Merge branch 'main' of ssh://gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-core

fix(pitch-deck): include fm_scenarios in preview-data API response
The admin preview was not returning fm_scenarios/fm_assumptions, so preferredScenarioId was always null and all financial slides fell back to Base Case (1M) instead of the version's scenario. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-17 08:36:07 +02:00 · 2026-04-17 08:35:22 +02:00 · 2026-04-17 08:35:12 +02:00 · 2026-04-17 08:16:19 +02:00 · 2026-04-17 08:15:13 +02:00 · 2026-04-17 08:10:18 +02:00
82 changed files with 6019 additions and 1219 deletions
@@ -0,0 +1,227 @@
+# AGENTS.go.md — Go Agent Rules
+
+Applies to: `ai-compliance-sdk/` (Go/Gin service)
+
+---
+
+## NON-NEGOTIABLE: Pre-Push Checklist
+
+**BEFORE every `git push`, run ALL of the following from the module root. A single failure blocks the push.**
+
+```bash
+# 1. Format (gofmt is non-negotiable — unformatted code fails CI)
+gofmt -l . | grep -q . && echo "FORMATTING ERRORS — run: gofmt -w ." && exit 1 || true
+
+# 2. Vet (catches suspicious code that compiles but is likely wrong)
+go vet ./...
+
+# 3. Lint (golangci-lint aggregates 50+ linters — the de-facto standard)
+golangci-lint run --timeout=5m ./...
+
+# 4. Tests with race detector
+go test -race -count=1 ./...
+
+# 5. Build verification (catches import errors, missing implementations)
+go build ./...
+```
+
+**One-liner pre-push gate:**
+```bash
+gofmt -l . | grep -q . && exit 1; go vet ./... && golangci-lint run --timeout=5m && go test -race -count=1 ./... && go build ./...
+```
+
+### Why each check matters
+
+| Check | Catches | Time |
+|-------|---------|------|
+| `gofmt` | Formatting violations (CI rejects unformatted code) | <1s |
+| `go vet` | Printf format mismatches, unreachable code, shadowed vars | <5s |
+| `golangci-lint` | 50+ static analysis checks (errcheck, staticcheck, etc.) | 10-30s |
+| `go test -race` | Race conditions (invisible without this flag) | 10-60s |
+| `go build` | Import errors, interface mismatches | <5s |
+
+---
+
+## golangci-lint Configuration
+
+Config lives in `.golangci.yml` at the repo root. Minimum required linters:
+
+```yaml
+linters:
+  enable:
+    - errcheck       # unchecked errors are bugs
+    - gosimple       # code simplification
+    - govet          # go vet findings
+    - ineffassign    # useless assignments
+    - staticcheck    # advanced static analysis (SA*, S*, QF*)
+    - unused         # unused code
+    - gofmt          # formatting
+    - goimports      # import organization
+    - gocritic       # opinionated style checks
+    - noctx          # HTTP requests without context
+    - bodyclose      # unclosed HTTP response bodies
+    - exhaustive     # exhaustive switch on enums
+    - wrapcheck      # errors from external packages must be wrapped
+
+linters-settings:
+  errcheck:
+    check-blank: true    # blank identifier for errors is a bug
+  govet:
+    enable-all: true
+
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+```
+
+**Never suppress with `//nolint:` without a comment explaining why it's safe.**
+
+---
+
+## Code Structure (Hexagonal Architecture)
+
+```
+ai-compliance-sdk/
+├── cmd/
+│   └── server/main.go        # thin: parse flags, wire deps, call app.Run()
+├── internal/
+│   ├── app/                  # dependency wiring
+│   ├── domain/               # pure business logic, no framework deps
+│   ├── ports/                # interfaces (repositories, external services)
+│   ├── adapters/
+│   │   ├── http/             # Gin handlers (≤30 LOC per handler)
+│   │   ├── postgres/         # DB adapters implementing ports
+│   │   └── external/         # third-party API clients
+│   └── services/             # orchestration between domain + ports
+└── pkg/                      # exported, reusable packages
+```
+
+**Handler constraint — max 30 lines per handler:**
+```go
+func (h *RiskHandler) GetRisk(c *gin.Context) {
+    id, err := uuid.Parse(c.Param("id"))
+    if err != nil {
+        c.JSON(http.StatusBadRequest, gin.H{"error": "invalid id"})
+        return
+    }
+    risk, err := h.service.Get(c.Request.Context(), id)
+    if err != nil {
+        h.handleError(c, err)
+        return
+    }
+    c.JSON(http.StatusOK, risk)
+}
+```
+
+---
+
+## Error Handling
+
+```go
+// REQUIRED: wrap errors with context
+if err != nil {
+    return fmt.Errorf("get risk %s: %w", id, err)
+}
+
+// REQUIRED: define sentinel errors in domain package
+var ErrNotFound = errors.New("not found")
+var ErrUnauthorized = errors.New("unauthorized")
+
+// REQUIRED: check errors — never use _ for error returns
+result, err := service.Do(ctx, input)
+if err != nil {
+    // handle it
+}
+```
+
+**`errcheck` linter enforces this — zero tolerance for unchecked errors.**
+
+---
+
+## Testing Requirements
+
+```
+internal/
+├── domain/
+│   ├── risk.go
+│   └── risk_test.go          # unit: pure functions, no I/O
+├── adapters/
+│   ├── http/
+│   │   ├── handler.go
+│   │   └── handler_test.go   # httptest-based, mock service
+│   └── postgres/
+│       ├── repo.go
+│       └── repo_test.go      # integration: testcontainers or real DB
+```
+
+**Test naming convention:**
+```go
+func TestRiskService_Get_ReturnsRisk(t *testing.T) {}
+func TestRiskService_Get_NotFound_ReturnsError(t *testing.T) {}
+func TestRiskService_Get_DBError_WrapsError(t *testing.T) {}
+```
+
+**Table-driven tests are mandatory for functions with multiple cases:**
+```go
+func TestValidateInput(t *testing.T) {
+    tests := []struct {
+        name    string
+        input   string
+        wantErr bool
+    }{
+        {"valid", "ok", false},
+        {"empty", "", true},
+        {"too long", strings.Repeat("x", 300), true},
+    }
+    for _, tt := range tests {
+        t.Run(tt.name, func(t *testing.T) {
+            err := validateInput(tt.input)
+            if (err != nil) != tt.wantErr {
+                t.Errorf("got err=%v, wantErr=%v", err, tt.wantErr)
+            }
+        })
+    }
+}
+```
+
+```bash
+# Pre-push: unit tests only (fast)
+go test -race -count=1 -run "^TestUnit" ./...
+
+# CI: all tests
+go test -race -count=1 -coverprofile=coverage.out ./...
+go tool cover -func=coverage.out | grep total
+```
+
+---
+
+## Context Propagation
+
+Every function that does I/O (DB, HTTP, file) **must** accept and pass `context.Context` as the first argument:
+
+```go
+// REQUIRED
+func (r *RiskRepo) Get(ctx context.Context, id uuid.UUID) (*Risk, error) {
+    return r.db.QueryRowContext(ctx, query, id).Scan(...)
+}
+
+// FORBIDDEN — no context
+func (r *RiskRepo) Get(id uuid.UUID) (*Risk, error) { ... }
+```
+
+`noctx` linter enforces HTTP client context. Manual review required for DB calls.
+
+---
+
+## Common Pitfalls That Break CI
+
+| Pitfall | Prevention |
+|---------|------------|
+| Unformatted code | `gofmt -w .` before commit |
+| Unchecked error return from `rows.Close()` / `resp.Body.Close()` | `errcheck` + `bodyclose` linters |
+| Goroutine leak (goroutine started but never stopped) | `-race` test flag |
+| Shadowed `err` variable in nested scope | `govet -shadow` |
+| HTTP response body not closed | `bodyclose` linter |
+| `interface{}` instead of `any` (Go 1.18+) | `gocritic` |
+| Missing context on DB/HTTP calls | `noctx` linter |
+| Returning concrete type from constructor instead of interface | breaks testability |
@@ -0,0 +1,157 @@
+# AGENTS.python.md — Python Agent Rules
+
+Applies to: `backend-compliance/`, `ai-compliance-sdk/` (Python path), `compliance-tts-service/`, `document-crawler/`, `dsms-gateway/` (Python services)
+
+---
+
+## NON-NEGOTIABLE: Pre-Push Checklist
+
+**BEFORE every `git push`, run ALL of the following from the service directory. A single failure blocks the push.**
+
+```bash
+# 1. Fast lint (Ruff — catches syntax errors, unused imports, style violations)
+ruff check .
+
+# 2. Auto-fix safe issues, then re-check
+ruff check --fix . && ruff check .
+
+# 3. Type checking (mypy strict on new modules, standard on legacy)
+mypy . --ignore-missing-imports --no-error-summary
+
+# 4. Unit tests only (fast, no external deps)
+pytest tests/unit/ -x -q --no-header
+
+# 5. Verify the service starts (catches import errors, missing env vars with defaults)
+python -c "import app" 2>/dev/null || python -c "import main" 2>/dev/null || true
+```
+
+**One-liner pre-push gate (run from service root):**
+```bash
+ruff check . && mypy . --ignore-missing-imports --no-error-summary && pytest tests/ -x -q --no-header
+```
+
+### Why each check matters
+
+| Check | Catches | Time |
+|-------|---------|------|
+| `ruff check` | Syntax errors, unused imports, undefined names | <2s |
+| `mypy` | Type mismatches, wrong argument types | 5-15s |
+| `pytest -x` | Logic errors, regressions | 10-60s |
+| import check | Missing packages, circular imports | <1s |
+
+---
+
+## Code Style (Ruff)
+
+Config lives in `pyproject.toml`. Do **not** add per-file `# noqa` suppressions without a comment explaining why.
+
+```toml
+[tool.ruff]
+line-length = 100
+target-version = "py311"
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "I", "N", "UP", "B", "C4", "SIM", "TCH"]
+ignore = ["E501"]  # line length handled by formatter
+
+[tool.ruff.lint.per-file-ignores]
+"tests/*" = ["S101"]  # assert is fine in tests
+```
+
+**Blocked patterns:**
+- `from module import *` — always name imports explicitly
+- Bare `except:` — use `except Exception as e:` at minimum
+- `print()` in production code — use `logger`
+- Mutable default arguments: `def f(x=[])` → `def f(x=None)`
+
+---
+
+## Type Annotations
+
+All new functions **must** have complete type annotations. Use `from __future__ import annotations` for forward references.
+
+```python
+# Required
+async def get_tenant(tenant_id: str, db: AsyncSession) -> TenantModel | None:
+    ...
+
+# Required for complex types
+from typing import Sequence
+def list_risks(filters: dict[str, str]) -> Sequence[RiskModel]:
+    ...
+```
+
+**Mypy rules:**
+- `--disallow-untyped-defs` on new files
+- `--strict` on new modules (not legacy)
+- Never use `type: ignore` without a comment
+
+---
+
+## FastAPI-Specific Rules
+
+```python
+# Handlers stay thin — delegate to service layer
+@router.get("/risks/{risk_id}", response_model=RiskResponse)
+async def get_risk(risk_id: UUID, service: RiskService = Depends(get_risk_service)):
+    return await service.get(risk_id)   # ≤5 lines per handler
+
+# Always use response_model — never return raw dicts from endpoints
+# Always validate input with Pydantic — no manual dict parsing
+# Use HTTPException with specific status codes, never bare 500
+```
+
+---
+
+## Testing Requirements
+
+```
+tests/
+├── unit/          # Pure logic tests, no DB/HTTP (run on every push)
+├── integration/   # Requires running services (run in CI only)
+└── contracts/     # OpenAPI snapshot tests (run on API changes)
+```
+
+**Unit test requirements:**
+- Every new function → at least one happy-path test
+- Every bug fix → regression test that would have caught it
+- Mock all I/O: DB calls, HTTP calls, filesystem reads
+
+```bash
+# Run unit tests only (fast, for pre-push)
+pytest tests/unit/ -x -q
+
+# Run with coverage (for CI)
+pytest tests/ --cov=. --cov-report=term-missing --cov-fail-under=70
+```
+
+---
+
+## Dependency Management
+
+```bash
+# Check new package license before adding
+pip show <package> | grep -E "License|Home-page"
+
+# After adding to requirements.txt — verify no GPL/AGPL
+pip-licenses --fail-on="GPL;AGPL" 2>/dev/null || echo "Check licenses manually"
+```
+
+**Never add:**
+- GPL/AGPL licensed packages
+- Packages with known CVEs (`pip audit`)
+- Packages that only exist for dev (`pytest`, `ruff`) to production requirements
+
+---
+
+## Common Pitfalls That Break CI
+
+| Pitfall | Prevention |
+|---------|------------|
+| `const x = ...` inside dict literal (wrong language!) | Run ruff before push |
+| Pydantic v1 syntax in v2 project | Use `model_config`, not `class Config` |
+| Sync function called inside async without `run_in_executor` | mypy + async linter |
+| Missing `await` on coroutine | mypy catches this |
+| `datetime.utcnow()` (deprecated) | Use `datetime.now(timezone.utc)` |
+| Bare `except:` swallowing errors silently | ruff B001/E722 catches this |
+| Unused imports left in committed code | ruff F401 catches this |
@@ -0,0 +1,186 @@
+# AGENTS.typescript.md — TypeScript/Next.js Agent Rules
+
+Applies to: `pitch-deck/`, `admin-v2/` (Next.js apps in this repo)
+
+---
+
+## NON-NEGOTIABLE: Pre-Push Checklist
+
+**BEFORE every `git push`, run ALL of the following from the Next.js app directory. A single failure blocks the push.**
+
+```bash
+# 1. Type check (catches the class of bug that broke ChatFAB.tsx — const inside object)
+npx tsc --noEmit
+
+# 2. Lint (ESLint with TypeScript-aware rules)
+npm run lint
+
+# 3. Production build (THE most important check — passes lint/types but still fails build)
+npm run build
+```
+
+**One-liner pre-push gate:**
+```bash
+npx tsc --noEmit && npm run lint && npm run build
+```
+
+> **Why `npm run build` is mandatory:** Next.js performs additional checks during build (server component boundaries, missing env vars referenced in code, RSC/client component violations) that `tsc` and ESLint alone do not catch. The ChatFAB syntax error (`const` inside object literal) is exactly the kind of error caught only by build.
+
+### Why each check matters
+
+| Check | Catches | Time |
+|-------|---------|------|
+| `tsc --noEmit` | Type errors, wrong prop types, missing members | 5-20s |
+| `eslint` | React hooks rules, import order, unused vars | 5-15s |
+| `next build` | Server/client boundary violations, missing deps, syntax errors in JSX, env var issues | 30-120s |
+
+---
+
+## TypeScript Configuration
+
+`tsconfig.json` must have strict mode enabled:
+
+```json
+{
+  "compilerOptions": {
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noUncheckedIndexedAccess": true,
+    "exactOptionalPropertyTypes": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true
+  }
+}
+```
+
+**Never use `// @ts-ignore` or `// @ts-expect-error` without a comment explaining why it's unavoidable.**
+
+---
+
+## ESLint Configuration
+
+```json
+{
+  "extends": [
+    "next/core-web-vitals",
+    "plugin:@typescript-eslint/recommended-type-checked"
+  ],
+  "rules": {
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/no-unused-vars": "error",
+    "@typescript-eslint/no-floating-promises": "error",
+    "@typescript-eslint/await-thenable": "error",
+    "react-hooks/exhaustive-deps": "error",
+    "no-console": "warn"
+  }
+}
+```
+
+**`@typescript-eslint/no-floating-promises`** — catches `await`-less async calls that silently swallow errors.
+**`react-hooks/exhaustive-deps`** — catches missing deps in `useEffect`/`useCallback` (source of stale closure bugs).
+
+---
+
+## Next.js 15 Rules (App Router)
+
+### Server vs Client boundary
+
+```typescript
+// Server Component (default) — no 'use client' needed
+// Can: fetch data, access DB, read env vars, import server-only packages
+async function Page() {
+  const data = await fetchData()  // direct async/await
+  return <ClientComponent data={data} />
+}
+
+// Client Component — must have 'use client' at top
+'use client'
+// Can: use hooks, handle events, access browser APIs
+// Cannot: import server-only packages (nodemailer, fs, db pool)
+```
+
+**Common violation:** Importing `lib/email.ts` (which imports nodemailer) from a client component → use `lib/email-templates.ts` instead.
+
+### Route Handler typing
+
+```typescript
+// Always type request and use NextResponse
+export async function GET(request: Request): Promise<NextResponse> {
+  const { searchParams } = new URL(request.url)
+  return NextResponse.json({ data })
+}
+```
+
+### Environment variables
+
+```typescript
+// Server-only env vars: access directly
+const secret = process.env.PITCH_ADMIN_SECRET  // fine in server components
+
+// Client env vars: must be prefixed NEXT_PUBLIC_
+const url = process.env.NEXT_PUBLIC_API_URL  // accessible in browser
+
+// Never access server-only env vars in 'use client' components
+```
+
+---
+
+## Component Architecture
+
+```
+app/
+├── (route-group)/
+│   ├── page.tsx           # Server Component — data fetching
+│   └── _components/       # Colocated components for this route
+│       ├── ClientThing.tsx  # 'use client' when needed
+│       └── ServerThing.tsx  # Server by default
+components/
+│   └── ui/               # Shared presentational components
+lib/
+│   ├── server-only-module.ts  # import 'server-only' at top
+│   └── shared-module.ts       # safe for both server and client
+```
+
+**Rules:**
+- Push `'use client'` boundary as deep as possible (toward leaves)
+- Never import server-only modules from client components
+- Colocate `_components/` and `_hooks/` per route when they're route-specific
+
+---
+
+## Testing Requirements
+
+```bash
+# Type check (fastest, run first)
+npx tsc --noEmit
+
+# Unit tests (Vitest)
+npx vitest run
+
+# E2E tests (Playwright — CI only, requires running server)
+npx playwright test
+```
+
+**Test every:**
+- Custom hook (`usePresenterMode`, `useSlideNavigation`)
+- Utility function (`lib/auth.ts` helpers, `lib/email-templates.ts`)
+- API route handler (mock DB, assert response shape)
+
+---
+
+## Common Pitfalls That Break CI
+
+| Pitfall | Prevention |
+|---------|------------|
+| `const x = ...` inside object literal | `tsc --noEmit` + `npm run build` |
+| Server-only import in client component | `import 'server-only'` guard + ESLint |
+| Missing `await` on async function call | `@typescript-eslint/no-floating-promises` |
+| `useEffect` with missing dependency | `react-hooks/exhaustive-deps` error |
+| `any` type hiding type errors | `@typescript-eslint/no-explicit-any` error |
+| Unused variable left after refactor | `noUnusedLocals` in tsconfig |
+| `process.env.SECRET` in client component | Next.js build error |
+| Forgetting `export default` on page component | Next.js build error |
+| Calling server action from server component | must use route handler instead |
+| `jose` full import in Edge Runtime | Use specific subpath: `jose/jwt/verify` |
@@ -287,6 +287,37 @@ git push origin main && git push gitea main

 ---

+## Pre-Push Checks (PFLICHT — VOR JEDEM PUSH)
+
+> Full detail: `.claude/rules/pre-push-checks.md` | Stack rules: `AGENTS.python.md`, `AGENTS.go.md`, `AGENTS.typescript.md`
+
+**NIEMALS pushen ohne diese Checks. CI-Failures blockieren das gesamte Deploy.**
+
+### Python (backend-core, rag-service, embedding-service, control-pipeline)
+
+```bash
+cd <service-dir>
+ruff check . && mypy . --ignore-missing-imports --no-error-summary && pytest tests/ -x -q --no-header
+```
+
+### Go (consent-service, billing-service)
+
+```bash
+cd <service-dir>
+gofmt -l . | grep -q . && exit 1; go vet ./... && golangci-lint run --timeout=5m && go test -race ./... && go build ./...
+```
+
+### TypeScript/Next.js (pitch-deck, admin-v2)
+
+```bash
+cd pitch-deck   # or admin-v2
+npx tsc --noEmit && npm run lint && npm run build
+```
+
+> `npm run build` ist PFLICHT — `tsc` allein reicht nicht. Syntax-Fehler wie `const` inside object literal werden nur vom Build gefangen.
+
+---
+
 ## Kernprinzipien

 ### 1. Open Source Policy
@@ -0,0 +1,74 @@
+# Pre-Push Checks (MANDATORY)
+
+## Rule
+
+**NEVER push to any remote without first running and confirming ALL checks pass for every changed language stack.**
+
+This rule exists because CI failures break the deploy pipeline for everyone and waste ~5 minutes per failed build. A 60-second local check prevents that.
+
+---
+
+## Quick Reference by Stack
+
+### Python (backend-compliance, ai-compliance-sdk, compliance-tts-service)
+
+```bash
+cd <service-dir>
+ruff check . && mypy . --ignore-missing-imports --no-error-summary && pytest tests/ -x -q --no-header
+```
+
+Blocks on: syntax errors, type errors, failing tests.
+
+### Go (ai-compliance-sdk Go path)
+
+```bash
+cd <service-dir>
+gofmt -l . | grep -q . && exit 1; go vet ./... && golangci-lint run --timeout=5m && go test -race ./... && go build ./...
+```
+
+Blocks on: formatting, vet findings, lint violations, test failures, build errors.
+
+### TypeScript/Next.js (admin-compliance, developer-portal)
+
+```bash
+cd <nextjs-app-dir>
+npx tsc --noEmit && npm run lint && npm run build
+```
+
+Blocks on: type errors, lint violations, **build failures**.
+
+> `npm run build` is mandatory — `tsc` passes but `next build` fails more often than you'd expect (server/client boundary violations, env var issues, JSX syntax errors).
+
+---
+
+## What Claude Must Do Before Every Push
+
+1. Identify which services/apps were changed in this task
+2. Run the appropriate gate command(s) from the table above
+3. If any check fails: fix it, re-run, confirm green
+4. Only then run `git push origin main`
+
+**No exceptions.** A push that skips pre-push checks and breaks CI is worse than a delayed push.
+
+---
+
+## CI vs Local Checks
+
+| Stage | Where | What |
+|-------|-------|------|
+| Pre-push (local) | Claude runs | Lint + type check + unit tests + build |
+| CI (Gitea Actions) | Automatic on push | Same + integration tests + contract tests |
+| Deploy (Coolify) | Automatic after CI | Docker build + health check |
+
+Local checks catch 90% of CI failures in seconds. CI is the safety net, not the first line of defense.
+
+---
+
+## Failures That Were Caused by Skipping Pre-Push Checks
+
+- `ChatFAB.tsx`: `const textLang` inside fetch object literal — caught by `tsc --noEmit` and `npm run build`
+- `nodemailer` webpack error: server-only import in client component — caught by `npm run build`
+- `jose` Edge Runtime error: full package import — caught by `npm run build`
+- `main.py` `<en>` tags spoken: missing `import re` — caught by `python -c "import main"`
+
+These all caused a broken deploy. Each would have been caught in <60 seconds locally.
@@ -1,5 +1,8 @@
 # Build + push pitch-deck Docker image to registry.meghsakha.com
-# on every push to main that touches pitch-deck/ files.
+# and trigger orca redeploy on every push to main that touches pitch-deck/.
+#
+# Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET
+#   (must match the `secret` field in ~/.orca/webhooks.json on the orca master)

 name: Build pitch-deck

@@ -10,16 +13,23 @@ on:
      - 'pitch-deck/**'

 jobs:
-  build-and-push:
+  build-push-deploy:
    runs-on: docker
    container:
      image: docker:27-cli
    steps:
      - name: Checkout
        run: |
-          apk add --no-cache git
+          apk add --no-cache git openssl curl
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .

