seats (Agency), 150 seats (Enterprise). Live.

Hourly analytics granularity

Team and Agency tiers get hour-by-hour breakdowns on top of daily buckets. Useful for campaign-launch visibility. Live.

REST API + rate limits

Bearer-token auth, per-day rate limits (1K / 10K / 50K requests/day by tier), documented at pro.qr.abundera.ai/docs/. Live.

One-click data export

Download a ZIP with codes.csv + scans.csv + README. No lock-in, no "contact us for export." Live.

30-day GDPR hard delete

Permintaan deletion; after a 30-day hold, everything is purged from D1, KV, and backups. Honored on the same 30-day timeline regardless of jurisdiction (subject to applicable retention laws, Stripe records, EU VAT). Live.

Wallet passes

Apple .pkpass and Google Wallet passes for every Pro code. Add-to-wallet link on each code's edit page. Blocked on Apple Developer Program Pass Jenis ID cert and Google Wallet Issuer approval, both in motion.

Kill criterion: if <5% of paid Pro users add at least one code to a wallet in the first 3 months, sunset.

Short-domain (aqr.net)

Shorter printed-code URLs (aqr.net/x/abc123) served by the same redirect worker. Delivery pending domain registrar transfer (ETA 2026-04-20 to 2026-05-05). Main qr.abundera.ai domain stays for SEO and free-tier; aqr.net is print-only.

Kill criterion: if <15% of new Pro codes opt into the short domain within 90 days of launch, hold at beta and reassess.

Signed-QR protocol + verifier library

Anti-quishing: cryptographic signature embedded in the redirect payload, verifiable without a proprietary scanner. Ships as an open protocol spec + an npm verifier package. Consumer mobile scanners come later (see S4).

Kill criterion: if no production integration (internal or partner) is running after 6 months, pause further investment.

Agency channel program

Formal partner agreement for print shops, marketing agencies, and design studios reselling Pro. Reseller discount, co-branded account pages, consolidated billing. Policy and contract work, no new code required.

Kill criterion: if zero signed partners after 90 days, the positioning isn't hitting, rework or drop.

Public status page

Externally hosted uptime + sweeper-heartbeat mirror. Current state: heartbeats write to internal healthchecks; no public reflection. S3 item.

SOC 2 scoping → Jenis I kickoff

Formal engagement with an auditor, gap assessment, policy work. Jenis II is a 6-9 month observation window after Jenis I. We'll share the scoping date publicly when the engagement letter is signed.

Abundera Authenticator (mobile)

iOS + Android native apps. Anchors both the Signed-QR verifier (S3 protocol) and the BYO-server rekey flow. This is a 3-4 month native build; hence S4, not S3.

FIDO-bound dynamic QR

Hardware-attested identity bound to code ownership via a FIDO2 authenticator or passkey. Depends on the Authenticator app landing.

Integrations marketplace

Five opinionated integrations (Slack, Discord, Zapier, Make, Webhook generic). Not a full app store, we'd rather build 5 integrations well than 50 poorly.

Kill criterion: any integration with <10 customer installs after 90 days is removed.

SOC 2 Jenis II observation

Assumes S3 Jenis I ran. Observation window begins in S4; report available 6-9 months later.

Google Analytics / Meta Pixel integration

Integrating third-party trackers would break the privacy guarantee we sell. Export your own scan CSV and correlate it yourself if you need that data, we won't pipe it out.

Self-hosted / on-prem version

The redirect worker is Cloudflare-native (KV hot path + D1 aggregates). Running this on customer infrastructure would mean re-engineering against every hyperscaler, which isn't tenable at our size.

QR beautification marketplace

Custom logos, colors, and frames are already in the free generator. We're not adding a "QR-as-art" skins store, it's a commodity feature other vendors compete on.

AI-generated destination content

Out of scope. We redirect; we don't generate landing pages. This keeps the product simple and the privacy model clean.

Geofenced or time-locked redirects

Tempting, but they'd require storing scanner geolocation, which conflicts with our "country bucket only, no IP" privacy model. Building it would mean rewriting the scan-analytics foundation. Not now.

Contact-sales-only enterprise tier

Enterprise at $1,500/mo annual is self-serve, 85,000 dynamic codes, 10M scans/mo, unmetered static-forever codes on every plan, SSO + SCIM, 99.9% SLA, 10-year analytics retention, click-through MSA. We'd rather show the real price than hide it behind a sales call. Only Enterprise Scale (above the baseline, BAA, FedRAMP, higher limits, custom MSA) routes through sales.

Only dates we'll defend

Every S3/S4 commitment above is something we're willing to miss publicly. If a date slips, this page is updated with the slip and the reason, not deleted.

Kill criteria, not just dreams

Every new feature has a kill criterion (stated inline). If a feature doesn't hit it, it's retired, we don't carry zombie features. This page shows what survived.

Not the same as marketing copy

Features listed as "live" are verified against the codebase. We will not advertise a feature that isn't dihantar. If you see something on the landing page, you can use it today.