{
  "product": "Tiếng Thái Yanisa",
  "domain": "thai2viet.com",
  "scope": "Learner web app, learner mobile app, admin web console",
  "lastUpdated": "2026-05-27",
  "publicLegalUrls": [
    { "label": "Privacy Policy", "paths": ["/privacy", "/vi/privacy", "/th/privacy", "/en/privacy"] },
    { "label": "Terms of Use", "paths": ["/terms", "/vi/terms", "/th/terms", "/en/terms"] },
    { "label": "Account Deletion", "paths": ["/account-deletion", "/vi/account-deletion", "/th/account-deletion", "/en/account-deletion"] },
    { "label": "Contact Support", "paths": ["/contact", "/vi/contact", "/th/contact", "/en/contact"] }
  ],
  "adminEvidenceEndpoints": [
    { "label": "Payment requests", "method": "GET", "path": "/api/admin/payments", "access": "admin" },
    { "label": "Payment provider events", "method": "GET", "path": "/api/admin/payment-events", "access": "admin" },
    { "label": "Client errors", "method": "GET", "path": "/api/admin/client-errors", "access": "admin" },
    { "label": "Account deletion requests", "method": "GET", "path": "/api/admin/account-deletion-requests", "access": "admin" },
    { "label": "Health check", "method": "GET", "path": "/api/health", "access": "public" },
    { "label": "Mobile billing readiness", "method": "GET", "path": "/api/mobile/billing/readiness", "access": "public-no-store" }
  ],
  "requestEndpoints": [
    { "label": "Submit account deletion request", "method": "POST", "path": "/api/account-deletion/request", "access": "logged-in user" },
    { "label": "Review account deletion request", "method": "POST", "path": "/api/admin/account-deletion-requests/:id/review", "access": "admin" }
  ],
  "storePolicyControls": [
    "Mobile app is learner-only; admin console remains web-only.",
    "Manual QR payment remains web-only and is hidden in native app context.",
    "Paid digital access inside Android/iOS must use Google Play Billing or Apple In-App Purchase.",
    "Account deletion is available from public legal links and in-product account flow.",
    "Client error logging stores sanitized production diagnostics with app platform and version context."
  ],
  "releaseBlockersToResolveOutsideSourceControl": [
    "Set PUBLIC_API_BASE_URL to the production HTTPS origin.",
    "Install JDK 17 or newer and set JAVA_HOME.",
    "Create android/keystore.properties from the example and keep the keystore/private passwords out of git.",
    "Enable real Apple/Google receipt validation before app subscription purchases go live."
  ],
  "downloadableEvidence": [
    "/audit/legal-compliance-pack.txt",
    "/audit/store-release-checklist.txt",
    "/audit/audit-index.json",
    "/audit/preproduction-local-check.txt",
    "/audit/production-readiness-report.txt"
  ]
}