+      - name: Login to registry
+        env:
+          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+        run: |
+          echo "$REGISTRY_PASSWORD" | docker login registry.meghsakha.com -u "$REGISTRY_USERNAME" --password-stdin
+
      - name: Build image
        run: |
          cd pitch-deck
@@ -34,4 +44,22 @@ jobs:
          SHORT_SHA=$(git rev-parse --short HEAD)
          docker push registry.meghsakha.com/breakpilot/pitch-deck:latest
          docker push registry.meghsakha.com/breakpilot/pitch-deck:${SHORT_SHA}
-          echo "Pushed registry.meghsakha.com/breakpilot/pitch-deck:latest + :${SHORT_SHA}"
+          echo "Pushed :latest + :${SHORT_SHA}"
+
+      - name: Trigger orca redeploy
+        env:
+          ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }}
+          ORCA_WEBHOOK_URL: http://46.225.100.82:6880/api/v1/webhooks/github
+        run: |
+          SHA=$(git rev-parse HEAD)
+          PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"head_commit\":{\"id\":\"$SHA\",\"message\":\"ci: pitch-deck image build\"}}"
+          SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}')
+          curl -sSf -k \
+            -X POST \
+            -H "Content-Type: application/json" \
+            -H "X-GitHub-Event: push" \
+            -H "X-Hub-Signature-256: sha256=$SIG" \
+            -d "$PAYLOAD" \
+            "$ORCA_WEBHOOK_URL" \
+            || { echo "Orca redeploy failed"; exit 1; }
+          echo "Orca redeploy triggered"
@@ -140,20 +140,6 @@ jobs:
          python -m pytest tests/bqas/ -v --tb=short || true

  # ========================================
-  # Deploy via Coolify (nur main, kein PR)
+  # Deploys now handled by per-service workflows (e.g. build-pitch-deck.yml)
+  # which trigger orca webhooks directly after building + pushing the image.
  # ========================================
-
-  deploy-coolify:
-    name: Deploy
-    runs-on: docker
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    needs:
-      - test-go-consent
-    container:
-      image: alpine:latest
-    steps:
-      - name: Trigger Coolify deploy
-        run: |
-          apk add --no-cache curl
-          curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
-            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
@@ -1,27 +0,0 @@
-name: Deploy to Coolify
-
-on:
-  push:
-    branches:
-      - coolify
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Deploy via Coolify API
-        run: |
-          echo "Deploying breakpilot-core to Coolify..."
-          HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
-            -X POST \
-            -H "Authorization: Bearer ${{ secrets.COOLIFY_API_TOKEN }}" \
-            -H "Content-Type: application/json" \
-            -d '{"uuid": "${{ secrets.COOLIFY_RESOURCE_UUID }}", "force_rebuild": true}' \
-            "${{ secrets.COOLIFY_BASE_URL }}/api/v1/deploy")
-
-          echo "HTTP Status: $HTTP_STATUS"
-          if [ "$HTTP_STATUS" -ne 200 ] && [ "$HTTP_STATUS" -ne 201 ]; then
-            echo "Deployment failed with status $HTTP_STATUS"
-            exit 1
-          fi
-          echo "Deployment triggered successfully!"
@@ -7,6 +7,7 @@
 secrets/
 *.pem
 *.key
+.mcp.json

 # Node
 node_modules/
@@ -52,7 +52,7 @@ class GenerateRequest(BaseModel):
    max_controls: int = 50
    max_chunks: int = 1000  # Default: process max 1000 chunks per job (respects document boundaries)
    batch_size: int = 5
-    skip_web_search: bool = False
+    skip_web_search: bool = True  # Default True — Anchors nachtraeglich batchen
    dry_run: bool = False
    regulation_filter: Optional[List[str]] = None  # Only process these regulation_code prefixes
    regulation_exclude: Optional[List[str]] = None  # Skip these regulation_code prefixes
@@ -489,7 +489,7 @@ class GeneratorConfig(BaseModel):
    max_controls: int = 0  # 0 = unlimited (process ALL chunks)
    max_chunks: int = 0  # 0 = unlimited; >0 = stop after N chunks (respects document boundaries)
    skip_processed: bool = True
-    skip_web_search: bool = False
+    skip_web_search: bool = True  # Default True — Anchor-Search verlangsamt 5x, nachtraeglich batchen
    dry_run: bool = False
    existing_job_id: Optional[str] = None  # If set, reuse this job instead of creating a new one
    regulation_filter: Optional[List[str]] = None  # Only process chunks matching these regulation_code prefixes
@@ -544,6 +544,8 @@ class GeneratorResult:
    controls_too_close: int = 0
    controls_duplicates_found: int = 0
    controls_qa_fixed: int = 0
+    controls_stored: int = 0  # Actually persisted to DB
+    controls_store_failed: int = 0  # Generated but failed to persist
    chunks_skipped_prefilter: int = 0
    errors: list = field(default_factory=list)
    controls: list = field(default_factory=list)
@@ -645,6 +647,13 @@ async def _llm_anthropic(prompt: str, system_prompt: Optional[str] = None, max_r
                    json=payload,
                )
                if resp.status_code != 200:
+                    # Retry on transient HTTP errors
+                    if resp.status_code in (429, 500, 502, 503, 504) and attempt < max_retries:
+                        wait = 2 ** attempt
+                        logger.warning("Anthropic API %d (transient) — retry in %ds...", resp.status_code, wait)
+                        import asyncio
+                        await asyncio.sleep(wait)
+                        continue
                    logger.error("Anthropic API %d: %s", resp.status_code, resp.text[:300])
                    return ""
                data = resp.json()
@@ -1517,9 +1526,22 @@ Gib ein JSON-Array zurueck mit GENAU {len(chunks)} Elementen. Fuer Aspekte ohne
        final: list[Optional[GeneratedControl]] = []
        for i in range(len(batch_items)):
            control = all_controls.get(i)
-            if not control or (not control.title and not control.objective):
+            # Filter empty or invalid controls (LLM returned None/empty)
+            if not control:
                final.append(None)
                continue
+            title_invalid = not control.title or control.title.strip().lower() in ("none", "null", "")
+            obj_invalid = not control.objective or control.objective.strip().lower() in ("none", "null", "")
+            if title_invalid and obj_invalid:
+                logger.warning("Leerer Control gefiltert (title=%s, objective=%s) — wird nicht gespeichert",
+                              control.title, control.objective)
+                final.append(None)
+                continue
+            # Clean up "None" strings from LLM
+            if title_invalid:
+                control.title = control.objective[:120] if control.objective else "Unbenannt"
+            if obj_invalid:
+                control.objective = control.title

            if control.release_state == "too_close":
                final.append(control)
@@ -1732,20 +1754,52 @@ Gib ein JSON-Array zurueck mit GENAU {len(chunks)} Elementen. Fuer Aspekte ohne
        )

    def _generate_control_id(self, domain: str, db: Session) -> str:
-        """Generate next sequential control ID like AUTH-011."""
+        """Generate unique control ID using numeric MAX + collision guard.
+
+        Uses CAST to INTEGER for correct numeric ordering (not string sort).
+        Falls back to UUID suffix if collision is detected.
+        """
        prefix = domain.upper()[:4]
        try:
+            # Numeric ordering — CAST to INTEGER, not string sort
            result = db.execute(
-                text("SELECT control_id FROM canonical_controls WHERE control_id LIKE :prefix ORDER BY control_id DESC LIMIT 1"),
-                {"prefix": f"{prefix}-%"},
+                text("""
+                    SELECT COALESCE(
+                        MAX(CAST(SUBSTRING(control_id FROM :prefix_len) AS INTEGER)),
+                        0
+                    ) + 1
+                    FROM canonical_controls
+                    WHERE control_id ~ (:pattern)
+                """),
+                {"prefix_len": len(prefix) + 2, "pattern": f"^{prefix}-[0-9]+$"},
            )
-            row = result.fetchone()
-            if row:
-                last_num = int(row[0].split("-")[-1])
-                return f"{prefix}-{last_num + 1:03d}"
-        except Exception:
-            pass
-        return f"{prefix}-001"
+            next_num = result.scalar() or 1
+            candidate = f"{prefix}-{next_num:03d}"
+
+            # Collision guard — check if ID already exists
+            exists = db.execute(
+                text("SELECT 1 FROM canonical_controls WHERE control_id = :cid LIMIT 1"),
+                {"cid": candidate},
+            ).fetchone()
+
+            if exists:
+                # UUID suffix as fallback for race conditions
+                suffix = uuid.uuid4().hex[:6]
+                candidate = f"{prefix}-{next_num:03d}-{suffix}"
+                logger.warning(
+                    "ID collision for %s-%03d — using unique suffix: %s",
+                    prefix, next_num, candidate,
+                )
+
+            return candidate
+        except Exception as e:
+            # NEVER swallow silently — UUID as safe fallback
+            fallback = f"{prefix}-{uuid.uuid4().hex[:8]}"
+            logger.error(
+                "Failed to generate control_id for domain %s: %s — using fallback %s",
+                domain, e, fallback,
+            )
+            return fallback

    # ── Stage QA: Automated Quality Validation ───────────────────────

@@ -1890,6 +1944,14 @@ Kategorien: {CATEGORY_LIST_STR}"""

    def _store_control(self, control: GeneratedControl, job_id: str) -> Optional[str]:
        """Persist a generated control to DB. Returns the control UUID or None."""
+        # Pre-store quality guard — reject empty/invalid controls
+        if not control.title or control.title.strip().lower() in ("none", "null", ""):
+            logger.warning("Rejected control with empty/None title: %s", control.control_id)
+            return None
+        if not control.objective or control.objective.strip().lower() in ("none", "null", ""):
+            logger.warning("Rejected control with empty/None objective: %s — %s", control.control_id, control.title)
+            return None
+
        try:
            # Get framework UUID
            fw_result = self.db.execute(
@@ -1929,7 +1991,11 @@ Kategorien: {CATEGORY_LIST_STR}"""
                        :target_audience, :pipeline_version,
                        :applicable_industries, :applicable_company_size, :scope_conditions
                    )
-                    ON CONFLICT (framework_id, control_id) DO NOTHING
+                    ON CONFLICT (framework_id, control_id) DO UPDATE SET
+                        updated_at = NOW(),
+                        title = EXCLUDED.title,
+                        objective = EXCLUDED.objective,
+                        generation_metadata = EXCLUDED.generation_metadata
                    RETURNING id
                """),
                {
@@ -2169,12 +2235,21 @@ Kategorien: {CATEGORY_LIST_STR}"""
                        if ctrl_uuid:
                            path = control.generation_metadata.get("processing_path", "structured_batch")
                            self._mark_chunk_processed(chunk, lic_info, path, [ctrl_uuid], job_id)
-                        else:
-                            self._mark_chunk_processed(chunk, lic_info, "store_failed", [], job_id)
-
                            result.controls_generated += 1
-                    result.controls.append(asdict(control))
+                            result.controls_stored += 1
                            controls_count += 1
+                        else:
+                            # CRITICAL FIX: Do NOT mark chunk as processed — allow retry
+                            logger.error(
+                                "STORE_FAILED: Control '%s' (%s) nicht gespeichert — Chunk bleibt unverarbeitet fuer Retry",
+                                control.control_id, control.title[:60],
+                            )
+                            result.controls_store_failed += 1
+                    else:
+                        result.controls_generated += 1
+                        controls_count += 1
+
+                    result.controls.append(asdict(control))

                    if self._existing_controls is not None:
                        self._existing_controls.append({
@@ -2187,9 +2262,17 @@ Kategorien: {CATEGORY_LIST_STR}"""
                try:
                    # Progress logging every 50 chunks
                    if i > 0 and i % 50 == 0:
+                        store_rate = (result.controls_stored / max(result.controls_generated, 1)) * 100 if result.controls_generated > 0 else 100
                        logger.info(
-                            "Progress: %d/%d chunks processed, %d controls generated, %d skipped by prefilter",
-                            i, len(chunks), controls_count, chunks_skipped_prefilter,
+                            "Progress: %d/%d chunks | %d generated | %d stored (%.0f%%) | %d store_failed | %d skipped",
+                            i, len(chunks), result.controls_generated, result.controls_stored,
+                            store_rate, result.controls_store_failed, chunks_skipped_prefilter,
+                        )
+                        # ALARM bei niedriger Store-Rate
+                        if result.controls_generated > 10 and store_rate < 80:
+                            logger.error(
+                                "ALARM: Store-Erfolgsrate nur %.0f%% — moeglicherweise ID-Kollisionen!",
+                                store_rate,
                            )
                        self._update_job(job_id, result)

@@ -2235,9 +2318,36 @@ Kategorien: {CATEGORY_LIST_STR}"""
            await _flush_batch()

            result.chunks_skipped_prefilter = chunks_skipped_prefilter
+
+            # Post-Job Validierung — DB-Realitaet pruefen
+            try:
+                actual_stored = self.db.execute(
+                    text("SELECT count(*) FROM canonical_controls WHERE generation_metadata::text LIKE :jid"),
+                    {"jid": f"%{job_id}%"},
+                ).scalar() or 0
+            except Exception:
+                actual_stored = -1
+
+            final_store_rate = (result.controls_stored / max(result.controls_generated, 1)) * 100 if result.controls_generated > 0 else 0
+
            logger.info(
-                "Pipeline complete: %d controls generated, %d chunks skipped by prefilter, %d total chunks",
-                controls_count, chunks_skipped_prefilter, len(chunks),
+                "Pipeline complete: %d chunks | %d generated | %d stored (%.0f%%) | %d store_failed | %d skipped | DB actual: %d",
+                len(chunks), result.controls_generated, result.controls_stored,
+                final_store_rate, result.controls_store_failed,
+                chunks_skipped_prefilter, actual_stored,
+            )
+
+            if result.controls_store_failed > 0:
+                logger.error(
+                    "WARNUNG: %d Controls konnten NICHT gespeichert werden! "
+                    "Diese Chunks bleiben unverarbeitet und muessen erneut verarbeitet werden.",
+                    result.controls_store_failed,
+                )
+
+            if result.controls_generated > 0 and final_store_rate < 90:
+                logger.error(
+                    "KRITISCH: Store-Rate nur %.0f%% — %d von %d Controls verloren!",
+                    final_store_rate, result.controls_store_failed, result.controls_generated,
                )

            result.status = "completed"
@@ -61,6 +61,7 @@ services:
      - "3008:3008"     # Admin Core
      - "3010:3010"     # Portal Dashboard
      - "8011:8011"     # Compliance Docs (MkDocs)
+      - "3012:3012"     # Pitch Deck
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - vault_certs:/etc/nginx/certs:ro
@@ -873,11 +874,13 @@ services:
      dockerfile: Dockerfile
    container_name: bp-core-pitch-deck
    platform: linux/arm64
-    ports:
-      - "3012:3000"
+    expose:
+      - "3000"
    environment:
      NODE_ENV: production
      DATABASE_URL: postgres://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db}
+      PITCH_JWT_SECRET: ${PITCH_JWT_SECRET:-7025f5da6d2ea384353ea6debddae0ea9e2dbca151a1df4b65be8cb80a5cf002}
+      PITCH_ADMIN_SECRET: ${PITCH_ADMIN_SECRET:-40df9e6f2ca2e90729030af37bf79199710b09c898cac9df}
      LITELLM_URL: ${LITELLM_URL:-https://llm-dev.meghsakha.com}
      LITELLM_MODEL: ${LITELLM_MODEL:-gpt-oss-120b}
      LITELLM_API_KEY: ${LITELLM_API_KEY:-sk-0nAyxaMVbIqmz_ntnndzag}
@@ -330,6 +330,14 @@ def _generate_risk_assessment(ctx: dict) -> str:
    if any(ctx.get(k) for k in ["third_country_transfer", "processes_in_third_country"]):
        risks.append(("Zugriff durch Behoerden in Drittlaendern", "mittel", "hoch", "hoch"))

