Public roadmap

Native iOS and Android apps reached parity with the web dashboard through Phase 11 (waves A–I): full create / edit / archive flows, deep-link previews, push notifications via FCM/APNs, biometric unlock, and an offline-first link inbox that syncs when the device comes back online. OAuth2 PKCE against Ory Hydra means no long-lived tokens live on the device.

Home-screen widgets ship on both platforms. The Android widget supports a tap-to-shorten launcher and a 7-day clicks sparkline; the iOS widget shows the same data read-only — the write-back path via the App Group bridge is still in flight and is the only Phase 11 item not yet closed.

Phase 12's P3 security wave landed end-to-end: DKIM and DMARC enforcement on every outbound transactional sender, a tamper-evident hash-chained audit log, session-hijack defense (device-fingerprint binding + step-up auth on geo-anomaly), and List-Unsubscribe one-click compliance for bulk mail.

Auxiliary work in the same wave covered API-key rate limiting per scope, webhook secret rotation with overlapping validity windows, bounce-and-suppression hygiene, and the email-reputation feedback loop with Postmaster Tools. Full breakdown lives in the changelog under the P3.A and P3.B headings.

Manifest V3 extension shipped to the Chrome Web Store and Firefox Add-ons. Click the icon, paste a URL, get a short link on the clipboard; right-click any link or highlighted URL to shorten in place. OAuth2 PKCE against Hydra means no long-lived API tokens ever touch extension storage, and the icon badge shows a live click count on the most recently created link.

The source lives in apps/extension/, builds through the standard turbo pipeline, and ships in all ten Elido locales end-to-end.

A suite of free, no-signup tools under /tools — UTM builder, Open Graph preview, QR generator, and a redirect-chain link checker. Each one runs client-side where it can, has its own indexable landing page in all ten locales, and surfaces a contextual upsell to the main product only at the end of the flow.

These are pure SEO and top-of-funnel plays — there's no rate limit, no email gate, and no dark patterns. The goal is to be the first answer for "free UTM builder" and similar long-tail queries, then earn the dashboard sign-up.

A unified GraphQL gateway is up and running at services/graphql-gateway, federating links, analytics, billing, and team data behind a single schema. Internal services already consume it; the public schema is feature-complete but the developer-facing docs, persisted-query allowlist, and rate-limit cost model still need a pass before we open it to external apps.

Beta access is gated to a handful of design partners while we finalize the cost-budget shape. Public docs and a self-serve beta opt-in are the remaining work.

Phase 12.E.6 adds first-class microsites for digital product sellers — a single Elido-hosted page that bundles a paid PDF / video / template behind a short URL, with built-in checkout via LiqPay or Stripe, post-purchase delivery, and download-link expiry. Think Gumroad meets Bitly, hosted on the same edge as your branded short links.

Targets indie creators and small EU studios who want one EU-hosted, GDPR-clean surface for product launches without stitching three SaaS together. Will share auth, billing, and analytics with the rest of Elido.

Phase 12.E.4 brings outbound SMS campaigns to the marketing tooling — schedule a one-to-many SMS blast, swap in personalised short links per recipient, and measure click-through alongside the rest of the campaign analytics. Twilio is the default provider; the abstraction layer leaves room for Vonage / Plivo / MessageBird later.

Designed for short-form retail and event flows where email open-rate has collapsed but SMS still drives action. Opt-in tracking, STOP-keyword handling, and per-country sender-ID rules are part of the core scope, not an afterthought.

Phase 12.E.5 ships link galleries — public, indexable showcase pages where a team can publish a curated set of short links with descriptions, cover images, and OG previews. Different from a bio page: a gallery is a one-to-many catalogue (e.g. "all our 2026 webinars", "press kit downloads"), with its own slug under a custom domain and full search.

Pair with the existing custom-domain stack and white-label theming so an agency can stand one up on links.client.com in minutes.

First-class machine users (a.k.a. service accounts) sit alongside human team members in the workspace — scoped API keys, fine-grained RBAC, no email or login flow, and auditable token rotation. The motivation: today, automating Elido from a CI pipeline or backend service either burns a real seat or shares a single workspace token; both are operationally noisy.

Will integrate with the existing audit log, SCIM provisioning surface, and per-key rate limiter so customers can hand a service account to one team or one tenant without leaking access to the rest of the workspace.