Solidifying the foundation — editable legal texts, one consistent voice in every email, and a safety net that tests like a human

Solidifying the foundation — editable legal texts, one consistent voice in every email, and a safety net that tests like a human

rechttransparenzdatenschutze-mailqualitättestingzuverlässigkeitalpha
Fiction

Solidifying the foundation — editable legal texts, one consistent voice in every email, and a safety net that tests like a human

A lighthouse on a rocky coast — a symbol for a foundation that still holds even when the sea gets rough Photo: Rich Martello on Unsplash

The last few weeks had one big, visible theme: OutaStory got personal. A homepage that learns as you go; a profile that actually means something; an insights layer for authors. That was the half above the waterline — the part you see and click on. The last few days revolved around the other half, the one you ideally never notice because it simply holds everything up: the foundation.

Foundation sounds unspectacular, and that's exactly the point. A platform that offers stories to people of every age, that manages accounts, sends emails, and that people entrust with their data doesn't live off the next shiny feature — it lives off the invisible things being right: the legal texts being current and understandable, every email looking like it belongs to the same platform, a published story actually appearing — and someone checking all of that before it reaches you. That's exactly what this phase was about, across three threads: legal texts that live, one voice in every email, and a safety net that tests like a human.

A hand signing a document with a pen — a symbol for legal texts that aren't cast in code but deliberately maintained Photo: Haim Charbit on Unsplash

Legal texts are the fine print nobody wants to write and everyone needs: terms of use, privacy notice, imprint, right-of-withdrawal notice, cookie notice, the terms for authors, the contest rules. Until now, these texts lived as hard-wired pages in the code. That works, but it has two problems: even the smallest correction to a comma needs a developer release, and there's no history — no answer to the question "what exactly did the terms say on day X, when I agreed to them?"

That's why the legal pages moved to their own lean editorial system during this phase. That sounds bigger than it is, and concretely means three things:

First: editable in one place. All thirteen legal pages can now be maintained through a protected admin interface, in Markdown, without a code release. A typo fix is a matter of minutes, not a deploy cycle.

Second: versioned and dated. Every published revision is stored as an immutable, dated version. When the terms of use change, the old version remains preserved and traceable — the platform can prove at any time which version was valid when. The public page always shows the most recently published version along with its publish date; a draft revision can be prepared calmly and only published once it's finished.

Third: bilingual, with the German version as the authoritative one. OutaStory is a German platform, and the German version is the legally authoritative one. The English translation is generated AI-assisted from the German text — as a clearly marked draft that's proofread before publication. That keeps both language versions in sync without every change having to be typed twice by hand.

In parallel, the privacy notice was reorganized. A single, all-encompassing privacy page is hard to read for anyone — a visitor who's just browsing has entirely different questions than a member with an account or an author who publishes and earns revenue share. That's why there are now three clearly separated privacy notices: one for website visitors, one for members, and one for authors. Each notice addresses exactly the data processing relevant to that role — what's collected, why, for how long, and who it goes to. Less wall of text, more "this is about me".

This isn't glamorous work. But it fits the project's underlying attitude: get more personal without getting opaque. Anyone who entrusts us with data should be able to read, in an understandable place, what happens to it — and should be able to trust that this text is maintained and current.

One voice in every email

Opened envelopes — a symbol for messages that come from one hand and look the same everywhere Photo: Sue Hughes on Unsplash

OutaStory sends more emails than you might think at first glance. There's the newsletter (the daily story of the day and the weekly recap). There are notifications — someone commented on your story, a new episode has appeared, you have a new follower. There are transactional messages around account and revenue share. And there are operational notices running in the background.

These emails were built at different times over the course of months — and looked correspondingly different. Some carried the full, carefully designed newsletter look with logo, header, and footer; others were plainer, almost bare text. For the recipient, this creates a quiet but uncomfortable impression: Does this actually come from the same platform? An email that looks different from the others quickly feels less trustworthy — sometimes even like spam.

That's why, during this phase, every automatically sent email was lifted onto the same, maintained design: the same MJML template the newsletter already uses, with the same logo, the same header and footer area, the same spacing and colors. A notification about a new comment now looks like a little sibling of the newsletter — unmistakably OutaStory, unmistakably from one hand. There's exactly one deliberate exception, a rare, festive announcement email that's intentionally kept distinct.