+    # FISA 702 Risiko bei US-Cloud-Providern
+    hosting = (ctx.get("hosting_provider") or "").lower()
+    us_providers = ("aws", "azure", "google", "microsoft", "amazon", "openai", "anthropic", "oracle")
+    if any(p in hosting for p in us_providers):
+        risks.append(("FISA 702: Zugriff durch US-Behoerden auf EU-Daten nicht ausschliessbar", "mittel", "hoch", "hoch"))
+        risks.append(("EU-Serverstandort schuetzt nicht gegen US-Rechtszugriff (Cloud Act + FISA)", "mittel", "hoch", "hoch"))
+        risks.append(("Fehlende effektive Rechtsbehelfe fuer EU-Betroffene gegen US-Ueberwachung", "mittel", "hoch", "hoch"))
+
    # Domain-spezifische Risiken (AI Act Annex III)
    domain = ctx.get("domain", "")
    if domain in ("hr", "recruiting") or ctx.get("has_hr_context"):
@@ -760,3 +760,33 @@ server {
        try_files $uri $uri/ /index.html;
    }
 }
+
+# =========================================================
+# PITCH DECK: Investor Presentation on port 3012
+# =========================================================
+server {
+    listen 3012 ssl;
+    http2 on;
+    server_name macmini localhost;
+
+    ssl_certificate /etc/nginx/certs/macmini.crt;
+    ssl_certificate_key /etc/nginx/certs/macmini.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+    ssl_prefer_server_ciphers off;
+
+    location / {
+        set $upstream_pitch bp-core-pitch-deck:3000;
+        proxy_pass http://$upstream_pitch;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 300s;
+    }
+}
@@ -0,0 +1,7 @@
+
+Tue Apr 14 09:22:10 AM CEST 2026
+
+Tue Apr 14 09:27:05 AM CEST 2026
+Tue Apr 14 09:32:36 AM CEST 2026
+Tue Apr 15 rebuild trigger
+Tue Apr 15 rebuild 2
@@ -0,0 +1,294 @@
+/**
+ * Regression test for the "lost access" scenario:
+ *
+ *   1. Admin invites investor A → token T1 is created and emailed.
+ *   2. Investor A opens the link successfully → T1 is marked used_at.
+ *   3. Investor A clears their session (or a redeploy drops cookies).
+ *   4. Investor A returns to / — redirected to /auth.
+ *   5. Without this feature, A is stuck: T1 is already used, expired, or the
+ *      session is gone, and there is no self-service way to get back in.
+ *   6. With this feature, A enters their email on /auth and the endpoint
+ *      issues a brand new, unused magic link T2 for the same investor row.
+ *
+ * This test wires together the request-link handler with the real verify
+ * handler against an in-memory fake of the two tables the flow touches
+ * (pitch_investors, pitch_magic_links) so we can assert end-to-end that a
+ * second link works after the first one was used.
+ */
+
+import { describe, it, expect, beforeEach, vi } from 'vitest'
+import { NextRequest } from 'next/server'
+
+// ---- In-memory fake of the two tables touched by this flow ----
+
+interface InvestorRow {
+  id: string
+  email: string
+  name: string | null
+  company: string | null
+  status: 'invited' | 'active' | 'revoked'
+  last_login_at: Date | null
+  login_count: number
+}
+interface MagicLinkRow {
+  id: string
+  investor_id: string
+  token: string
+  expires_at: Date
+  used_at: Date | null
+  ip_address: string | null
+  user_agent: string | null
+}
+
+const db = {
+  investors: [] as InvestorRow[],
+  magicLinks: [] as MagicLinkRow[],
+  sessions: [] as { id: string; investor_id: string; ip_address: string | null }[],
+}
+
+let idCounter = 0
+const nextId = () => `row-${++idCounter}`
+
+// A tiny query router: match the SQL fragment we care about, ignore the rest.
+const queryMock = vi.fn(async (sql: string, params: unknown[] = []) => {
+  const s = sql.replace(/\s+/g, ' ').trim()
+
+  // Investor lookup by email (used by request-link)
+  if (/SELECT id, email, name, status FROM pitch_investors WHERE email = \$1/i.test(s)) {
+    const row = db.investors.find(i => i.email === params[0])
+    return { rows: row ? [row] : [] }
+  }
+
+  // Insert magic link
+  if (/INSERT INTO pitch_magic_links \(investor_id, token, expires_at\)/i.test(s)) {
+    db.magicLinks.push({
+      id: nextId(),
+      investor_id: params[0] as string,
+      token: params[1] as string,
+      expires_at: params[2] as Date,
+      used_at: null,
+      ip_address: null,
+      user_agent: null,
+    })
+    return { rows: [] }
+  }
+
+  // Verify: magic link + investor JOIN lookup
+  if (/FROM pitch_magic_links ml JOIN pitch_investors i/i.test(s)) {
+    const link = db.magicLinks.find(ml => ml.token === params[0])
+    if (!link) return { rows: [] }
+    const inv = db.investors.find(i => i.id === link.investor_id)!
+    return {
+      rows: [{
+        id: link.id,
+        investor_id: link.investor_id,
+        expires_at: link.expires_at,
+        used_at: link.used_at,
+        email: inv.email,
+        investor_status: inv.status,
+      }],
+    }
+  }
+
+  // Mark magic link used
+  if (/UPDATE pitch_magic_links SET used_at = NOW/i.test(s)) {
+    const link = db.magicLinks.find(ml => ml.id === params[2])
+    if (link) {
+      link.used_at = new Date()
+      link.ip_address = params[0] as string | null
+      link.user_agent = params[1] as string | null
+    }
+    return { rows: [] }
+  }
+
+  // Activate investor
+  if (/UPDATE pitch_investors SET status = 'active'/i.test(s)) {
+    const inv = db.investors.find(i => i.id === params[0])
+    if (inv) {
+      inv.status = 'active'
+      inv.last_login_at = new Date()
+      inv.login_count += 1
+    }
+    return { rows: [] }
+  }
+
+  // createSession: revoke prior sessions (no-op in fake)
+  if (/UPDATE pitch_sessions SET revoked = true WHERE investor_id/i.test(s)) {
+    return { rows: [] }
+  }
+
+  // createSession: insert
+  if (/INSERT INTO pitch_sessions/i.test(s)) {
+    const id = nextId()
+    db.sessions.push({ id, investor_id: params[0] as string, ip_address: params[2] as string | null })
+    return { rows: [{ id }] }
+  }
+
+  // createSession: fetch investor email for JWT
+  if (/SELECT email FROM pitch_investors WHERE id = \$1/i.test(s)) {
+    const inv = db.investors.find(i => i.id === params[0])
+    return { rows: inv ? [{ email: inv.email }] : [] }
+  }
+
+  // new-ip detection query (verify route)
+  if (/SELECT DISTINCT ip_address FROM pitch_sessions/i.test(s)) {
+    return { rows: [] }
+  }
+
+  // Audit log insert — accept everything
+  if (/INSERT INTO pitch_audit_logs/i.test(s)) {
+    return { rows: [] }
+  }
+
+  throw new Error(`Unmocked query: ${s.slice(0, 120)}…`)
+})
+
+vi.mock('@/lib/db', () => ({
+  default: { query: (...args: unknown[]) => queryMock(args[0] as string, args[1] as unknown[]) },
+}))
+
+// Capture emails instead of sending them
+const sentEmails: Array<{ to: string; url: string }> = []
+vi.mock('@/lib/email', () => ({
+  sendMagicLinkEmail: vi.fn(async (to: string, _name: string | null, url: string) => {
+    sentEmails.push({ to, url })
+  }),
+}))
+
+// next/headers cookies() needs to be stubbed — setSessionCookie calls it.
+vi.mock('next/headers', () => ({
+  cookies: async () => ({
+    set: vi.fn(),
+    get: vi.fn(),
+    delete: vi.fn(),
+  }),
+}))
+
+// Import the handlers AFTER mocks are set up
+import { POST as requestLink } from '@/app/api/auth/request-link/route'
+import { POST as verifyLink } from '@/app/api/auth/verify/route'
+
+function makeJsonRequest(url: string, body: unknown, ip = '203.0.113.1'): NextRequest {
+  return new NextRequest(url, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json', 'x-forwarded-for': ip },
+    body: JSON.stringify(body),
+  })
+}
+
+function extractToken(url: string): string {
+  const m = url.match(/token=([0-9a-f]+)/)
+  if (!m) throw new Error(`No token in url: ${url}`)
+  return m[1]
+}
+
+beforeEach(() => {
+  db.investors = []
+  db.magicLinks = []
+  db.sessions = []
+  sentEmails.length = 0
+  idCounter = 0
+  queryMock.mockClear()
+})
+
+describe('Regression: investor can re-request a working magic link after the first is consumed', () => {
+  it('full flow — invite → use → request-link → new link works', async () => {
+    // --- Setup: admin has already invited the investor (simulate the outcome) ---
+    const investorId = 'investor-42'
+    db.investors.push({
+      id: investorId,
+      email: 'vc@example.com',
+      name: 'VC Partner',
+      company: 'Acme Capital',
+      status: 'invited',
+      last_login_at: null,
+      login_count: 0,
+    })
+    db.magicLinks.push({
+      id: 'ml-original',
+      investor_id: investorId,
+      token: 'a'.repeat(96), // original invite token
+      expires_at: new Date(Date.now() + 72 * 60 * 60 * 1000),
+      used_at: null,
+      ip_address: null,
+      user_agent: null,
+    })
+
+    // --- Step 1: investor uses the original invite link ---
+    const firstVerify = await verifyLink(makeJsonRequest('http://localhost/api/auth/verify', { token: 'a'.repeat(96) }))
+    expect(firstVerify.status).toBe(200)
+    const first = db.magicLinks.find(ml => ml.id === 'ml-original')!
+    expect(first.used_at).not.toBeNull()
+
+    // --- Step 2: investor comes back later; clicks the same link → rejected ---
+    const replay = await verifyLink(makeJsonRequest('http://localhost/api/auth/verify', { token: 'a'.repeat(96) }))
+    expect(replay.status).toBe(401)
+    const replayBody = await replay.json()
+    expect(replayBody.error).toMatch(/already been used/i)
+
+    // --- Step 3: investor visits /auth and submits their email ---
+    const reissue = await requestLink(
+      makeJsonRequest('http://localhost/api/auth/request-link', { email: 'vc@example.com' }, '203.0.113.99'),
+    )
+    expect(reissue.status).toBe(200)
+    const reissueBody = await reissue.json()
+    expect(reissueBody.success).toBe(true)
+
+    // --- Step 4: a fresh email was dispatched to the investor ---
+    expect(sentEmails).toHaveLength(1)
+    expect(sentEmails[0].to).toBe('vc@example.com')
+    const newToken = extractToken(sentEmails[0].url)
+    expect(newToken).not.toBe('a'.repeat(96))
+    expect(newToken).toMatch(/^[0-9a-f]{96}$/)
+
+    // A second unused magic link row exists for the same investor
+    const links = db.magicLinks.filter(ml => ml.investor_id === investorId)
+    expect(links).toHaveLength(2)
+    const newLink = links.find(ml => ml.token === newToken)!
+    expect(newLink.used_at).toBeNull()
+
+    // --- Step 5: the new token validates successfully ---
+    const secondVerify = await verifyLink(makeJsonRequest('http://localhost/api/auth/verify', { token: newToken }))
+    expect(secondVerify.status).toBe(200)
+    const secondBody = await secondVerify.json()
+    expect(secondBody.success).toBe(true)
+    expect(secondBody.redirect).toBe('/')
+
+    // And the new link is now used, mirroring the one-time-use contract
+    expect(newLink.used_at).not.toBeNull()
+  })
+
+  it('unknown emails do not create magic links or send email (prevents enumeration & abuse)', async () => {
+    // No investors in the DB
+    const res = await requestLink(
+      makeJsonRequest('http://localhost/api/auth/request-link', { email: 'stranger@example.com' }),
+    )
+    expect(res.status).toBe(200)
+    const body = await res.json()
+    // Same generic message as the happy path
+    expect(body.success).toBe(true)
+    expect(body.message).toMatch(/if this email was invited/i)
+
+    expect(sentEmails).toHaveLength(0)
+    expect(db.magicLinks).toHaveLength(0)
+  })
+
+  it('revoked investors cannot self-serve a new link', async () => {
+    db.investors.push({
+      id: 'revoked-1',
+      email: 'gone@example.com',
+      name: null,
+      company: null,
+      status: 'revoked',
+      last_login_at: null,
+      login_count: 0,
+    })
+
+    const res = await requestLink(
+      makeJsonRequest('http://localhost/api/auth/request-link', { email: 'gone@example.com' }),
+    )
+    expect(res.status).toBe(200) // generic success (no info leak)
+    expect(sentEmails).toHaveLength(0)
+    expect(db.magicLinks).toHaveLength(0)
+  })
+})
@@ -0,0 +1,213 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest'
+import { NextRequest } from 'next/server'
+
+// Mock the DB pool before the route is imported
+const queryMock = vi.fn()
+vi.mock('@/lib/db', () => ({
+  default: { query: (...args: unknown[]) => queryMock(...args) },
+}))
+
+// Mock the email sender so no SMTP is attempted
+const sendMagicLinkEmailMock = vi.fn().mockResolvedValue(undefined)
+vi.mock('@/lib/email', () => ({
+  sendMagicLinkEmail: (...args: unknown[]) => sendMagicLinkEmailMock(...args),
+}))
+
+// Import after mocks are registered
+import { POST } from '@/app/api/auth/request-link/route'
+
+// Unique suffix per test so the rate-limit store (keyed by IP / email) doesn't
+// bleed across cases — the rate-limiter holds state at module scope.
+let testId = 0
+function uniqueIp() {
+  testId++
+  return `10.0.${Math.floor(testId / 250)}.${testId % 250}`
+}
+
+function makeRequest(body: unknown, ip = uniqueIp()): NextRequest {
+  return new NextRequest('http://localhost/api/auth/request-link', {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      'x-forwarded-for': ip,
+    },
+    body: JSON.stringify(body),
+  })
+}
+
+function investorRow(overrides: Partial<{ id: string; email: string; name: string | null; status: string }> = {}) {
+  return {
+    id: overrides.id ?? 'investor-1',
+    email: overrides.email ?? 'invited@example.com',
+    name: overrides.name ?? 'Alice',
+    status: overrides.status ?? 'invited',
+  }
+}
+
+beforeEach(() => {
+  queryMock.mockReset()
+  sendMagicLinkEmailMock.mockReset()
+  sendMagicLinkEmailMock.mockResolvedValue(undefined)
+})
+
+describe('POST /api/auth/request-link — input validation', () => {
+  it('returns 400 when email is missing', async () => {
+    const res = await POST(makeRequest({}))
+    expect(res.status).toBe(400)
+    const body = await res.json()
+    expect(body.error).toBe('Email required')
+    expect(queryMock).not.toHaveBeenCalled()
+    expect(sendMagicLinkEmailMock).not.toHaveBeenCalled()
+  })
+
+  it('returns 400 when email is not a string', async () => {
+    const res = await POST(makeRequest({ email: 12345 }))
+    expect(res.status).toBe(400)
+    expect(sendMagicLinkEmailMock).not.toHaveBeenCalled()
+  })
+
+  it('handles malformed JSON body as missing email (400)', async () => {
+    const req = new NextRequest('http://localhost/api/auth/request-link', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json', 'x-forwarded-for': uniqueIp() },
+      body: 'not-json',
+    })
+    const res = await POST(req)
+    expect(res.status).toBe(400)
+  })
+})
+
+describe('POST /api/auth/request-link — unknown email (enumeration resistance)', () => {
+  it('returns the generic success response without sending email', async () => {
+    // First query: investor lookup → empty rows
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    // Second query: the audit log insert
+    queryMock.mockResolvedValueOnce({ rows: [] })
+
+    const res = await POST(makeRequest({ email: 'unknown@example.com' }))
+    expect(res.status).toBe(200)
+    const body = await res.json()
+    expect(body.success).toBe(true)
+    expect(body.message).toMatch(/if this email was invited/i)
+    expect(sendMagicLinkEmailMock).not.toHaveBeenCalled()
+
+    // Verify the investor-lookup SQL was issued with the normalized email
+    const [sql, params] = queryMock.mock.calls[0]
+    expect(sql).toMatch(/FROM pitch_investors WHERE email/i)
+    expect(params).toEqual(['unknown@example.com'])
+  })
+
+  it('normalizes email (trim + lowercase) before lookup', async () => {
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    queryMock.mockResolvedValueOnce({ rows: [] })
+
+    await POST(makeRequest({ email: '  Mixed@Example.COM  ' }))
+
+    const [, params] = queryMock.mock.calls[0]
+    expect(params).toEqual(['mixed@example.com'])
+  })
+})
+
+describe('POST /api/auth/request-link — known investor', () => {
+  it('creates a new magic link and sends the email with generic response', async () => {
+    // 1st: investor lookup → found
+    queryMock.mockResolvedValueOnce({ rows: [investorRow()] })
+    // 2nd: magic link insert
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    // 3rd: audit log insert
+    queryMock.mockResolvedValueOnce({ rows: [] })
+
+    const res = await POST(makeRequest({ email: 'invited@example.com' }))
+    expect(res.status).toBe(200)
+    const body = await res.json()
+    expect(body.success).toBe(true)
+    // Response is identical to the unknown-email case (no information leak)
+    expect(body.message).toMatch(/if this email was invited/i)
+
+    // Verify magic link insert
+    const [insertSql, insertParams] = queryMock.mock.calls[1]
+    expect(insertSql).toMatch(/INSERT INTO pitch_magic_links/i)
+    expect(insertParams[0]).toBe('investor-1')
+    expect(insertParams[1]).toMatch(/^[0-9a-f]{96}$/) // 96-char hex token
+    expect(insertParams[2]).toBeInstanceOf(Date)
+
+    // Verify email was sent with the fresh token URL
+    expect(sendMagicLinkEmailMock).toHaveBeenCalledTimes(1)
+    const [emailTo, emailName, magicLinkUrl] = sendMagicLinkEmailMock.mock.calls[0]
+    expect(emailTo).toBe('invited@example.com')
+    expect(emailName).toBe('Alice')
+    expect(magicLinkUrl).toMatch(/\/auth\/verify\?token=[0-9a-f]{96}$/)
+  })
+
+  it('generates a different token on each call (re-invite is always fresh)', async () => {
+    // Call 1
+    queryMock.mockResolvedValueOnce({ rows: [investorRow({ email: 'a@x.com' })] })
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    await POST(makeRequest({ email: 'a@x.com' }))
+
+    // Call 2 — different email to avoid the per-email rate limit
+    queryMock.mockResolvedValueOnce({ rows: [investorRow({ email: 'b@x.com' })] })
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    queryMock.mockResolvedValueOnce({ rows: [] })
+    await POST(makeRequest({ email: 'b@x.com' }))
+
+    const token1 = queryMock.mock.calls[1][1][1]
+    const token2 = queryMock.mock.calls[4][1][1]
+    expect(token1).not.toBe(token2)
+  })
+
+  it('skips email send for a revoked investor (returns generic response)', async () => {
+    queryMock.mockResolvedValueOnce({ rows: [investorRow({ status: 'revoked' })] })
+    queryMock.mockResolvedValueOnce({ rows: [] }) // audit log
+
+    const res = await POST(makeRequest({ email: 'invited@example.com' }))
+    expect(res.status).toBe(200)
+    const body = await res.json()
+    expect(body.success).toBe(true)
+    expect(sendMagicLinkEmailMock).not.toHaveBeenCalled()
+
+    // Ensure no magic link was inserted
+    const inserts = queryMock.mock.calls.filter(c => /INSERT INTO pitch_magic_links/i.test(c[0]))
+    expect(inserts.length).toBe(0)
+  })
+})
+
+describe('POST /api/auth/request-link — rate limiting', () => {
+  it('throttles after N requests per email and returns generic success (silent throttle)', async () => {
+    const email = `throttle-${Date.now()}@example.com`
+
+    // First 3 requests succeed (RATE_LIMITS.magicLink.limit = 3)
+    for (let i = 0; i < 3; i++) {
+      queryMock.mockResolvedValueOnce({ rows: [investorRow({ email })] })
+      queryMock.mockResolvedValueOnce({ rows: [] }) // magic link insert
+      queryMock.mockResolvedValueOnce({ rows: [] }) // audit log
+      const res = await POST(makeRequest({ email }))
+      expect(res.status).toBe(200)
+    }
+    expect(sendMagicLinkEmailMock).toHaveBeenCalledTimes(3)
+
+    // 4th request is silently throttled — same generic response, no email sent
+    queryMock.mockResolvedValueOnce({ rows: [] }) // audit log only
+    const res4 = await POST(makeRequest({ email }))
+    expect(res4.status).toBe(200)
+    const body4 = await res4.json()
+    expect(body4.success).toBe(true)
+    // Still exactly 3 emails sent — nothing new
+    expect(sendMagicLinkEmailMock).toHaveBeenCalledTimes(3)
+  })
+
+  it('throttles with 429 after too many attempts from the same IP', async () => {
+    const ip = '172.31.99.99'
+    // RATE_LIMITS.authVerify.limit = 10 for IP-scoped checks
+    for (let i = 0; i < 10; i++) {
+      queryMock.mockResolvedValueOnce({ rows: [] }) // investor lookup returns empty
+      queryMock.mockResolvedValueOnce({ rows: [] }) // audit
+      const res = await POST(makeRequest({ email: `ip-test-${i}@example.com` }, ip))
+      expect(res.status).toBe(200)
+    }
+
+    const res = await POST(makeRequest({ email: 'final@example.com' }, ip))
+    expect(res.status).toBe(429)
+  })
+})
@@ -0,0 +1,63 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import pool from '@/lib/db'
+
+// POST: Import finanzplan data (all fp_* tables) from JSON dump
+export async function POST(request: NextRequest) {
+  const guard = await requireAdmin(request)
+  if (guard.kind === 'response') return guard.response
+
+  try {
+    const data = await request.json()
+    const results: string[] = []
+    const client = await pool.connect()
+
+    try {
+      await client.query('BEGIN')
+
+      const tables = [
+        'fp_scenarios', 'fp_kunden', 'fp_kunden_summary', 'fp_umsatzerloese',
+        'fp_materialaufwand', 'fp_personalkosten', 'fp_betriebliche_aufwendungen',
+        'fp_investitionen', 'fp_sonst_ertraege', 'fp_liquiditaet', 'fp_guv',
+      ]
+
+      for (const table of tables) {
+        const rows = data[table]
+        if (!rows || !Array.isArray(rows) || rows.length === 0) {
+          results.push(`SKIP: ${table} (no data)`)
+          continue
+        }
+
+        // Clear existing data
+        await client.query(`DELETE FROM ${table}`)
+
+        // Insert rows
+        const cols = Object.keys(rows[0])
+        const colNames = cols.join(', ')
+
+        for (const row of rows) {
+          const values = cols.map(c => {
+            const v = row[c]
+            if (v === null || v === undefined) return null
+            if (typeof v === 'object') return JSON.stringify(v)
+            return v
+          })
+          const placeholders = values.map((_, i) => `$${i + 1}`).join(', ')
+          await client.query(`INSERT INTO ${table} (${colNames}) VALUES (${placeholders})`, values)
+        }
+
+        results.push(`OK: ${table} — ${rows.length} rows`)
+      }
+
+      await client.query('COMMIT')
+      return NextResponse.json({ success: true, results })
+    } catch (err) {
+      await client.query('ROLLBACK')
+      throw err
+    } finally {
+      client.release()
+    }
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 })
+  }
+}
@@ -11,7 +11,7 @@ export async function POST(request: NextRequest) {
  const adminId = guard.kind === 'admin' ? guard.admin.id : null

  const body = await request.json().catch(() => ({}))
-  const { email, name, company } = body
+  const { email, name, company, greeting, message, closing } = body

  if (!email || typeof email !== 'string') {
    return NextResponse.json({ error: 'Email required' }, { status: 400 })
@@ -54,7 +54,7 @@ export async function POST(request: NextRequest) {
  const baseUrl = process.env.PITCH_BASE_URL || 'https://pitch.breakpilot.ai'
  const magicLinkUrl = `${baseUrl}/auth/verify?token=${token}`

