More secure API keys
For added security we have stopped storing full access keys on our servers. This means when you generate a new key you should store it somewhere safe immediately. This is the only time we can show it to you and it can't be retrieved later.
- All API users are encouraged to regenerate existing keys to take advantage of the new measure.
- Export keys are still stored on our servers. They are read-only and so pose very minimal damage in the wrong hands.
Multiple email addresses
We've improved the mechanism for changing your registered email address. The new process is similar to many sites where you add multiple addresses and choose which to make your primary contact. You can use any of your addresses to sign into Loco.
Improved email privacy
As part of our ongoing commitment to a "privacy by default" approach, some changes have been made to safe-guard email addresses that may have been given to us by someone other than their owner.
If you register for Loco (or if someone invites you) we will not store your email address until you activate your account and have the chance to read our privacy policy.
This avoids any possibility that we're storing your email address without your express permission. The only email addresses stored on our servers will belong to verified Loco account holders who have consented to our storing of their data.
You will only notice this feature if you add someone to your project by giving us their email address. You will see that the email is not known to us until they activate their account. We send them an invite, and that is all we do with their data until they have an account of their own.
Self-service account closure
You can now initiate account closure from the user interface.
This begins by immediately disabling your login and unsubscribing you from email notifications. We then begin a full data scrubbing process as outlined here.