This is detail work you barely notice individually — but in aggregate it makes the difference between "a thrown-together collection of services" and "a platform with one voice". And trust is built from exactly this kind of aggregate.

A safety net that tests like a human

A green climbing safety rope in focus — a symbol for a net that catches a fall without you ever seeing it in everyday use Photo: Brook Anderson on Unsplash

The third and biggest thread was a piece of infrastructure you'll ideally never see — and precisely because of that, it's so important. OutaStory has had thousands of automated tests for months now that check, after every change, whether the individual building blocks work on their own. That's good and indispensable, but it checks the parts, not the whole. What these tests don't answer: Does the real, assembled, running platform work — the way a human actually uses it?

That's why a second, new test layer was built during this phase: an automatic end-to-end safety net that runs through the live, running platform in a real browser — not a lab replica, but the very same site you see. It logs in like a real user, browses the homepage, opens stories, flips through chapters, writes and answers comments, gives ratings, follows authors, creates a draft, publishes a story and deletes it again, visits the help pages, search, dark and light mode, the language switcher — and works its way through every admin and moderation surface. In short: it walks the same path as a reader, an author, and an administrator, one after another, over and over.

Three things mattered here in particular and took their own work:

It must stay invisible to you. Everything this net creates along the way — test comments, test stories — is clearly marked, invisible to real users, and reliably removed again in full after every run. A real reader never sees any of it.

It never touches anything dangerous. Anything that can't be undone — real payments, sending the newsletter, locking accounts — is only tested by the net up to just before the irreversible click, then it stops. It tests that the path works without ever actually triggering it.

It can't accidentally start running. The whole thing is double- and triple-secured so it only runs against production when a human deliberately triggers it — never automatically, never as a side effect.

The point of this is simple: problems that arise between building blocks — where the interplay breaks down even though each part is correct on its own — fall through the cracks of conventional tests. This net is meant to catch exactly that kind of problem before it reaches you. It's the sort of investment that never shows up in a flashy feature and still makes the difference between an app that feels solid and one that creaks at the seams.

Hundreds of small edges smoothed

Alongside these three big threads ran what runs in every phase: the patient smoothing of small edges. Layouts that didn't sit quite perfectly at unusual screen sizes; flows that were a notch too slow; places where the arrangement on a page could be more logical. None of this is a headline on its own — but in aggregate it's the difference between "works" and "feels good". And a good safety net helps exactly with that: it shows these edges before someone else trips over them.

Numbers, for the record

  • Pull requests: around 25 in the days since the last blog post — focused on foundation rather than new surface area.
  • Main topics: editable, versioned, bilingual legal-text system for all thirteen legal pages; privacy notice split into three role-specific statements; unified email design across all automated messages; an automatic end-to-end safety net against the running platform; a lot of quiet edge-smoothing.
  • Catalog: unchanged and broad — the thousands of public-domain classics and the personalized homepage from the previous weeks are live and stable.
  • Tests: still in the high three-thousands of green unit tests, now supplemented by the new end-to-end layer against the real platform.

What's next

  • Evaluate the safety net — the most exciting ongoing work: run the new end-to-end net regularly and translate every finding into a concrete improvement.
  • Fine-tune legal texts — now that they can be maintained in one place, a calm reading pass through all thirteen pages, for clarity rather than just correctness.
  • Sharpen personalization — the recommendation rails get better the more real reading history accumulates.
  • Turn on minor protection — the age engine is built and still waits for our data protection officer to approve the verification method.
  • App.Shared Razor Pages tests — the last red coverage entry, still ongoing in weekly waves.

This phase felt different from the weeks before — less visible, but more reassuring. It's the difference between "the platform can do more now" and "the platform holds more now". If anything catches your eye while browsing, reading, or publishing that doesn't feel solid — a page that looks off, an email that doesn't match, a story that doesn't appear the way you published it —, let me know. Exactly these kinds of cracks in the foundation are what I want to find, while the net still holds.


Comments (0)

No comments yet.


Leave a comment

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.