-  await sendMagicLinkEmail(normalizedEmail, name || null, magicLinkUrl)
+  await sendMagicLinkEmail(normalizedEmail, name || null, magicLinkUrl, greeting, message, closing)

  await logAdminAudit(
    adminId,
@@ -0,0 +1,128 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { requireAdmin } from '@/lib/admin-auth'
+import pool from '@/lib/db'
+
+export async function POST(request: NextRequest) {
+  const guard = await requireAdmin(request)
+  if (guard.kind === 'response') return guard.response
+
+  const results: string[] = []
+
+  // Finanzplan tables — the ones missing on production
+  const statements = [
+    `CREATE TABLE IF NOT EXISTS fp_scenarios (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      name TEXT NOT NULL DEFAULT 'Base Case',
+      description TEXT,
+      is_default BOOLEAN DEFAULT false,
+      created_at TIMESTAMPTZ DEFAULT NOW(),
+      updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `INSERT INTO fp_scenarios (name, description, is_default)
+     SELECT 'Base Case', 'Basisdaten aus Excel-Import', true
+     WHERE NOT EXISTS (SELECT 1 FROM fp_scenarios WHERE is_default = true)`,
+    `CREATE TABLE IF NOT EXISTS fp_kunden (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      segment_name TEXT NOT NULL, segment_index INT NOT NULL, row_label TEXT NOT NULL, row_index INT NOT NULL,
+      percentage NUMERIC(5,3), formula_type TEXT, is_editable BOOLEAN DEFAULT false,
+      values JSONB NOT NULL DEFAULT '{}', excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_kunden_summary (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      row_label TEXT NOT NULL, row_index INT NOT NULL, values JSONB NOT NULL DEFAULT '{}',
+      excel_row INT, sort_order INT NOT NULL
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_umsatzerloese (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      section TEXT NOT NULL, row_label TEXT NOT NULL, row_index INT NOT NULL,
+      is_editable BOOLEAN DEFAULT false, values JSONB NOT NULL DEFAULT '{}',
+      excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_materialaufwand (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      section TEXT NOT NULL, row_label TEXT NOT NULL, row_index INT NOT NULL,
+      is_editable BOOLEAN DEFAULT false, values JSONB NOT NULL DEFAULT '{}',
+      excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_personalkosten (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      person_name TEXT NOT NULL, person_nr TEXT, position TEXT,
+      start_date DATE, end_date DATE, brutto_monthly NUMERIC(10,2),
+      annual_raise_pct NUMERIC(5,2) DEFAULT 3.0, ag_sozial_pct NUMERIC(5,2) DEFAULT 20.425,
+      is_editable BOOLEAN DEFAULT true,
+      values_brutto JSONB NOT NULL DEFAULT '{}', values_sozial JSONB NOT NULL DEFAULT '{}',
+      values_total JSONB NOT NULL DEFAULT '{}',
+      excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_betriebliche_aufwendungen (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      category TEXT NOT NULL, row_label TEXT NOT NULL, row_index INT NOT NULL,
+      is_editable BOOLEAN DEFAULT true, is_sum_row BOOLEAN DEFAULT false, formula_desc TEXT,
+      values JSONB NOT NULL DEFAULT '{}', excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_investitionen (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      item_name TEXT NOT NULL, category TEXT, purchase_amount NUMERIC(12,2) NOT NULL,
+      purchase_date DATE, afa_years INT, afa_end_date DATE, is_editable BOOLEAN DEFAULT true,
+      values_invest JSONB NOT NULL DEFAULT '{}', values_afa JSONB NOT NULL DEFAULT '{}',
+      excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_sonst_ertraege (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      category TEXT NOT NULL, row_label TEXT, row_index INT NOT NULL,
+      is_editable BOOLEAN DEFAULT true, is_sum_row BOOLEAN DEFAULT false,
+      values JSONB NOT NULL DEFAULT '{}', excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_liquiditaet (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      row_label TEXT NOT NULL, row_type TEXT NOT NULL,
+      is_editable BOOLEAN DEFAULT false, formula_desc TEXT,
+      values JSONB NOT NULL DEFAULT '{}', excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_guv (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      row_label TEXT NOT NULL, row_index INT NOT NULL,
+      is_sum_row BOOLEAN DEFAULT false, formula_desc TEXT,
+      values JSONB NOT NULL DEFAULT '{}', excel_row INT, sort_order INT NOT NULL,
+      created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW()
+    )`,
+    `CREATE TABLE IF NOT EXISTS fp_cell_overrides (
+      id SERIAL PRIMARY KEY, scenario_id UUID REFERENCES fp_scenarios(id) ON DELETE CASCADE,
+      sheet_name TEXT NOT NULL, row_id INT NOT NULL, month_key TEXT NOT NULL,
+      override_value NUMERIC, created_at TIMESTAMPTZ DEFAULT NOW(),
+      UNIQUE(scenario_id, sheet_name, row_id, month_key)
+    )`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_kunden_scenario ON fp_kunden(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_kunden_summary_scenario ON fp_kunden_summary(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_umsatz_scenario ON fp_umsatzerloese(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_material_scenario ON fp_materialaufwand(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_personal_scenario ON fp_personalkosten(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_betrieb_scenario ON fp_betriebliche_aufwendungen(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_invest_scenario ON fp_investitionen(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_sonst_scenario ON fp_sonst_ertraege(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_liquid_scenario ON fp_liquiditaet(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_guv_scenario ON fp_guv(scenario_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_fp_overrides_lookup ON fp_cell_overrides(scenario_id, sheet_name, row_id)`,
+  ]
+
+  for (const sql of statements) {
+    try {
+      await pool.query(sql)
+      const label = sql.substring(0, 60).replace(/\s+/g, ' ')
+      results.push(`OK: ${label}...`)
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      results.push(`ERROR: ${msg}`)
+    }
+  }
+
+  return NextResponse.json({ success: true, results })
+}
@@ -0,0 +1,73 @@
+import { NextRequest, NextResponse } from 'next/server'
+import pool from '@/lib/db'
+import { generateToken, getClientIp, logAudit } from '@/lib/auth'
+import { sendMagicLinkEmail } from '@/lib/email'
+import { checkRateLimit, RATE_LIMITS } from '@/lib/rate-limit'
+
+// Generic response returned regardless of whether an investor exists, to
+// prevent email enumeration. The client always sees the same success message.
+const GENERIC_RESPONSE = {
+  success: true,
+  message: 'If this email was invited, a fresh access link has been sent.',
+}
+
+export async function POST(request: NextRequest) {
+  const ip = getClientIp(request) || 'unknown'
+
+  // IP-based rate limit to prevent enumeration / abuse
+  const ipRl = checkRateLimit(`request-link-ip:${ip}`, RATE_LIMITS.authVerify)
+  if (!ipRl.allowed) {
+    return NextResponse.json({ error: 'Too many attempts. Try again later.' }, { status: 429 })
+  }
+
+  const body = await request.json().catch(() => ({}))
+  const { email } = body
+
+  if (!email || typeof email !== 'string') {
+    return NextResponse.json({ error: 'Email required' }, { status: 400 })
+  }
+
+  const normalizedEmail = email.toLowerCase().trim()
+
+  // Per-email rate limit (silent — same generic response on throttle so callers
+  // can't distinguish a throttled-but-valid email from an unknown one)
+  const emailRl = checkRateLimit(`magic-link:${normalizedEmail}`, RATE_LIMITS.magicLink)
+  if (!emailRl.allowed) {
+    await logAudit(null, 'request_link_throttled', { email: normalizedEmail }, request)
+    return NextResponse.json(GENERIC_RESPONSE)
+  }
+
+  const { rows } = await pool.query(
+    `SELECT id, email, name, status FROM pitch_investors WHERE email = $1`,
+    [normalizedEmail],
+  )
+
+  if (rows.length === 0) {
+    await logAudit(null, 'request_link_unknown_email', { email: normalizedEmail }, request)
+    return NextResponse.json(GENERIC_RESPONSE)
+  }
+
+  const investor = rows[0]
+
+  if (investor.status === 'revoked') {
+    await logAudit(investor.id, 'request_link_revoked', { email: normalizedEmail }, request)
+    return NextResponse.json(GENERIC_RESPONSE)
+  }
+
+  const token = generateToken()
+  const ttlHours = parseInt(process.env.MAGIC_LINK_TTL_HOURS || '72')
+  const expiresAt = new Date(Date.now() + ttlHours * 60 * 60 * 1000)
+
+  await pool.query(
+    `INSERT INTO pitch_magic_links (investor_id, token, expires_at) VALUES ($1, $2, $3)`,
+    [investor.id, token, expiresAt],
+  )
+
+  const baseUrl = process.env.PITCH_BASE_URL || 'https://pitch.breakpilot.ai'
+  const magicLinkUrl = `${baseUrl}/auth/verify?token=${token}`
+  await sendMagicLinkEmail(investor.email, investor.name, magicLinkUrl)
+
+  await logAudit(investor.id, 'request_link_sent', { email: normalizedEmail, expires_at: expiresAt.toISOString() }, request)
+
+  return NextResponse.json(GENERIC_RESPONSE)
+}
@@ -12,11 +12,12 @@ const SLIDE_DISPLAY_NAMES: Record<string, { de: string; en: string }> = {
  'cover': { de: 'Cover', en: 'Cover' },
  'problem': { de: 'Das Problem', en: 'The Problem' },
  'solution': { de: 'Die Lösung', en: 'The Solution' },
+  'usp': { de: 'USP', en: 'USP' },
  'product': { de: 'Produkte', en: 'Products' },
  'how-it-works': { de: 'So funktioniert\'s', en: 'How It Works' },
  'market': { de: 'Markt', en: 'Market' },
  'business-model': { de: 'Geschäftsmodell', en: 'Business Model' },
-  'traction': { de: 'Traction', en: 'Traction' },
+  'traction': { de: 'Meilensteine', en: 'Milestones' },
  'competition': { de: 'Wettbewerb', en: 'Competition' },
  'team': { de: 'Team', en: 'Team' },
  'financials': { de: 'Finanzen', en: 'Financials' },
@@ -51,7 +52,7 @@ Du hast Zugriff auf alle Unternehmensdaten und zitierst immer konkrete Zahlen.
 2. Das Problem: "Unternehmen stehen vor einem strategischen Dilemma: Ohne KI verlieren sie Wettbewerbsfähigkeit. Mit US-KI riskieren sie Datenkontrollverlust. Über 30.000 Unternehmen in DE durch EU-Regulierungen belastet."
 3. 12 Module: "Code Security (SAST/DAST/SBOM/Pentesting), CE-Software-Risikobeurteilung, Compliance-Dokumente (VVT/DSFA/TOMs), Audit Manager, DSR/Betroffenenrechte, Consent Management, Notfallpläne, Cookie-Generator, Compliance LLM, Academy, Integration in Kundenprozesse, Sichere Kommunikation."
 4. Code & CE: "Kontinuierlich statt einmal im Jahr. CE-Software-Risikobeurteilung auf Code-Basis schon in der Entwicklung. Findings als Tickets mit Implementierungsvorschlägen."
-5. EU-Infrastruktur: "BSI-zertifizierte Cloud in Deutschland oder OVH in Frankreich. 100% Datensouveränität. KEINE US-Anbieter. Isolierte Namespaces."
+5. EU-Infrastruktur: "BSI-zertifizierte Cloud in Deutschland oder Frankreich. 100% Datensouveränität. KEINE US-Anbieter. Isolierte Namespaces."
 6. Zielgruppen: "Maschinen- und Anlagenbauer, Automobilindustrie, Zulieferer und alle produzierenden Unternehmen."
 7. Geschäftsmodell: "SaaS, mitarbeiterbasiertes Pricing. Kunden zahlen ~40-50k EUR/Jahr und sparen 50-110k EUR (Pentests 30k, CE-Beurteilungen 20k, Auditmanager 60k+). ROI ab Tag 1."
 8. Team: "Skalierung 5→10→17→25→35 MA in 4 Jahren. 37% Engineering, 20% Sales, 9% CS, 9% Compliance/Legal, 9% Marketing. Compliance Consultant als erster Hire — Domain-Expertise vor Engineering."
@@ -68,9 +69,9 @@ Du hast Zugriff auf alle Unternehmensdaten und zitierst immer konkrete Zahlen.

 ## IP-Schutz-Layer (KRITISCH)
 NIEMALS offenbaren: Exakte Modellnamen, Frameworks, Code-Architektur, Datenbankschema, Sicherheitsdetails, Cloud-Provider.
-Stattdessen: "Proprietäre KI-Engine", "BSI-zertifizierte EU-Cloud (SysEleven, OVH, Hetzner)", "Isolierte Kunden-Namespaces", "Enterprise-Grade Verschlüsselung".
+Stattdessen: "Proprietäre KI-Engine", "BSI-zertifizierte EU-Cloud (SysEleven, Hetzner)", "Isolierte Kunden-Namespaces", "Enterprise-Grade Verschlüsselung".

-## Erlaubt: Geschäftsmodell, Preise, Marktdaten, Features, Team, Finanzen, Use of Funds, Hardware-Specs (öffentlich), LLM-Größen (32b/40b/1000b), CE-Risikobeurteilung, Jira-Integration, Meeting-Recorder, Matrix/Jitsi.
+## Erlaubt: Geschäftsmodell, Preise, Marktdaten, Features, Team, Finanzen, Use of Funds, Hardware-Specs (öffentlich), LLM-Größen (32b/40b/1000b), CE-Risikobeurteilung, Issue-Tracker-Integration, Meeting-Recorder, Matrix/Jitsi.

 ## Team-Antworten (WICHTIG)
 Wenn nach dem Team gefragt wird: IMMER die Namen, Rollen und Expertise der Gründer aus den bereitgestellten Daten nennen. NIEMALS vage Antworten wie "unser Team vereint Expertise" ohne Namen. Zitiere die konkreten Personen aus den Unternehmensdaten.
@@ -28,6 +28,30 @@ export async function POST(request: NextRequest) {

    const client = await pool.connect()
    try {
+      // Fast path: return cached results if they exist (avoid expensive recompute + 60 inserts)
+      const cached = await client.query(
+        'SELECT * FROM pitch_fm_results WHERE scenario_id = $1 ORDER BY month',
+        [scenarioId]
+      )
+      if (cached.rows.length > 0) {
+        const results = cached.rows
+        const lastResult = results[results.length - 1]
+        const breakEvenMonth = results.find(r => r.month > 1 && (r.revenue_eur - r.total_costs_eur) >= 0)?.month || null
+        return NextResponse.json({
+          scenario_id: scenarioId,
+          results,
+          summary: {
+            final_arr: lastResult.arr_eur,
+            final_customers: lastResult.total_customers,
+            break_even_month: breakEvenMonth,
+            final_runway: lastResult.runway_months,
+            final_ltv_cac: lastResult.ltv_cac_ratio,
+            peak_burn: Math.max(...results.map((r: Record<string, number>) => r.burn_rate_eur)),
+            total_funding_needed: Math.round(Math.abs(Math.min(...results.map((r: Record<string, number>) => r.cash_balance_eur), 0)) * 100) / 100,
+          },
+        })
+      }
+
      // Load assumptions
      const assumptionsRes = await client.query(
        'SELECT key, value, value_type FROM pitch_fm_assumptions WHERE scenario_id = $1',
@@ -150,19 +174,15 @@ export async function POST(request: NextRequest) {
        })
      }

-      // Save to DB (upsert)
+      // Save to DB (batch insert — single query instead of 60 individual inserts)
      await client.query('DELETE FROM pitch_fm_results WHERE scenario_id = $1', [scenarioId])
-      for (const r of results) {
-        await client.query(`
-          INSERT INTO pitch_fm_results (scenario_id, month, year, month_in_year,
-            new_customers, churned_customers, total_customers,
-            mrr_eur, arr_eur, revenue_eur,
-            cogs_eur, personnel_eur, infra_eur, marketing_eur, total_costs_eur,
-            employees_count, gross_margin_pct, burn_rate_eur, runway_months,
-            cac_eur, ltv_eur, ltv_cac_ratio,
-            cash_balance_eur, cumulative_revenue_eur)
-          VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24)
-        `, [
+      const cols = 'scenario_id, month, year, month_in_year, new_customers, churned_customers, total_customers, mrr_eur, arr_eur, revenue_eur, cogs_eur, personnel_eur, infra_eur, marketing_eur, total_costs_eur, employees_count, gross_margin_pct, burn_rate_eur, runway_months, cac_eur, ltv_eur, ltv_cac_ratio, cash_balance_eur, cumulative_revenue_eur'
+      const values: unknown[] = []
+      const placeholders: string[] = []
+      results.forEach((r, i) => {
+        const offset = i * 24
+        placeholders.push(`(${Array.from({length: 24}, (_, j) => `$${offset + j + 1}`).join(',')})`)
+        values.push(
          scenarioId, r.month, r.year, r.month_in_year,
          r.new_customers, r.churned_customers, r.total_customers,
          r.mrr_eur, r.arr_eur, r.revenue_eur,
@@ -170,8 +190,9 @@ export async function POST(request: NextRequest) {
          r.employees_count, r.gross_margin_pct, r.burn_rate_eur, r.runway_months,
          r.cac_eur, r.ltv_eur, r.ltv_cac_ratio,
          r.cash_balance_eur, r.cumulative_revenue_eur,
-        ])
-      }
+        )
+      })
+      await client.query(`INSERT INTO pitch_fm_results (${cols}) VALUES ${placeholders.join(',')}`, values)

      const lastResult = results[results.length - 1]
      return NextResponse.json({
@@ -1,6 +1,20 @@
 import { NextRequest, NextResponse } from 'next/server'

 const TTS_SERVICE_URL = process.env.TTS_SERVICE_URL || 'http://compliance-tts-service:8095'
+const LITELLM_URL = process.env.LITELLM_URL || 'https://llm-dev.meghsakha.com'
+const LITELLM_API_KEY = process.env.LITELLM_API_KEY || ''
+
+// English via OVH is opt-in (set OVH_TTS_URL_EN). German always uses the
+// compliance TTS service (Edge TTS de-DE-ConradNeural → Piper fallback).
+const OVH_EN = process.env.OVH_TTS_URL_EN
+  ? {
+      url: process.env.OVH_TTS_URL_EN,
+      voice: process.env.OVH_TTS_VOICE_EN || 'English-US.Female-1',
+      languageCode: 'en-US',
+    }
+  : null
+
+const SAMPLE_RATE_HZ = parseInt(process.env.OVH_TTS_SAMPLE_RATE || '16000', 10)

 export async function POST(request: NextRequest) {
  try {
@@ -11,6 +25,57 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ error: 'Text is required' }, { status: 400 })
    }

+    if (language === 'en' && OVH_EN) {
+      return await synthesizeViaOvh(text, OVH_EN)
+    }
+
+    return await synthesizeViaComplianceService(text, language)
+  } catch (error) {
+    console.error('TTS proxy error:', error)
+    return NextResponse.json({ error: 'TTS service not reachable' }, { status: 503 })
+  }
+}
+
+async function synthesizeViaOvh(
+  text: string,
+  cfg: { url: string; voice: string; languageCode: string },
+): Promise<NextResponse> {
+  const res = await fetch(cfg.url, {
+    method: 'POST',
+    headers: {
+      accept: 'application/octet-stream',
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${LITELLM_API_KEY}`,
+    },
+    body: JSON.stringify({
+      encoding: 1, // LINEAR_PCM
+      language_code: cfg.languageCode,
+      sample_rate_hz: SAMPLE_RATE_HZ,
+      text,
+      voice_name: cfg.voice,
+    }),
+    signal: AbortSignal.timeout(30000),
+  })
+
+  if (!res.ok) {
+    const errorText = await res.text().catch(() => '')
+    console.error('OVH TTS error:', res.status, errorText.slice(0, 500))
+    return NextResponse.json({ error: `OVH TTS error (${res.status})` }, { status: 502 })
+  }
+
+  const pcm = Buffer.from(await res.arrayBuffer())
+  const wav = pcm.subarray(0, 4).toString('ascii') === 'RIFF' ? pcm : wrapPcmAsWav(pcm, SAMPLE_RATE_HZ)
+
+  return new NextResponse(new Uint8Array(wav), {
+    headers: {
+      'Content-Type': 'audio/wav',
+      'Cache-Control': 'public, max-age=86400',
+      'X-TTS-Source': 'ovh',
+    },
+  })
+}
+
+async function synthesizeViaComplianceService(text: string, language: string): Promise<NextResponse> {
  const res = await fetch(`${TTS_SERVICE_URL}/synthesize-direct`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
@@ -19,28 +84,45 @@ export async function POST(request: NextRequest) {
  })

  if (!res.ok) {
-      const errorText = await res.text()
-      console.error('TTS service error:', res.status, errorText)
-      return NextResponse.json(
-        { error: `TTS service error (${res.status})` },
-        { status: 502 }
-      )
+    const errorText = await res.text().catch(() => '')
+    console.error('TTS service error:', res.status, errorText.slice(0, 500))
+    return NextResponse.json({ error: `TTS service error (${res.status})` }, { status: 502 })
  }

  const audioBuffer = await res.arrayBuffer()
-
  return new NextResponse(audioBuffer, {
    headers: {
      'Content-Type': 'audio/mpeg',
-        'Cache-Control': 'public, max-age=86400', // Cache 24h — texts are static
+      'Cache-Control': 'public, max-age=86400',
      'X-TTS-Cache': res.headers.get('X-TTS-Cache') || 'unknown',
+      'X-TTS-Source': 'compliance',
    },
  })
-  } catch (error) {
-    console.error('TTS proxy error:', error)
-    return NextResponse.json(
-      { error: 'TTS service not reachable' },
-      { status: 503 }
-    )
 }
+
+// Prepend a minimal 44-byte WAV header to raw 16-bit mono PCM.
+// Used only for OVH EN if enabled — OVH Riva returns bare PCM samples.
+function wrapPcmAsWav(pcm: Buffer, sampleRateHz: number): Buffer {
+  const numChannels = 1
+  const bitsPerSample = 16
+  const byteRate = (sampleRateHz * numChannels * bitsPerSample) / 8
+  const blockAlign = (numChannels * bitsPerSample) / 8
+  const dataSize = pcm.length
+
+  const header = Buffer.alloc(44)
+  header.write('RIFF', 0)
+  header.writeUInt32LE(36 + dataSize, 4)
+  header.write('WAVE', 8)
+  header.write('fmt ', 12)
+  header.writeUInt32LE(16, 16)
+  header.writeUInt16LE(1, 20)
+  header.writeUInt16LE(numChannels, 22)
+  header.writeUInt32LE(sampleRateHz, 24)
+  header.writeUInt32LE(byteRate, 28)
+  header.writeUInt16LE(blockAlign, 32)
+  header.writeUInt16LE(bitsPerSample, 34)
+  header.write('data', 36)
+  header.writeUInt32LE(dataSize, 40)
+
+  return Buffer.concat([header, pcm])
 }
@@ -13,6 +13,15 @@ export async function GET(request: NextRequest, ctx: Ctx) {

  const { versionId } = await ctx.params

+  // Load version metadata
+  const ver = await pool.query(
+    `SELECT name, status FROM pitch_versions WHERE id = $1`,
+    [versionId],
+  )
+  if (ver.rows.length === 0) {
+    return NextResponse.json({ error: 'Version not found' }, { status: 404 })
+  }
+
  // Load version data
  const { rows } = await pool.query(
    `SELECT table_name, data FROM pitch_version_data WHERE version_id = $1`,
@@ -20,7 +29,7 @@ export async function GET(request: NextRequest, ctx: Ctx) {
  )

  if (rows.length === 0) {
-    return NextResponse.json({ error: 'Version not found or has no data' }, { status: 404 })
+    return NextResponse.json({ error: 'Version has no data' }, { status: 404 })
  }

  const map: Record<string, unknown[]> = {}
@@ -28,7 +37,7 @@ export async function GET(request: NextRequest, ctx: Ctx) {
    map[row.table_name] = typeof row.data === 'string' ? JSON.parse(row.data) : row.data
  }

-  // Return PitchData format
+  // Return PitchData format + version metadata
  return NextResponse.json({
    company: (map.company || [])[0] || null,
    team: map.team || [],
@@ -40,5 +49,8 @@ export async function GET(request: NextRequest, ctx: Ctx) {
    metrics: map.metrics || [],
    funding: (map.funding || [])[0] || null,
    products: map.products || [],
+    fm_scenarios: map.fm_scenarios || [],
+    fm_assumptions: map.fm_assumptions || [],
+    _version: { name: ver.rows[0].name, status: ver.rows[0].status },
  })
 }
@@ -1,8 +1,43 @@
 'use client'

 import { motion } from 'framer-motion'
+import { useState, FormEvent } from 'react'
+
+type Status = 'idle' | 'submitting' | 'sent' | 'error'

 export default function AuthPage() {
+  const [email, setEmail] = useState('')
+  const [status, setStatus] = useState<Status>('idle')
+  const [message, setMessage] = useState<string | null>(null)
+
+  async function handleSubmit(e: FormEvent) {
+    e.preventDefault()
+    if (!email.trim()) return
+
+    setStatus('submitting')
+    setMessage(null)
+
+    try {
+      const res = await fetch('/api/auth/request-link', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email: email.trim() }),
+      })
+      const data = await res.json().catch(() => ({}))
+
+      if (res.ok) {
+        setStatus('sent')
+        setMessage(data.message || 'If this email was invited, a fresh access link has been sent.')
+      } else {
+        setStatus('error')
+        setMessage(data.error || 'Something went wrong. Please try again.')
+      }
+    } catch {
+      setStatus('error')
+      setMessage('Network error. Please try again.')
+    }
+  }
+
  return (
    <div className="h-screen flex items-center justify-center bg-[#0a0a1a] relative overflow-hidden">
      {/* Background gradient */}
@@ -35,9 +70,44 @@ export default function AuthPage() {

          <p className="text-white/50 text-sm leading-relaxed mb-6">
            This interactive pitch deck is available by invitation only.
-            Please check your email for an access link.
+            If you were invited, enter your email below and we&apos;ll send you a fresh access link.
          </p>

+          {status === 'sent' ? (
+            <div className="text-left bg-indigo-500/10 border border-indigo-500/20 rounded-lg p-4 mb-5">
+              <p className="text-indigo-200/90 text-sm leading-relaxed">
+                {message}
+              </p>
+            </div>
+          ) : (
+            <form onSubmit={handleSubmit} className="text-left mb-5">
+              <label htmlFor="email" className="block text-white/60 text-xs mb-2 uppercase tracking-wide">
+                Email address
+              </label>
+              <input
+                id="email"
+                type="email"
+                required
+                autoComplete="email"
+                value={email}
+                onChange={(e) => setEmail(e.target.value)}
+                disabled={status === 'submitting'}
+                placeholder="you@example.com"
+                className="w-full bg-white/[0.04] border border-white/[0.08] rounded-lg px-4 py-3 text-white/90 text-sm placeholder:text-white/20 focus:outline-none focus:border-indigo-400/50 focus:bg-white/[0.06] transition-colors disabled:opacity-50"
+              />
+              {status === 'error' && message && (
+                <p className="mt-2 text-rose-300/80 text-xs">{message}</p>
+              )}
+              <button
+                type="submit"
+                disabled={status === 'submitting' || !email.trim()}
+                className="w-full mt-4 bg-gradient-to-br from-indigo-500 to-purple-500 hover:from-indigo-400 hover:to-purple-400 disabled:opacity-40 disabled:cursor-not-allowed text-white text-sm font-medium rounded-lg px-4 py-3 transition-all"
+              >
+                {status === 'submitting' ? 'Sending…' : 'Send access link'}
+              </button>
+            </form>
+          )}
+
          <div className="border-t border-white/[0.06] pt-5">
            <p className="text-white/30 text-xs">
              Questions? Contact us at{' '}
@@ -21,6 +21,13 @@ function VerifyContent() {

    async function verify() {
      try {
+        // If the investor already has a valid session, skip token verification
+        const sessionCheck = await fetch('/api/auth/me')
+        if (sessionCheck.ok) {
+          router.push('/')
+          return
+        }
+
        const res = await fetch('/api/auth/verify', {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
@@ -1,18 +1,25 @@
 'use client'

-import { useState } from 'react'
+import { useState, useMemo } from 'react'
 import { useRouter } from 'next/navigation'
 import Link from 'next/link'
-import { ArrowLeft } from 'lucide-react'
+import { ArrowLeft, Eye, Send } from 'lucide-react'
+import { DEFAULT_MESSAGE, DEFAULT_CLOSING, getDefaultGreeting } from '@/lib/email-templates'

 export default function NewInvestorPage() {
  const router = useRouter()
  const [email, setEmail] = useState('')
  const [name, setName] = useState('')
  const [company, setCompany] = useState('')
+  const [greeting, setGreeting] = useState('')
+  const [message, setMessage] = useState(DEFAULT_MESSAGE)
+  const [closing, setClosing] = useState(DEFAULT_CLOSING)
  const [error, setError] = useState('')
  const [submitting, setSubmitting] = useState(false)

+  const effectiveGreeting = greeting || getDefaultGreeting(name || null)
+  const ttl = process.env.NEXT_PUBLIC_MAGIC_LINK_TTL_HOURS || '72'
+
  async function handleSubmit(e: React.FormEvent) {
    e.preventDefault()
    setError('')
@@ -21,7 +28,14 @@ export default function NewInvestorPage() {
      const res = await fetch('/api/admin/invite', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email, name, company }),
+        body: JSON.stringify({
+          email,
+          name,
+          company,
+          greeting: effectiveGreeting,
+          message,
+          closing,
+        }),
      })
      if (res.ok) {
        router.push('/pitch-admin/investors')
@@ -37,8 +51,10 @@ export default function NewInvestorPage() {
    }
  }

+  const closingHtml = useMemo(() => closing.replace(/\n/g, '<br>'), [closing])
+
  return (
-    <div className="max-w-xl">
+    <div className="max-w-5xl">
      <Link
        href="/pitch-admin/investors"
        className="inline-flex items-center gap-2 text-sm text-white/50 hover:text-white/80 mb-6"
@@ -46,15 +62,18 @@ export default function NewInvestorPage() {
        <ArrowLeft className="w-4 h-4" /> Back to investors
      </Link>

-      <h1 className="text-2xl font-semibold text-white mb-2">Invite Investor</h1>
+      <h1 className="text-2xl font-semibold text-white mb-2">Investor einladen</h1>
      <p className="text-sm text-white/50 mb-6">
-        A magic link will be emailed. Single-use, expires in {process.env.NEXT_PUBLIC_MAGIC_LINK_TTL_HOURS || '72'}h.
+        Der Investor erhaelt eine Email mit einem persoenlichen Magic Link (einmalig, verfaellt nach {ttl}h).
      </p>

+      <div className="grid lg:grid-cols-2 gap-6">
+        {/* Left: Form */}
        <form
          onSubmit={handleSubmit}
-        className="bg-white/[0.04] border border-white/[0.08] rounded-2xl p-6 space-y-4"
+          className="bg-white/[0.04] border border-white/[0.08] rounded-2xl p-6 space-y-4 self-start"
        >
+          {/* Email */}
          <div>
            <label htmlFor="email" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
              Email <span className="text-rose-400">*</span>
@@ -66,27 +85,30 @@ export default function NewInvestorPage() {
              onChange={(e) => setEmail(e.target.value)}
              required
              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:ring-2 focus:ring-indigo-500/40"
-            placeholder="jane@vc.com"
+              placeholder="investor@example.com"
            />
          </div>

+          {/* Name */}
          <div>
            <label htmlFor="name" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
-            Name
+              Name <span className="text-rose-400">*</span>
            </label>
            <input
              id="name"
              type="text"
              value={name}
              onChange={(e) => setName(e.target.value)}
+              required
              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:ring-2 focus:ring-indigo-500/40"
-            placeholder="Jane Doe"
+              placeholder="Dr. Max Mustermann"
            />
          </div>

+          {/* Company (optional) */}
          <div>
            <label htmlFor="company" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
-            Company
+              Unternehmen <span className="text-white/30 text-[10px] normal-case">(optional)</span>
            </label>
            <input
              id="company"
@@ -94,7 +116,53 @@ export default function NewInvestorPage() {
              value={company}
              onChange={(e) => setCompany(e.target.value)}
              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:ring-2 focus:ring-indigo-500/40"
-            placeholder="Acme Ventures"
+              placeholder="Muster Ventures GmbH"
+            />
+          </div>
+
+          <hr className="border-white/[0.06]" />
+
+          {/* Greeting */}
+          <div>
+            <label htmlFor="greeting" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
+              Anrede
+            </label>
+            <input
+              id="greeting"
+              type="text"
+              value={greeting}
+              onChange={(e) => setGreeting(e.target.value)}
+              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:ring-2 focus:ring-indigo-500/40"
+              placeholder={getDefaultGreeting(name || null)}
+            />
+            <p className="text-[10px] text-white/25 mt-1">Leer lassen fuer automatische Anrede basierend auf dem Namen</p>
+          </div>
+
+          {/* Message */}
+          <div>
+            <label htmlFor="message" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
+              Nachricht
+            </label>
+            <textarea
+              id="message"
+              value={message}
+              onChange={(e) => setMessage(e.target.value)}
+              rows={4}
+              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500/40 resize-y"
+            />
+          </div>
+
+          {/* Closing */}
+          <div>
+            <label htmlFor="closing" className="block text-xs font-medium text-white/60 uppercase tracking-wider mb-2">
+              Grussformel
+            </label>
+            <textarea
+              id="closing"
+              value={closing}
+              onChange={(e) => setClosing(e.target.value)}
+              rows={3}
+              className="w-full bg-black/30 border border-white/10 rounded-lg px-3 py-2.5 text-white text-sm focus:outline-none focus:ring-2 focus:ring-indigo-500/40 resize-y"
            />
          </div>

@@ -109,17 +177,88 @@ export default function NewInvestorPage() {
              href="/pitch-admin/investors"
              className="text-sm text-white/60 hover:text-white px-4 py-2"
            >
-            Cancel
+              Abbrechen
            </Link>
            <button
              type="submit"
              disabled={submitting}
-            className="bg-gradient-to-r from-indigo-500 to-purple-600 hover:from-indigo-600 hover:to-purple-700 text-white text-sm font-medium px-5 py-2.5 rounded-lg disabled:opacity-50 shadow-lg shadow-indigo-500/20"
+              className="inline-flex items-center gap-2 bg-gradient-to-r from-indigo-500 to-purple-600 hover:from-indigo-600 hover:to-purple-700 text-white text-sm font-medium px-5 py-2.5 rounded-lg disabled:opacity-50 shadow-lg shadow-indigo-500/20"
            >
-            {submitting ? 'Sending…' : 'Send invite'}
+              <Send className="w-4 h-4" />
+              {submitting ? 'Wird gesendet...' : 'Einladung senden'}
            </button>
          </div>
        </form>
+
+        {/* Right: Email Preview */}
+        <div className="self-start">
+          <div className="flex items-center gap-2 mb-3">
+            <Eye className="w-4 h-4 text-white/40" />
+            <h3 className="text-sm font-semibold text-white/60 uppercase tracking-wider">Email-Vorschau</h3>
+          </div>
+          <div className="bg-[#0a0a1a] border border-white/[0.08] rounded-2xl p-4 overflow-y-auto max-h-[80vh]">
+            {/* Email Card */}
+            <div className="bg-[#111127] border border-indigo-500/20 rounded-xl overflow-hidden">
+
+              {/* Header */}
+              <div className="px-6 pt-6 pb-3">
+                <p className="text-lg font-semibold text-[#e0e0ff]">BreakPilot ComplAI</p>
+                <p className="text-xs text-white/40 mt-1">Investor Pitch Deck</p>
+              </div>
+
+              {/* Body */}
+              <div className="px-6 py-3">
+                <p className="text-sm text-white/80 mb-3">{effectiveGreeting},</p>
+                <p className="text-sm text-white/70 leading-relaxed mb-4">{message}</p>
+
+                {/* Magic Link Box */}
+                <div className="bg-indigo-500/[0.08] border border-indigo-500/[0.15] rounded-lg p-3 mb-4">
+                  <p className="text-[10px] font-semibold text-indigo-400/80 uppercase tracking-wider mb-1">
+                    Ihr persoenlicher Zugangslink
+                  </p>
+                  <p className="text-xs text-white/50 leading-relaxed">
+                    Der untenstehende Link ist einmalig und verfaellt nach {ttl} Stunden. Er gewaehrt Ihnen exklusiven Zugang zu unserem interaktiven Pitch Deck — inklusive KI-Assistent fuer Ihre Fragen.
+                  </p>
+                </div>
+
+                {/* Button Preview */}
+                <div className="text-center mb-3">
+                  <span className="inline-block bg-gradient-to-r from-indigo-500 to-purple-600 text-white text-sm font-semibold px-8 py-2.5 rounded-lg">
+                    Pitch Deck oeffnen
+                  </span>
+                </div>
+
+                <p className="text-[10px] text-white/25 mb-4 break-all">
+                  Falls der Button nicht funktioniert: https://pitch.breakpilot.ai/auth/verify?token=...
+                </p>
+
+                {/* Closing */}
+                <p className="text-sm text-white/70 leading-relaxed" dangerouslySetInnerHTML={{ __html: closingHtml }} />
+              </div>
+
+              {/* Legal Footer */}
+              <div className="px-6 py-4 border-t border-white/[0.05]">
+                <p className="text-[9px] font-semibold text-white/30 uppercase tracking-wider mb-1">
+                  Vertraulichkeit &amp; Haftungsausschluss
+                </p>
+                <p className="text-[9px] text-white/[0.18] leading-relaxed mb-2">
+                  Dieses Pitch Deck ist vertraulich und wurde ausschliesslich fuer den namentlich eingeladenen Empfaenger erstellt. Durch das Oeffnen des Links erklaert sich der Empfaenger einverstanden: (a) Vertrauliche Behandlung, keine Weitergabe an Dritte. (b) Nutzung ausschliesslich zur Bewertung einer Beteiligung. (c) Vertraulichkeitspflicht fuer 3 Jahre.
+                </p>
+                <p className="text-[9px] text-white/[0.18] leading-relaxed mb-3">
+                  Kein Angebot, kein Prospekt. Planzahlen ohne Garantie. Totalverlustrisiko. Deutsches Recht, Gerichtsstand Konstanz.
+                </p>
+                <p className="text-[9px] font-semibold text-white/20 uppercase tracking-wider mb-1">
+                  Confidentiality &amp; Disclaimer
+                </p>
+                <p className="text-[9px] text-white/[0.13] leading-relaxed">
+                  Confidential. Purpose-limited. 3-year obligation. Not an offer. Projections only. Risk of total loss. German law, Konstanz jurisdiction.
+                </p>
+              </div>
+
+            </div>
+          </div>
+        </div>
+      </div>
    </div>
  )
 }
@@ -8,6 +8,7 @@ import PitchDeck from '@/components/PitchDeck'
 export default function PreviewPage() {
  const { versionId } = useParams<{ versionId: string }>()
  const [data, setData] = useState<PitchData | null>(null)
+  const [versionMeta, setVersionMeta] = useState<{ name: string; status: string } | null>(null)
  const [loading, setLoading] = useState(true)
  const [error, setError] = useState<string | null>(null)
  const [lang, setLang] = useState<Language>('de')
@@ -24,7 +25,13 @@ export default function PreviewPage() {
        if (!r.ok) throw new Error((await r.json().catch(() => ({}))).error || 'Failed to load')
        return r.json()
      })
-      .then(setData)
+      .then(d => {
+        if (d._version) {
+          setVersionMeta(d._version)
+          delete d._version
+        }
+        setData(d)
+      })
      .catch(e => setError(e.message))
      .finally(() => setLoading(false))
  }, [versionId])
@@ -57,8 +64,8 @@ export default function PreviewPage() {
  return (
    <div className="relative">
      {/* Preview banner */}
-      <div className="fixed top-0 left-0 right-0 z-[100] bg-amber-500/90 text-black text-center py-1.5 text-xs font-semibold">
-        PREVIEW MODE — This is how investors will see this version
+      <div className="fixed top-0 left-0 right-0 z-[100] bg-amber-500/90 text-black text-center py-1.5 text-xs font-semibold tracking-wide">
+        PREVIEW: {versionMeta?.name ?? 'Loading...'} — {versionMeta?.status === 'draft' ? 'Draft' : 'Committed'}
      </div>
      <PitchDeck
        lang={lang}
@@ -154,10 +154,11 @@ export default function ChatFAB({
    ttsAbortRef.current = controller

    try {
+      const textLang = /[äöüÄÖÜß]|(?:^|\s)(?:das|die|der|und|ist|wir|ein|für|mit|auf|von|den|des)\s/i.test(cleanText) ? 'de' : lang
      const res = await fetch('/api/presenter/tts', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ text: cleanText, language: lang }),
+        body: JSON.stringify({ text: cleanText, language: textLang }),
        signal: controller.signal,
      })
      if (!res.ok || controller.signal.aborted) return
@@ -286,10 +287,11 @@ export default function ChatFAB({
      }

      // If FAQ matched and has a goto_slide, add a GOTO marker to the response
-      if (faqMatch?.goto_slide) {
-        const gotoIdx = SLIDE_ORDER.indexOf(faqMatch.goto_slide)
+      const topMatch = faqMatches[0]
+      if (topMatch?.goto_slide) {
+        const gotoIdx = SLIDE_ORDER.indexOf(topMatch.goto_slide)
        if (gotoIdx >= 0) {
-          const suffix = `\n\n[GOTO:${faqMatch.goto_slide}]`
+          const suffix = `\n\n[GOTO:${topMatch.goto_slide}]`
          content += suffix
          setMessages(prev => {
            const updated = [...prev]
@@ -2,7 +2,7 @@

 import { useState, useCallback } from 'react'
 import { motion, AnimatePresence } from 'framer-motion'
-import { Menu, X, Maximize, Minimize, Bot } from 'lucide-react'
+import { Menu, X, Maximize, Minimize, Bot, Sun, Moon } from 'lucide-react'
 import { Language } from '@/lib/types'
 import { t } from '@/lib/i18n'

@@ -25,6 +25,15 @@ export default function NavigationFAB({
 }: NavigationFABProps) {
  const [isOpen, setIsOpen] = useState(false)
  const [isFullscreen, setIsFullscreen] = useState(false)
+  const [isLightMode, setIsLightMode] = useState(false)
+
+  const toggleTheme = useCallback(() => {
+    setIsLightMode(prev => {
+      const next = !prev
+      document.documentElement.classList.toggle('theme-light', next)
+      return next
+    })
+  }, [])
  const i = t(lang)

  const toggleFullscreen = useCallback(() => {
@@ -138,6 +147,23 @@ export default function NavigationFAB({
                </div>
              </button>

+              {/* Theme Toggle */}
+              <button
+                onClick={toggleTheme}
+                className="w-full flex items-center justify-between px-3 py-2 rounded-lg
+                  bg-white/[0.05] hover:bg-white/[0.1] transition-colors text-sm"
+              >
+                <span className="text-white/50">{lang === 'de' ? 'Modus' : 'Mode'}</span>
+                <div className="flex items-center gap-1">
+                  <span className={`px-2 py-0.5 rounded text-xs font-medium flex items-center gap-1 ${!isLightMode ? 'bg-indigo-500 text-white' : 'text-white/40'}`}>
+                    <Moon className="w-3 h-3" /> {lang === 'de' ? 'Nacht' : 'Dark'}
+                  </span>
+                  <span className={`px-2 py-0.5 rounded text-xs font-medium flex items-center gap-1 ${isLightMode ? 'bg-amber-500 text-white' : 'text-white/40'}`}>
+                    <Sun className="w-3 h-3" /> {lang === 'de' ? 'Tag' : 'Light'}
+                  </span>
+                </div>
+              </button>
+
              {/* Fullscreen */}
              <button
                onClick={toggleFullscreen}
@@ -1,6 +1,6 @@
 'use client'

-import { useCallback, useState } from 'react'
+import { useCallback, useEffect, useState } from 'react'
 import { AnimatePresence } from 'framer-motion'
 import { useSlideNavigation } from '@/lib/hooks/useSlideNavigation'
 import { useKeyboard } from '@/lib/hooks/useKeyboard'
@@ -41,6 +41,16 @@ import GTMSlide from './slides/GTMSlide'
 import RegulatorySlide from './slides/RegulatorySlide'
 import EngineeringSlide from './slides/EngineeringSlide'
 import AIPipelineSlide from './slides/AIPipelineSlide'
+import USPSlide from './slides/USPSlide'
+import DisclaimerSlide from './slides/DisclaimerSlide'
+import ExecutiveSummarySlide from './slides/ExecutiveSummarySlide'
+import RegulatoryLandscapeSlide from './slides/RegulatoryLandscapeSlide'
+import CapTableSlide from './slides/CapTableSlide'
+import SavingsSlide from './slides/SavingsSlide'
+import SDKDemoSlide from './slides/SDKDemoSlide'
+import StrategySlide from './slides/StrategySlide'
+import FinanzplanSlide from './slides/FinanzplanSlide'
+import GlossarySlide from './slides/GlossarySlide'

 interface PitchDeckProps {
  lang: Language
@@ -57,6 +67,23 @@ export default function PitchDeck({ lang, onToggleLanguage, investor, onLogout,
  const error = previewData ? null : fetched.error
  const nav = useSlideNavigation()
  const [fabOpen, setFabOpen] = useState(false)
+  const isWandeldarlehen = (data?.funding?.instrument || '').toLowerCase().includes('wandeldarlehen')
+
+  // For version previews: use the version's default FM scenario instead of base table default
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const fmScenarios = (previewData as any)?.fm_scenarios as Array<{ id: string; is_default?: boolean }> | undefined
+  const preferredScenarioId = fmScenarios?.[0]?.is_default
+    ? fmScenarios[0].id
+    : fmScenarios?.length === 1
+      ? fmScenarios[0].id
+      : null
+
+  // Skip cap-table slide for Wandeldarlehen versions
+  useEffect(() => {
+    if (nav.currentSlide === 'cap-table' && isWandeldarlehen) {
+      nav.nextSlide()
+    }
+  }, [nav.currentSlide, isWandeldarlehen, nav.nextSlide])

  const presenter = usePresenterMode({
    goToSlide: nav.goToSlide,
@@ -132,12 +159,18 @@ export default function PitchDeck({ lang, onToggleLanguage, investor, onLogout,
            isPresenting={presenter.state !== 'idle'}
          />
        )
+      case 'executive-summary':
+        return <ExecutiveSummarySlide lang={lang} data={data} investorId={investor?.id || null} preferredScenarioId={preferredScenarioId} />
      case 'cover':
        return <CoverSlide lang={lang} onNext={nav.nextSlide} funding={data.funding} />
      case 'problem':
        return <ProblemSlide lang={lang} />
      case 'solution':
        return <SolutionSlide lang={lang} />
+      case 'usp':
+        return <USPSlide lang={lang} />
+      case 'regulatory-landscape':
+        return <RegulatoryLandscapeSlide lang={lang} />
      case 'product':
        return <ProductSlide lang={lang} products={data.products} />
      case 'how-it-works':
@@ -145,7 +178,7 @@ export default function PitchDeck({ lang, onToggleLanguage, investor, onLogout,
      case 'market':
        return <MarketSlide lang={lang} market={data.market} />
      case 'business-model':
-        return <BusinessModelSlide lang={lang} products={data.products} />
+        return <BusinessModelSlide lang={lang} products={data.products} investorId={investor?.id || null} preferredScenarioId={preferredScenarioId} />
      case 'traction':
        return <TractionSlide lang={lang} milestones={data.milestones} metrics={data.metrics} />
      case 'competition':
@@ -153,13 +186,18 @@ export default function PitchDeck({ lang, onToggleLanguage, investor, onLogout,
      case 'team':
        return <TeamSlide lang={lang} team={data.team} />
      case 'financials':
-        return <FinancialsSlide lang={lang} investorId={investor?.id || null} />
+        return <FinancialsSlide lang={lang} investorId={investor?.id || null} preferredScenarioId={preferredScenarioId} />
      case 'the-ask':
        return <TheAskSlide lang={lang} funding={data.funding} />
+      case 'cap-table':
+        if (isWandeldarlehen) return null
+        return <CapTableSlide lang={lang} />
+      case 'customer-savings':
+        return <SavingsSlide lang={lang} />
      case 'ai-qa':
        return <AIQASlide lang={lang} />
      case 'annex-assumptions':
-        return <AssumptionsSlide lang={lang} />
+        return <AssumptionsSlide lang={lang} investorId={investor?.id || null} preferredScenarioId={preferredScenarioId} />
      case 'annex-architecture':
        return <ArchitectureSlide lang={lang} />
      case 'annex-gtm':
@@ -170,6 +208,16 @@ export default function PitchDeck({ lang, onToggleLanguage, investor, onLogout,
        return <EngineeringSlide lang={lang} />
      case 'annex-aipipeline':
        return <AIPipelineSlide lang={lang} />
+      case 'annex-sdk-demo':
+        return <SDKDemoSlide lang={lang} />
+      case 'annex-strategy':
+        return <StrategySlide lang={lang} />
+      case 'annex-finanzplan':
+        return <FinanzplanSlide lang={lang} investorId={investor?.id || null} preferredScenarioId={preferredScenarioId} />
+      case 'annex-glossary':
+        return <GlossarySlide lang={lang} />
+      case 'legal-disclaimer':
+        return <DisclaimerSlide lang={lang} />
      default:
        return null
    }
@@ -18,11 +18,14 @@ import {
  Activity,
  Shield,
  Cpu,
-  MessageSquare,
  Eye,
  Gauge,
  Network,
  Sparkles,
+  Scale,
+  BookOpen,
+  Gavel,
+  Globe,
 } from 'lucide-react'

 interface AIPipelineSlideProps {
@@ -37,10 +40,10 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
  const [activeTab, setActiveTab] = useState<PipelineTab>('rag')

  const heroStats = [
-    { value: '38+', label: de ? 'Indexierte Verordnungen' : 'Indexed Regulations', sub: 'DSGVO · AI Act · NIS2 · CRA · BDSG · DSA · ...', color: 'text-indigo-400' },
-    { value: '6.259', label: de ? 'Extrahierte Controls' : 'Extracted Controls', sub: de ? '79% Source-Match · 9 Verordnungen' : '79% source match · 9 regulations', color: 'text-purple-400' },
-    { value: '6', label: de ? 'Qdrant Collections' : 'Qdrant Collections', sub: de ? 'Legal Corpus · DSFA · Recht · Templates · ...' : 'Legal Corpus · DSFA · Law · Templates · ...', color: 'text-emerald-400' },
-    { value: '325+', label: de ? 'Abgeleitete Pflichten' : 'Derived Obligations', sub: de ? 'NIS2 · DSGVO · AI Act · CRA · ...' : 'NIS2 · GDPR · AI Act · CRA · ...', color: 'text-amber-400' },
+    { value: '75+', label: de ? 'Rechtsquellen' : 'Legal Sources', sub: de ? 'EU-Verordnungen · DACH-Gesetze · Frameworks' : 'EU regulations · DACH laws · Frameworks', color: 'text-indigo-400' },
+    { value: '70k+', label: de ? 'Unique Controls' : 'Unique Controls', sub: de ? 'Prüfbare Compliance-Anforderungen' : 'Auditable compliance requirements', color: 'text-purple-400' },
+    { value: '47k+', label: de ? 'Extrahierte Pflichten' : 'Extracted Obligations', sub: de ? 'Aus Gesetzestexten abgeleitet' : 'Derived from legal texts', color: 'text-emerald-400' },
+    { value: '6', label: de ? 'Pipeline-Versionen' : 'Pipeline Versions', sub: de ? 'Kontinuierliche Verbesserung' : 'Continuous improvement', color: 'text-amber-400' },
  ]

  const tabs: { id: PipelineTab; label: string; icon: typeof Brain }[] = [
@@ -49,59 +52,105 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
    { id: 'quality', label: de ? 'QA & Infrastruktur' : 'QA & Infrastructure', icon: Gauge },
  ]

-  // RAG Pipeline content
+  // Source categories for investors
+  const sourceCategories = [
+    {
+      icon: Globe,
+      color: 'text-blue-400',
+      bg: 'bg-blue-500/10 border-blue-500/20',
+      title: de ? 'EU-Verordnungen (~15)' : 'EU Regulations (~15)',
+      why: de
+        ? 'Bindende Vorgaben für alle EU-Unternehmen — Verstöße führen zu Bußgeldern bis 4% des Jahresumsatzes.'
+        : 'Binding requirements for all EU companies — violations lead to fines up to 4% of annual revenue.',
+      examples: 'DSGVO · AI Act · NIS2 · CRA · MiCA · DSA · Maschinenverordnung · Batterieverordnung',
+    },
+    {
+      icon: Scale,
+      color: 'text-purple-400',
+      bg: 'bg-purple-500/10 border-purple-500/20',
+      title: de ? 'DACH-Gesetze (~20)' : 'DACH Laws (~20)',
+      why: de
+        ? 'Nationale Umsetzungen und eigenständige Gesetze — oft strenger als EU-Mindeststandards.'
+        : 'National implementations and standalone laws — often stricter than EU minimum standards.',
+      examples: 'BDSG · TKG · GwG · HGB · BGB · UrhG · GewO · KRITIS-DachG · AT ABGB · AT KSchG',
+    },
+    {
+      icon: BookOpen,
+      color: 'text-emerald-400',
+      bg: 'bg-emerald-500/10 border-emerald-500/20',
+      title: de ? 'Frameworks & Standards (~15)' : 'Frameworks & Standards (~15)',
+      why: de
+        ? 'Branchenstandards definieren den Stand der Technik — Aufsichtsbehoerden erwarten deren Einhaltung.'
+        : 'Industry standards define state of the art — regulators expect compliance with them.',
+      examples: 'NIST 800-53 · OWASP ASVS · OWASP SAMM · ENISA ICS · NIST Zero Trust · CISA Secure by Design',
+    },
+    {
+      icon: Gavel,
+      color: 'text-amber-400',
+      bg: 'bg-amber-500/10 border-amber-500/20',
+      title: de ? 'DSFA-Leitlinien & Urteile' : 'DPIA Guidelines & Rulings',
+      why: de
+        ? 'Urteile zeigen wie Gerichte Gesetze auslegen — entscheidend für präzise Compliance-Beratung statt generischer Antworten.'
+        : 'Court rulings show how laws are interpreted — critical for precise compliance advice instead of generic answers.',
+      examples: de
+        ? '16 Bundesländer DSFA-Leitlinien · BAG-Urteile · Datenschutzkonferenz-Beschlüsse'
+        : '16 federal state DPIA guidelines · Labor court rulings · Data protection conference decisions',
+    },
+  ]
+
+  // RAG Pipeline steps
  const ragPipelineSteps = [
    {
      icon: FileText,
      color: 'text-blue-400',
      bg: 'bg-blue-500/10 border-blue-500/20',
-      title: de ? '1. Ingestion & QA' : '1. Ingestion & QA',
+      title: de ? '1. Dokument-Ingestion' : '1. Document Ingestion',
      items: de
-        ? ['110+ Verordnungen und Gesetze (EU + DACH)', 'Strukturelles Chunking an Artikel/Absatz-Grenzen', '25.000+ extrahierte Prüfaspekte', 'Deduplizierung + Cross-Regulation Harmonisierung']
-        : ['110+ laws and regulations (EU + DACH)', 'Structural chunking at article/paragraph boundaries', '25,000+ extracted audit aspects', 'Deduplication + cross-regulation harmonization'],
+        ? ['75+ Rechtsquellen aus EU, Deutschland und Österreich', 'Strukturelles Chunking an Artikel- und Absatz-Grenzen', 'Automatische Lizenz-Klassifikation (frei / Zitat / geschützt)', 'Geschützte Normen (ISO, BSI) werden vollständig reformuliert']
+        : ['75+ legal sources from EU, Germany and Austria', 'Structural chunking at article and paragraph boundaries', 'Automatic license classification (free / citation / restricted)', 'Protected standards (ISO, BSI) are fully reformulated'],
    },
    {
      icon: Cpu,
      color: 'text-purple-400',
      bg: 'bg-purple-500/10 border-purple-500/20',
-      title: de ? '2. Embedding & LLM' : '2. Embedding & LLM',
+      title: de ? '2. Control-Extraktion' : '2. Control Extraction',
      items: de
-        ? ['BGE-M3 Multilingual (1024-dim, lokal)', '120B LLM auf OVH (via LiteLLM, OpenAI-kompatibel)', '1000B LLM auf SysEleven (BSI-zertifiziert)', 'CrossEncoder Re-Ranking + HyDE']
-        : ['BGE-M3 multilingual (1024-dim, local)', '120B LLM on OVH (via LiteLLM, OpenAI-compatible)', '1000B LLM on SysEleven (BSI-certified)', 'CrossEncoder re-ranking + HyDE'],
+        ? ['LLM extrahiert Pflichten und Anforderungen aus jedem Textabschnitt', '6 Pipeline-Versionen mit kontinuierlicher Qualitätsverbesserung', 'Obligation Extraction: 47.000+ einzelne Pflichten identifiziert', 'Atomic Control Composition: Pflichten werden zu prüfbaren Controls']
+        : ['LLM extracts obligations and requirements from each text section', '6 pipeline versions with continuous quality improvement', 'Obligation extraction: 47,000+ individual duties identified', 'Atomic control composition: duties become auditable controls'],
    },
    {
      icon: Database,
      color: 'text-emerald-400',
      bg: 'bg-emerald-500/10 border-emerald-500/20',
-      title: de ? '3. Vektorspeicher' : '3. Vector Store',
+      title: de ? '3. Deduplizierung & Speicherung' : '3. Deduplication & Storage',
      items: de
-        ? ['Qdrant Vector DB (Hetzner, API-Key gesichert)', '6 Collections: CE, Recht, Gesetze, Datenschutz, DSFA, Templates', 'MinIO Object Storage (Hetzner, S3-kompatibel, TLS)', '25.000+ Prüfaspekte · 110 Gesetze & Regularien · abgeleitete Pflichten']
-        : ['Qdrant Vector DB (Hetzner, API-key secured)', '6 Collections: CE, Law, Statutes, Privacy, DSFA, Templates', 'MinIO object storage (Hetzner, S3-compatible, TLS)', '25,000+ audit aspects · 110 laws & regulations · derived obligations'],
+        ? ['97.000 generierte Controls → 70.000+ nach Deduplizierung', 'Embedding-basierte Ähnlichkeitserkennung (Cosine Similarity)', 'Cross-Regulation Harmonisierung: gleiche Pflicht aus verschiedenen Gesetzen wird zusammengeführt', 'Ziel: 25.000–50.000 atomare Master Controls']
+        : ['97,000 generated controls → 70,000+ after deduplication', 'Embedding-based similarity detection (cosine similarity)', 'Cross-regulation harmonization: same obligation from different laws is merged', 'Target: 25,000–50,000 atomic master controls'],
    },
    {
      icon: Search,
      color: 'text-indigo-400',
      bg: 'bg-indigo-500/10 border-indigo-500/20',
-      title: de ? '4. Hybrid Search' : '4. Hybrid Search',
+      title: de ? '4. Hybrid Search & Beratung' : '4. Hybrid Search & Advisory',
      items: de
-        ? ['Multi-Collection-Suche mit Whitelist-Validierung', 'Deutsche Komposita-Zerlegung', 'Cross-Encoder Re-Ranking der Top-K Ergebnisse', 'Quellen-Attribution mit Artikel/Absatz-Referenz']
-        : ['Multi-collection search with whitelist validation', 'German compound word decomposition', 'Cross-encoder re-ranking of top-K results', 'Source attribution with article/paragraph reference'],
+        ? ['Vektorsuche + Keyword-Suche über alle Rechtsquellen gleichzeitig', 'Cross-Encoder Re-Ranking für präzise Relevanz-Sortierung', 'Quellen-Attribution: Jede Antwort verweist auf Artikel und Absatz', 'Der Compliance-Agent antwortet mit Rechtsgrundlage — nicht mit Vermutungen']
+        : ['Vector search + keyword search across all legal sources simultaneously', 'Cross-encoder re-ranking for precise relevance sorting', 'Source attribution: Every answer references article and paragraph', 'The compliance agent answers with legal basis — not guesswork'],
    },
  ]

  // Multi-Agent System content — UCCA + Policy Engine
  const agents = [
    { name: 'UCCA', soul: de ? 'Use-Case Compliance' : 'Use-Case Compliance', desc: de ? 'Policy Engine (45 Regeln) + Eskalation E0–E3' : 'Policy engine (45 rules) + escalation E0–E3', color: 'text-indigo-400' },
-    { name: de ? 'Pflichten-Engine' : 'Obligations Engine', soul: de ? 'abgeleitete Pflichten' : 'derived obligations', desc: de ? 'Multi-Regulation: NIS2, DSGVO, AI Act, CRA, ...' : 'Multi-regulation: NIS2, GDPR, AI Act, CRA, ...', color: 'text-emerald-400' },
-    { name: de ? 'Compliance-Berater' : 'Compliance Advisor', soul: de ? 'Legal RAG + LLM' : 'Legal RAG + LLM', desc: de ? 'Wizard-basierter Chatbot mit Qdrant-Kontext' : 'Wizard-based chatbot with Qdrant context', color: 'text-purple-400' },
-    { name: de ? 'Dokument-Generator' : 'Document Generator', soul: de ? '20 Templates' : '20 templates', desc: de ? 'AGB, DSE, AV-Vertrag, Widerruf + 16 weitere' : 'T&C, Privacy Policy, DPA, Withdrawal + 16 more', color: 'text-amber-400' },
-    { name: de ? 'DSFA-Agent' : 'DSFA Agent', soul: de ? 'Art. 35 DSGVO' : 'Art. 35 GDPR', desc: de ? 'Risikobewertung mit Legal Context Injection' : 'Risk assessment with legal context injection', color: 'text-red-400' },
-    { name: de ? 'Schulungs-Engine' : 'Training Engine', soul: de ? 'Academy + TTS' : 'Academy + TTS', desc: de ? '28 Module · Piper TTS · Automatische Videos' : '28 modules · Piper TTS · Automatic videos', color: 'text-blue-400' },
+    { name: de ? 'Pflichten-Engine' : 'Obligations Engine', soul: de ? '47.000+ Pflichten' : '47,000+ obligations', desc: de ? 'Multi-Regulation: NIS2, DSGVO, AI Act, CRA, ...' : 'Multi-regulation: NIS2, GDPR, AI Act, CRA, ...', color: 'text-emerald-400' },
+    { name: de ? 'Compliance-Berater' : 'Compliance Advisor', soul: de ? 'Legal RAG + LLM' : 'Legal RAG + LLM', desc: de ? 'Chatbot mit 75+ Rechtsquellen als Wissenbasis' : 'Chatbot with 75+ legal sources as knowledge base', color: 'text-purple-400' },
+    { name: de ? 'Dokument-Generator' : 'Document Generator', soul: de ? '7+ Templates' : '7+ templates', desc: de ? 'AGB, DSE, AV-Vertrag, DSFA, FRIA, BV + weitere' : 'T&C, Privacy Policy, DPA, DPIA, FRIA, Works Agreement + more', color: 'text-amber-400' },
+    { name: de ? 'DSFA-Agent' : 'DPIA Agent', soul: de ? 'Art. 35 DSGVO' : 'Art. 35 GDPR', desc: de ? 'Risikobewertung mit 16 Bundesländer-Leitlinien' : 'Risk assessment with 16 federal state guidelines', color: 'text-red-400' },
+    { name: de ? 'Control-Pipeline' : 'Control Pipeline', soul: de ? '70.000+ Controls' : '70,000+ controls', desc: de ? 'Automatische Extraktion aus neuen Rechtsquellen' : 'Automatic extraction from new legal sources', color: 'text-blue-400' },
  ]

  const agentInfra = [
    { icon: Shield, label: de ? 'Policy Engine' : 'Policy Engine', desc: de ? 'Deterministisch · LLM ist NICHT Wahrheitsquelle' : 'Deterministic · LLM is NOT source of truth' },
-    { icon: Brain, label: de ? 'LLM-Schicht' : 'LLM Layer', desc: de ? '120B (OVH) + 1000B (SysEleven BSI) · EU-only' : '120B (OVH) + 1000B (SysEleven BSI) · EU-only' },
+    { icon: Brain, label: de ? 'LLM-Schicht' : 'LLM Layer', desc: de ? 'Claude + lokale Modelle · EU-only Hosting' : 'Claude + local models · EU-only hosting' },
    { icon: Network, label: 'LiteLLM Gateway', desc: de ? 'OpenAI-kompatibel · Multi-Provider Routing' : 'OpenAI-compatible · Multi-provider routing' },
    { icon: Activity, label: de ? 'Eskalation E0–E3' : 'Escalation E0–E3', desc: de ? 'Auto-Approve → Team-Lead → DSB → DSB+Legal' : 'Auto-approve → Team lead → DPO → DPO+Legal' },
  ]
@@ -113,32 +162,32 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
      color: 'text-emerald-400',
      title: de ? 'Control Quality Pipeline' : 'Control Quality Pipeline',
      items: de
-        ? ['6.259 Controls extrahiert (79% Source-Match)', '3.301 Duplikate entfernt (Phase 5 Normalisierung)', '90+ QA-Skripte: Deduplizierung, Match-Validierung', 'Canonical Controls JSON-Schema-Validierung in CI']
-        : ['6,259 controls extracted (79% source match)', '3,301 duplicates removed (Phase 5 normalization)', '90+ QA scripts: deduplication, match validation', 'Canonical Controls JSON schema validation in CI'],
+        ? ['97.000 Controls generiert, 70.000+ nach Deduplizierung', '6 Pipeline-Versionen mit steigender Extraktionsqualität', 'Automatische Lizenz-Prüfung: geschützte Normen werden reformuliert', 'Jeder Control hat Quellen-Referenz auf Artikel und Absatz']
+        : ['97,000 controls generated, 70,000+ after deduplication', '6 pipeline versions with increasing extraction quality', 'Automatic license check: protected standards are reformulated', 'Every control has source reference to article and paragraph'],
    },
    {
      icon: Eye,
      color: 'text-indigo-400',
-      title: de ? 'RAG Quality & Monitoring' : 'RAG Quality & Monitoring',
+      title: de ? 'Kontinuierliche Erweiterung' : 'Continuous Expansion',
      items: de
-        ? ['PDF-QA-Pipeline: 86% Artikel-Extraktion', 'Multi-Collection-Whitelist-Validierung', 'Qdrant-Deduplizierung: 8-Stufen-Bereinigung', 'Fallback-Handling: RAG-Fehler brechen nie Hauptfunktion']
-        : ['PDF QA pipeline: 86% article extraction', 'Multi-collection whitelist validation', 'Qdrant deduplication: 8-step cleanup', 'Fallback handling: RAG failures never break main function'],
+        ? ['Neue Gesetze werden automatisch ingestiert und verarbeitet', 'Pipeline erkennt Überschneidungen mit bestehenden Controls', 'Cross-Regulation Mapping: gleiche Pflicht aus DSGVO und BDSG wird verknuepft', 'Wachsender Wissensvorsprung gegenüber manueller Compliance-Beratung']
+        : ['New laws are automatically ingested and processed', 'Pipeline detects overlaps with existing controls', 'Cross-regulation mapping: same obligation from GDPR and BDSG is linked', 'Growing knowledge advantage over manual compliance consulting'],
    },
    {
      icon: Sparkles,
      color: 'text-purple-400',
      title: de ? 'CI/CD & Testing' : 'CI/CD & Testing',
      items: de
-        ? ['Gitea Actions: Lint → Tests → Validierung bei jedem Push', 'Go-Tests (AI SDK) + Python-Tests (Backend + Crawler + Gateway)', 'Coolify Auto-Deploy mit Health-Check-Monitoring', 'arm64 → amd64 Cross-Build fuer Hetzner Production']
-        : ['Gitea Actions: Lint → Tests → Validation on every push', 'Go tests (AI SDK) + Python tests (Backend + Crawler + Gateway)', 'Coolify auto-deploy with health check monitoring', 'arm64 → amd64 cross-build for Hetzner production'],
+        ? ['Gitea Actions: Lint → Tests → Validierung bei jedem Push', 'Go-Tests (AI SDK) + Python-Tests (Backend + Pipeline)', 'Coolify Auto-Deploy mit Health-Check-Monitoring', 'arm64 → amd64 Cross-Build für Hetzner Production']
+        : ['Gitea Actions: Lint → Tests → Validation on every push', 'Go tests (AI SDK) + Python tests (Backend + Pipeline)', 'Coolify auto-deploy with health check monitoring', 'arm64 → amd64 cross-build for Hetzner production'],
    },
    {
      icon: Zap,
      color: 'text-amber-400',
-      title: de ? 'LLM-Infrastruktur' : 'LLM Infrastructure',
+      title: de ? 'Infrastruktur' : 'Infrastructure',
      items: de
-        ? ['120B Modell auf OVH via LiteLLM (OpenAI-kompatibel)', '1000B Modell auf SysEleven (BSI-zertifiziert)', 'Isolierte Namespaces pro Kunde · Keine US-Provider', 'BGE-M3 Embedding lokal · Lazy Model Loading']
-        : ['120B model on OVH via LiteLLM (OpenAI-compatible)', '1000B model on SysEleven (BSI-certified)', 'Isolated namespaces per customer · No US providers', 'BGE-M3 embedding local · Lazy model loading'],
+        ? ['Qdrant Vektordatenbank für semantische Suche', 'BGE-M3 Multilingual Embedding (lokal gehostet)', 'MinIO Object Storage (S3-kompatibel, TLS-verschlüsselt)', '100% EU-Cloud · Keine US-Provider · BSI-konforme Hosting-Partner']
+        : ['Qdrant vector database for semantic search', 'BGE-M3 multilingual embedding (locally hosted)', 'MinIO object storage (S3-compatible, TLS-encrypted)', '100% EU cloud · No US providers · BSI-compliant hosting partners'],
    },
  ]

@@ -179,7 +228,7 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
                className={`flex items-center gap-2 px-4 py-2 rounded-xl text-sm transition-all
                  ${activeTab === tab.id
                    ? 'bg-indigo-500/20 text-indigo-300 border border-indigo-500/30'
-                    : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06]'
+                    : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06] animate-[pulse_3s_ease-in-out_infinite]'
                  }`}
              >
                <Icon className="w-4 h-4" />
@@ -194,15 +243,32 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
      <FadeInView delay={0.2} key={activeTab}>
        {activeTab === 'rag' && (
          <div>
+            {/* Source Categories — Why each matters */}
+            <div className="grid md:grid-cols-2 gap-2 mb-4">
+              {sourceCategories.map((cat, idx) => {
+                const Icon = cat.icon
+                return (
+                  <div key={idx} className={`border rounded-xl p-2.5 ${cat.bg}`}>
+                    <div className="flex items-center gap-2 mb-1.5">
+                      <Icon className={`w-4 h-4 ${cat.color}`} />
+                      <h3 className="text-xs font-bold text-white">{cat.title}</h3>
+                    </div>
+                    <p className="text-[10px] text-white/50 mb-1.5 leading-relaxed">{cat.why}</p>
+                    <p className="text-[9px] text-white/25 font-mono leading-tight">{cat.examples}</p>
+                  </div>
+                )
+              })}
+            </div>
+
            {/* Pipeline Flow Visualization */}
-            <div className="flex items-center justify-center gap-1 mb-4 flex-wrap">
+            <div className="flex items-center justify-center gap-1 flex-wrap">
              {[
-                { icon: FileText, label: '38+ PDFs' },
-                { icon: Layers, label: 'QA + Chunking' },
-                { icon: Cpu, label: 'BGE-M3' },
-                { icon: Database, label: '6 Collections' },
-                { icon: Search, label: 'Hybrid Search' },
-                { icon: Brain, label: '120B / 1000B' },
+                { icon: FileText, label: de ? '75+ Quellen' : '75+ Sources' },
+                { icon: Layers, label: de ? 'Chunking & Lizenz' : 'Chunking & License' },
+                { icon: Cpu, label: de ? 'LLM-Extraktion' : 'LLM Extraction' },
+                { icon: Database, label: de ? '70k+ Controls' : '70k+ Controls' },
+                { icon: Search, label: de ? 'Hybrid Search' : 'Hybrid Search' },
+                { icon: Brain, label: de ? 'Beratung' : 'Advisory' },
              ].map((step, idx, arr) => (
                <div key={idx} className="flex items-center gap-1">
                  <div className="flex items-center gap-1 px-2 py-1 rounded-lg bg-white/[0.05] border border-white/[0.08]">
@@ -213,28 +279,6 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
                </div>
              ))}
            </div>
-            {/* Pipeline Steps */}
-            <div className="grid md:grid-cols-2 gap-3">
-              {ragPipelineSteps.map((step, idx) => {
-                const Icon = step.icon
-                return (
-                  <div key={idx} className={`border rounded-xl p-3 ${step.bg}`}>
-                    <div className="flex items-center gap-2 mb-2">
-                      <Icon className={`w-4 h-4 ${step.color}`} />
-                      <h3 className="text-xs font-bold text-white">{step.title}</h3>
-                    </div>
-                    <ul className="space-y-1">
-                      {step.items.map((item, iidx) => (
-                        <li key={iidx} className="flex items-start gap-1.5 text-[11px] text-white/50">
-                          <span className={`w-1 h-1 rounded-full mt-1.5 ${step.color} bg-current shrink-0`} />
-                          {item}
-                        </li>
-                      ))}
-                    </ul>
-                  </div>
-                )
-              })}
-            </div>
          </div>
        )}

@@ -291,7 +335,7 @@ export default function AIPipelineSlide({ lang }: AIPipelineSlideProps) {
                <div className="mt-3 pt-3 border-t border-white/5">
                  <p className="text-[10px] text-white/20">
                    {de
-                      ? 'Wahrheit = Regeln + Evidenz · LLM = Uebersetzer + Subsumtions-Helfer · 100% EU-Cloud'
+                      ? 'Wahrheit = Regeln + Evidenz · LLM = Übersetzer + Subsumtions-Helfer · 100% EU-Cloud'
                      : 'Truth = Rules + Evidence · LLM = Translator + Subsumption Helper · 100% EU Cloud'}
                  </p>
                </div>
@@ -22,9 +22,9 @@ export default function ArchitectureSlide({ lang }: ArchitectureSlideProps) {
      bg: 'bg-indigo-500/10 border-indigo-500/20',
      title: de ? 'Hardware-Schicht' : 'Hardware Layer',
      items: [
-        { label: 'ComplAI Mini', desc: 'Mac Mini M4 · 16 GB · Llama 3.2 3B' },
-        { label: 'ComplAI Studio', desc: 'Mac Studio M4 Max · 64 GB · Qwen 2.5 32B' },
-        { label: 'ComplAI Cloud', desc: de ? 'Managed GPU-Cluster · Multi-Model' : 'Managed GPU Cluster · Multi-Model' },
+        { label: 'ComplAI Mini', desc: de ? 'Mac Mini M4 (geplant, optional)' : 'Mac Mini M4 (planned, optional)' },
+        { label: 'ComplAI Studio', desc: de ? 'Mac Studio M4 Max (geplant, optional)' : 'Mac Studio M4 Max (planned, optional)' },
+        { label: 'ComplAI Cloud', desc: de ? 'BSI-zertifizierte Cloud in Deutschland' : 'BSI-certified cloud in Germany' },
      ],
    },
    {
@@ -44,8 +44,8 @@ export default function ArchitectureSlide({ lang }: ArchitectureSlideProps) {
      bg: 'bg-emerald-500/10 border-emerald-500/20',
      title: de ? 'Compliance-Module' : 'Compliance Modules',
      items: [
-        { label: 'DSGVO Engine', desc: de ? 'VVT, DSFA, Betroffenenrechte, Loeschkonzept' : 'RoPA, DPIA, Data Subject Rights, Deletion Concept' },
-        { label: 'AI Act Module', desc: de ? 'Risikoklassifizierung, Konformitaetsbewertung, Dokumentation' : 'Risk Classification, Conformity Assessment, Documentation' },
+        { label: 'DSGVO Engine', desc: de ? 'VVT, DSFA, Betroffenenrechte, Löschkonzept' : 'RoPA, DPIA, Data Subject Rights, Deletion Concept' },
+        { label: 'AI Act Module', desc: de ? 'Risikoklassifizierung, Konformitätsbewertung, Dokumentation' : 'Risk Classification, Conformity Assessment, Documentation' },
        { label: 'NIS2 Module', desc: de ? 'Cybersecurity-Policies, Incident Response, Meldewege' : 'Cybersecurity Policies, Incident Response, Reporting Chains' },
      ],
    },
@@ -55,7 +55,7 @@ export default function ArchitectureSlide({ lang }: ArchitectureSlideProps) {
      bg: 'bg-blue-500/10 border-blue-500/20',
      title: de ? 'Plattform-Services' : 'Platform Services',
      items: [
-        { label: de ? 'Admin-Dashboard' : 'Admin Dashboard', desc: 'Next.js · ' + (de ? 'Mandantenfaehig · Rollenbasiert' : 'Multi-Tenant · Role-Based') },
+        { label: de ? 'Admin-Dashboard' : 'Admin Dashboard', desc: 'Next.js · ' + (de ? 'Mandantenfähig · Rollenbasiert' : 'Multi-Tenant · Role-Based') },
        { label: 'SDK API', desc: 'Go/Gin · REST · ' + (de ? 'Tenant-isoliert' : 'Tenant-Isolated') },
        { label: 'DevSecOps Suite', desc: 'Semgrep · Trivy · Gitleaks · CycloneDX SBOM' },
      ],
@@ -64,9 +64,9 @@ export default function ArchitectureSlide({ lang }: ArchitectureSlideProps) {

  const securityFeatures = [
    { icon: Lock, label: de ? 'Zero-Trust Architektur' : 'Zero-Trust Architecture' },
-    { icon: Database, label: de ? 'Daten verlassen nie das Unternehmen' : 'Data Never Leaves the Company' },
-    { icon: Globe, label: de ? 'Kein Cloud-Abhaengigkeit' : 'No Cloud Dependency' },
-    { icon: Workflow, label: de ? 'Air-Gap faehig' : 'Air-Gap Capable' },
+    { icon: Database, label: de ? 'Daten verlassen nie BSI-zertifizierte Server in DE' : 'Data Never Leaves BSI-Certified Servers in DE' },
+    { icon: Globe, label: de ? '100% EU-Cloud · Keine US-Anbieter' : '100% EU Cloud · No US Providers' },
+    { icon: Workflow, label: de ? 'Air-Gap fähig' : 'Air-Gap Capable' },
  ]

  return (
@@ -6,15 +6,68 @@ import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
 import { TrendingUp, TrendingDown, Minus } from 'lucide-react'
+import { useFinancialModel } from '@/lib/hooks/useFinancialModel'

 interface AssumptionsSlideProps {
  lang: Language
+  investorId?: string | null
+  preferredScenarioId?: string | null
 }

-export default function AssumptionsSlide({ lang }: AssumptionsSlideProps) {
+function fmtArr(v: number, de: boolean): string {
+  if (v >= 1_000_000) {
+    const m = (v / 1_000_000).toFixed(1)
+    return de ? `~${m.replace('.', ',')} Mio. EUR` : `~EUR ${m}M`
+  }
+  return de ? `~${Math.round(v / 1000)}k EUR` : `~EUR ${Math.round(v / 1000)}k`
+}
+
+function fmtCash(v: number, de: boolean): string {
+  if (Math.abs(v) >= 1_000_000) {
+    const m = (v / 1_000_000).toFixed(1)
+    return de ? `~${m.replace('.', ',')} Mio. EUR` : `~EUR ${m}M`
+  }
+  return de ? `~${Math.round(v / 1000)}k EUR` : `~EUR ${Math.round(v / 1000)}k`
+}
+
+function breakEvenYear(month: number | null): string {
+  if (!month || month <= 0) return '—'
+  const year = 2026 + Math.floor((month - 1) / 12)
+  return String(year)
+}
+
+export default function AssumptionsSlide({ lang, investorId, preferredScenarioId }: AssumptionsSlideProps) {
  const i = t(lang)
  const de = lang === 'de'

+  // Load computed financial data for Base Case
+  const fm = useFinancialModel(investorId || null, preferredScenarioId)
+  const summary = fm.activeResults?.summary
+  const results = fm.activeResults?.results || []
+  const lastResult = results.length > 0 ? results[results.length - 1] : null
+
+  // Base case from compute engine
+  const baseCustomers = summary?.final_customers || 0
+  const baseArr = summary?.final_arr || 0
+  const baseEmployees = lastResult?.employees_count || 0
+  const baseCash = lastResult?.cash_balance_eur || 0
+  const baseBreakEven = breakEvenYear(summary?.break_even_month || null)
+
+  // Bear/Bull derived from Base (scaling factors)
+  const bearCustomers = Math.round(baseCustomers * 0.5)
+  const bearArr = baseArr * 0.42
+  const bearEmployees = Math.round(baseEmployees * 0.7)
+  const bearCash = baseCash * 0.08
+  const bearBreakEvenMonth = summary?.break_even_month ? Math.round(summary.break_even_month * 1.3) : null
+  const bearBreakEven = breakEvenYear(bearBreakEvenMonth)
+
+  const bullCustomers = Math.round(baseCustomers * 1.7)
+  const bullArr = baseArr * 1.8
+  const bullEmployees = Math.round(baseEmployees * 1.4)
+  const bullCash = baseCash * 2.3
+  const bullBreakEvenMonth = summary?.break_even_month ? Math.round(summary.break_even_month * 0.75) : null
+  const bullBreakEven = breakEvenYear(bullBreakEvenMonth)
+
  // 3 Cases abgeleitet aus dem Finanzplan (Base Case = aktuelle DB-Daten)
  const cases = [
    {
@@ -37,11 +90,11 @@ export default function AssumptionsSlide({ lang }: AssumptionsSlideProps) {
        'Server costs €150 per customer',
      ],
      kpis: {
-        kunden2030: '~600',
-        arr2030: de ? '~4,2 Mio. EUR' : '~EUR 4.2M',
-        ma2030: '25',
-        breakEven: '2030',
-        cash2030: de ? '~0,5 Mio. EUR' : '~EUR 0.5M',
+        kunden2030: `~${bearCustomers.toLocaleString('de-DE')}`,
+        arr2030: fmtArr(bearArr, de),
+        ma2030: String(bearEmployees),
+        breakEven: bearBreakEven,
+        cash2030: fmtCash(bearCash, de),
      },
    },
    {
@@ -64,11 +117,11 @@ export default function AssumptionsSlide({ lang }: AssumptionsSlideProps) {
        'Break-even mid 2029',
      ],
      kpis: {
-        kunden2030: '~1.200',
-        arr2030: de ? '~10 Mio. EUR' : '~EUR 10M',
-        ma2030: '35',
-        breakEven: '2029',
-        cash2030: de ? '~6,4 Mio. EUR' : '~EUR 6.4M',
+        kunden2030: `~${baseCustomers.toLocaleString('de-DE')}`,
+        arr2030: fmtArr(baseArr, de),
+        ma2030: String(baseEmployees),
+        breakEven: baseBreakEven,
+        cash2030: fmtCash(baseCash, de),
      },
    },
    {
@@ -91,11 +144,11 @@ export default function AssumptionsSlide({ lang }: AssumptionsSlideProps) {
        'EU expansion from 2028',
      ],
      kpis: {
-        kunden2030: '~2.000',
-        arr2030: de ? '~18 Mio. EUR' : '~EUR 18M',
-        ma2030: '50',
-        breakEven: '2028',
-        cash2030: de ? '~15 Mio. EUR' : '~EUR 15M',
+        kunden2030: `~${bullCustomers.toLocaleString('de-DE')}`,
+        arr2030: fmtArr(bullArr, de),
+        ma2030: String(bullEmployees),
+        breakEven: bullBreakEven,
+        cash2030: fmtCash(bullCash, de),
      },
    },
  ]
@@ -168,11 +221,11 @@ export default function AssumptionsSlide({ lang }: AssumptionsSlideProps) {
            </thead>
            <tbody>
              {[
-                { label: de ? 'Kunden' : 'Customers', bear: '~600', base: '~1.200', bull: '~2.000' },
-                { label: 'ARR', bear: de ? '~4,2 Mio.' : '~4.2M', base: de ? '~10 Mio.' : '~10M', bull: de ? '~18 Mio.' : '~18M' },
-                { label: de ? 'Mitarbeiter' : 'Employees', bear: '25', base: '35', bull: '50' },
-                { label: 'Break-Even', bear: '2030', base: '2029', bull: '2028' },
-                { label: 'Cash', bear: de ? '~0,5 Mio.' : '~0.5M', base: de ? '~6,4 Mio.' : '~6.4M', bull: de ? '~15 Mio.' : '~15M' },
+                { label: de ? 'Kunden' : 'Customers', bear: `~${bearCustomers.toLocaleString('de-DE')}`, base: `~${baseCustomers.toLocaleString('de-DE')}`, bull: `~${bullCustomers.toLocaleString('de-DE')}` },
+                { label: 'ARR', bear: fmtArr(bearArr, de), base: fmtArr(baseArr, de), bull: fmtArr(bullArr, de) },
+                { label: de ? 'Mitarbeiter' : 'Employees', bear: String(bearEmployees), base: String(baseEmployees), bull: String(bullEmployees) },
+                { label: 'Break-Even', bear: bearBreakEven, base: baseBreakEven, bull: bullBreakEven },
+                { label: 'Cash', bear: fmtCash(bearCash, de), base: fmtCash(baseCash, de), bull: fmtCash(bullCash, de) },
              ].map((row, idx) => (
                <tr key={idx} className="border-b border-white/[0.03]">
                  <td className="py-1.5 text-white/60">{row.label}</td>
@@ -2,104 +2,172 @@

 import { Language } from '@/lib/types'
 import { t } from '@/lib/i18n'
+import { useFinancialModel } from '@/lib/hooks/useFinancialModel'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
-import AnimatedCounter from '../ui/AnimatedCounter'
-import { Repeat, TrendingUp, PiggyBank, ShieldCheck, Clock, Users } from 'lucide-react'
+import { ArrowRight, TrendingUp, Target, Repeat, DollarSign, Users, BarChart3 } from 'lucide-react'

 interface BusinessModelSlideProps {
  lang: Language
  products?: unknown[]
+  investorId?: string | null
+  preferredScenarioId?: string | null
 }

-export default function BusinessModelSlide({ lang }: BusinessModelSlideProps) {
+export default function BusinessModelSlide({ lang, investorId, preferredScenarioId }: BusinessModelSlideProps) {
  const i = t(lang)
  const de = lang === 'de'
+  const fm = useFinancialModel(investorId || null, preferredScenarioId)
+  const summary = fm.activeResults?.summary
+  const results = fm.activeResults?.results || []
+  const lastResult = results[results.length - 1]
+  const finalCustomers = summary?.final_customers || 0
+  const finalArr = summary?.final_arr || 0
+  const acv = finalCustomers > 0 ? Math.round(finalArr / finalCustomers) : 0
+
+  const tiers = [
+    {
+      name: 'Starter',
+      target: de ? 'Startups & Kleinstunternehmen' : 'Startups & Micro',
+      employees: '< 10',
+      price: de ? '3.600' : '3,600',
+      period: de ? 'EUR/Jahr' : 'EUR/yr',
+      features: de
+        ? ['Code Security (SAST/DAST)', 'Compliance-Dokumente', 'Consent Management', '1 Anwendung']
+        : ['Code Security (SAST/DAST)', 'Compliance documents', 'Consent management', '1 application'],
+      highlight: false,
+    },
+    {
+      name: 'Professional',
+      target: de ? 'KMU & Mittelstand' : 'SME & Mid-Market',
+      employees: '10 – 250',
+      price: de ? '15.000 – 40.000' : '15,000 – 40,000',
+      period: de ? 'EUR/Jahr' : 'EUR/yr',
+      features: de
+        ? ['Alle Module inkl. CE-Bewertung', 'Audit Manager End-to-End', 'AI Act Compliance (UCCA)', 'Unbegrenzte Anwendungen']
+        : ['All modules incl. CE assessment', 'Audit Manager end-to-end', 'AI Act Compliance (UCCA)', 'Unlimited applications'],
+      highlight: true,
+    },
+    {
+      name: 'Enterprise',
+      target: de ? 'Konzerne & OEMs' : 'Enterprises & OEMs',
+      employees: '250+',
+      price: de ? 'ab 50.000' : 'from 50,000',
+      period: de ? 'EUR/Jahr' : 'EUR/yr',
+      features: de
+        ? ['Dedizierte Instanz', 'Custom Integrationen (SAP, MES)', 'SLA & Priority Support', 'Tender Matching & RFQ-Prüfung']
+        : ['Dedicated instance', 'Custom integrations (SAP, MES)', 'SLA & priority support', 'Tender matching & RFQ verification'],
+      highlight: false,
+    },
+  ]
+
+  const grossMargin = lastResult?.gross_margin_pct ?? 0
+  const acvLabel = acv > 0
+    ? (de ? `${(acv / 1000).toFixed(1).replace('.', ',')}k EUR` : `EUR ${(acv / 1000).toFixed(1)}k`)
+    : '—'
+
+  const metrics = [
+    { icon: DollarSign, color: 'text-indigo-400', label: 'ACV (2030)', value: acvLabel, sub: de ? 'Durchschnittlicher Vertragswert (berechnet)' : 'Average Contract Value (computed)' },
+    { icon: TrendingUp, color: 'text-emerald-400', label: 'Gross Margin', value: `${Math.round(grossMargin)}%`, sub: de ? 'Cloud-native, keine Hardware-Kosten' : 'Cloud-native, no hardware costs' },
+    { icon: Repeat, color: 'text-purple-400', label: 'NRR Ziel', value: '> 120%', sub: de ? 'Upsell: mehr Module, mehr Nutzer' : 'Upsell: more modules, more users' },
+    { icon: Target, color: 'text-amber-400', label: 'Payback', value: de ? '< 3 Monate' : '< 3 Months', sub: de ? 'Ersparnis übersteigt Kosten ab Q1' : 'Savings exceed costs from Q1' },
+  ]

  return (
-    <div>
-      <FadeInView className="text-center mb-10">
+    <div className="max-w-6xl mx-auto">
+      <FadeInView className="text-center mb-6">
        <h2 className="text-4xl md:text-5xl font-bold mb-3">
          <GradientText>{i.businessModel.title}</GradientText>
        </h2>
-        <p className="text-lg text-white/50 max-w-2xl mx-auto">{i.businessModel.subtitle}</p>
+        <p className="text-lg text-white/50 max-w-2xl mx-auto">
+          {de ? 'Mitarbeiterbasiertes SaaS — Kunden sparen mehr als sie zahlen' : 'Employee-based SaaS — customers save more than they pay'}
+        </p>
      </FadeInView>

-      {/* Key Metrics */}
-      <div className="grid md:grid-cols-3 gap-4 mb-8">
-        <GlassCard delay={0.2} className="text-center">
-          <Repeat className="w-6 h-6 text-indigo-400 mx-auto mb-2" />
-          <p className="text-sm text-white/50 mb-1">{i.businessModel.recurringRevenue}</p>
-          <p className="text-2xl font-bold text-white">100% SaaS</p>
-          <p className="text-xs text-white/30">{de ? 'Mitarbeiterbasiertes Pricing' : 'Employee-based pricing'}</p>
-        </GlassCard>
-        <GlassCard delay={0.3} className="text-center">
-          <TrendingUp className="w-6 h-6 text-green-400 mx-auto mb-2" />
-          <p className="text-sm text-white/50 mb-1">{i.businessModel.margin}</p>
-          <p className="text-2xl font-bold text-white">&gt;80%</p>
-          <p className="text-xs text-white/30">{de ? 'Cloud-native, keine HW-Kosten' : 'Cloud-native, no HW costs'}</p>
-        </GlassCard>
-        <GlassCard delay={0.4} className="text-center">
-          <PiggyBank className="w-6 h-6 text-amber-400 mx-auto mb-2" />
-          <p className="text-sm text-white/50 mb-1">{de ? 'Kundenersparnis' : 'Customer Savings'}</p>
-          <p className="text-2xl font-bold text-white">50.000+ EUR</p>
-          <p className="text-xs text-white/30">{de ? 'pro Kunde pro Jahr' : 'per customer per year'}</p>
-        </GlassCard>
+      <div className="grid md:grid-cols-12 gap-4">
+        {/* Left: Pricing Tiers */}
+        <div className="md:col-span-7">
+          <div className="grid grid-cols-3 gap-3">
+            {tiers.map((tier, idx) => (
+              <FadeInView key={idx} delay={0.1 + idx * 0.1}>
+                <GlassCard hover={false} className={`p-4 h-full ${tier.highlight ? 'border-slate-300/40 bg-gradient-to-b from-slate-200/[0.08] to-slate-400/[0.04] shadow-lg shadow-slate-300/10 ring-1 ring-slate-300/20' : ''}`}>
+                  <h3 className="text-base font-bold text-white mb-0.5">{tier.name}</h3>
+                  <p className="text-xs text-white/40 mb-2">{tier.target}</p>
+                  <p className="text-xs text-white/30 mb-3">{tier.employees} {de ? 'Mitarbeiter' : 'employees'}</p>
+
+                  <div className="mb-3">
+                    <span className="text-xl font-black text-white">{tier.price}</span>
+                    <span className="text-xs text-white/40 ml-1">{tier.period}</span>
                  </div>

-      {/* Savings Breakdown — the core argument */}
-      <FadeInView delay={0.5}>
-        <GlassCard hover={false} className="p-6">
-          <h3 className="text-lg font-semibold mb-5 text-white/70 text-center">
-            {de ? 'ROI-Rechnung: Kunde mit 250+ Mitarbeitern' : 'ROI Calculation: Customer with 250+ employees'}
-          </h3>
-          <div className="grid md:grid-cols-2 gap-8">
-            {/* Customer pays */}
-            <div>
-              <h4 className="text-xs font-bold text-indigo-400 uppercase tracking-wider mb-3">
-                {i.businessModel.customerPays}
-              </h4>
-              <div className="bg-indigo-500/10 border border-indigo-500/20 rounded-xl p-4">
-                <p className="text-3xl font-bold text-white text-center mb-1">
-                  <AnimatedCounter target={40} suffix="-50k" duration={1500} /> EUR
-                </p>
-                <p className="text-xs text-white/40 text-center">{de ? 'pro Jahr, modular waehlbar' : 'per year, modular choice'}</p>
-              </div>
-            </div>
-            {/* Customer saves */}
-            <div>
-              <h4 className="text-xs font-bold text-emerald-400 uppercase tracking-wider mb-3">
-                {i.businessModel.customerSaves}
-              </h4>
-              <div className="space-y-2">
-                {[
-                  { label: i.businessModel.savingsPentest, amount: '30.000', icon: ShieldCheck },
-                  { label: i.businessModel.savingsCE, amount: '20.000', icon: Clock },
-                  { label: i.businessModel.savingsAudit, amount: '60.000+', icon: Users },
-                ].map((item, idx) => (
-                  <div key={idx} className="flex items-center justify-between bg-emerald-500/10 rounded-lg px-3 py-2">
-                    <div className="flex items-center gap-2">
-                      <item.icon className="w-3.5 h-3.5 text-emerald-400" />
-                      <span className="text-xs text-white/70">{item.label}</span>
-                    </div>
-                    <span className="text-xs font-bold text-emerald-300">{item.amount} EUR</span>
-                  </div>
+                  <ul className="space-y-1.5">
+                    {tier.features.map((f, i) => (
+                      <li key={i} className="flex items-start gap-1.5 text-sm text-white/50">
+                        <span className="w-1 h-1 rounded-full bg-indigo-400 mt-1.5 shrink-0" />
+                        {f}
+                      </li>
                    ))}
-                <div className="flex items-center justify-between bg-emerald-500/20 border border-emerald-500/30 rounded-lg px-3 py-2">
-                  <span className="text-xs font-bold text-white">{i.businessModel.savingsTotal}</span>
-                  <span className="text-sm font-bold text-emerald-300">50.000 - 110.000+ EUR</span>
-                </div>
-              </div>
-            </div>
-          </div>
-          <p className="text-center text-xs text-white/30 mt-4">
-            {de
-              ? '+ Strafvermeidung, Echtzeit-Kundenanfragen, kein Auditmanager noetig'
-              : '+ penalty avoidance, real-time customer inquiries, no audit manager needed'}
-          </p>
+                  </ul>
                </GlassCard>
              </FadeInView>
+            ))}
+          </div>
+
+          {/* Expansion arrow */}
+          <FadeInView delay={0.4} className="flex items-center justify-center gap-2 mt-3">
+            <span className="text-[10px] text-white/30">Starter</span>
+            <ArrowRight className="w-3 h-3 text-indigo-400/40" />
+            <span className="text-[10px] text-white/30">Professional</span>
+            <ArrowRight className="w-3 h-3 text-indigo-400/40" />
+            <span className="text-[10px] text-white/30">Enterprise</span>
+            <span className="text-xs text-white/20 ml-2">{de ? 'Land & Expand' : 'Land & Expand'}</span>
+          </FadeInView>
+        </div>
+
+        {/* Right: Unit Economics */}
+        <div className="md:col-span-5">
+          <FadeInView delay={0.3}>
+            <GlassCard hover={false} className="p-4 h-full">
+              <h3 className="text-xs font-bold text-white/40 uppercase tracking-wider mb-4">
+                Unit Economics
+              </h3>
+              <div className="space-y-4">
+                {metrics.map((m, idx) => {
+                  const Icon = m.icon
+                  return (
+                    <div key={idx} className="flex items-start gap-3">
+                      <div className={`w-8 h-8 rounded-lg bg-white/[0.05] border border-white/10 flex items-center justify-center shrink-0`}>
+                        <Icon className={`w-4 h-4 ${m.color}`} />
+                      </div>
+                      <div className="flex-1">
+                        <div className="flex items-baseline justify-between">
+                          <span className="text-xs text-white/40 uppercase tracking-wider">{m.label}</span>
+                          <span className={`text-lg font-black ${m.color}`}>{m.value}</span>
+                        </div>
+                        <p className="text-[10px] text-white/30">{m.sub}</p>
+                      </div>
+                    </div>
+                  )
+                })}
+              </div>
+
+              {/* Bottom-up sizing */}
+              <div className="mt-4 pt-3 border-t border-white/5">
+                <div className="flex items-center gap-1.5 mb-1">
+                  <BarChart3 className="w-3 h-3 text-white/30" />
+                  <span className="text-[10px] text-white/30 uppercase tracking-wider">Bottom-Up</span>
+                </div>
+                <p className="text-xs text-white/50">
+                  {de
+                    ? `${finalCustomers.toLocaleString('de-DE')} Kunden × ${acv.toLocaleString('de-DE')} EUR ACV = ~${(finalArr / 1_000_000).toFixed(1).replace('.', ',')} Mio. EUR ARR (2030)`
+                    : `${finalCustomers.toLocaleString('en-US')} customers × EUR ${acv.toLocaleString('en-US')} ACV = ~EUR ${(finalArr / 1_000_000).toFixed(1)}M ARR (2030)`}
+                </p>
+              </div>
+            </GlassCard>
+          </FadeInView>
+        </div>
+      </div>
    </div>
  )
 }
@@ -1,6 +1,7 @@
 'use client'

 import { Language } from '@/lib/types'
+import ProjectionFooter from '../ui/ProjectionFooter'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
@@ -212,6 +213,7 @@ export default function CapTableSlide({ lang }: CapTableSlideProps) {
          </GlassCard>
        </FadeInView>
      </div>
+      <ProjectionFooter lang={lang} />
    </div>
  )
 }
@@ -54,7 +54,7 @@ const EXTENDED_COMPETITORS: ExtendedCompetitor[] = [
    revenue: '$220M ARR',
    revenueNum: 220_000_000,
    customers: 12000,
-    customerCountries: '58 Laender',
+    customerCountries: '58 Länder',
    fundingTotal: '$504M',
    fundingRound: 'Series D ($150M, $4.15B val.)',
    investors: ['Sequoia Capital', 'Wellington Mgmt', 'Craft Ventures', 'CrowdStrike', 'Goldman Sachs', 'Y Combinator'],
@@ -75,7 +75,7 @@ const EXTENDED_COMPETITORS: ExtendedCompetitor[] = [
    revenue: '$100M ARR',
    revenueNum: 100_000_000,
    customers: 8000,
-    customerCountries: '80+ Laender',
+    customerCountries: '80+ Länder',
    fundingTotal: '$328M',
    fundingRound: 'Series C ($200M, $2B val.)',
    investors: ['ICONIQ Growth', 'GGV Capital', 'Salesforce Ventures', 'SentinelOne'],
@@ -96,7 +96,7 @@ const EXTENDED_COMPETITORS: ExtendedCompetitor[] = [
    revenue: '$38M ARR',
    revenueNum: 38_000_000,
    customers: 3000,
-    customerCountries: '75+ Laender',
+    customerCountries: '75+ Länder',
    fundingTotal: '$32M',
    fundingRound: 'Series B ($20M, 2024)',
    investors: ['Accel', 'Elevation Capital', 'Blume Ventures'],
@@ -138,7 +138,7 @@ const EXTENDED_COMPETITORS: ExtendedCompetitor[] = [
    revenue: '~€52M',
    revenueNum: 52_000_000,
    customers: 4000,
-    customerCountries: '50+ Laender',
+    customerCountries: '50+ Länder',
    fundingTotal: '€80M',
    fundingRound: 'Series B (€61M, €341M val.)',
    investors: ['Morgan Stanley Expansion', 'One Peak Partners'],
@@ -221,7 +221,7 @@ const ALL_FEATURES: ComparisonFeature[] = [
  { de: 'VVT (Art. 30 DSGVO)', en: 'Records of Processing (Art. 30)', bp: true, vanta: false, drata: false, sprinto: false, proliance: true, dataguard: true, heydata: true, isDiff: false, isUSP: false },
  { de: 'TOM-Dokumentation', en: 'TOM Documentation', bp: true, vanta: false, drata: false, sprinto: false, proliance: true, dataguard: true, heydata: 'partial', isDiff: false, isUSP: false },
  { de: 'DSFA (Art. 35 DSGVO)', en: 'DPIA (Art. 35 GDPR)', bp: true, vanta: false, drata: false, sprinto: false, proliance: true, dataguard: true, heydata: false, isDiff: false, isUSP: false },
-  { de: 'Loeschkonzept / Loeschfristen', en: 'Deletion Concept / Retention', bp: true, vanta: false, drata: false, sprinto: false, proliance: 'partial', dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
+  { de: 'Löschkonzept / Löschfristen', en: 'Deletion Concept / Retention', bp: true, vanta: false, drata: false, sprinto: false, proliance: 'partial', dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  { de: 'Auftragsverarbeiter-Mgmt', en: 'Vendor/Processor Management', bp: true, vanta: true, drata: true, sprinto: 'partial', proliance: true, dataguard: true, heydata: 'partial', isDiff: false, isUSP: false },
  { de: 'Consent Management', en: 'Consent Management', bp: true, vanta: false, drata: false, sprinto: false, proliance: 'partial', dataguard: false, heydata: 'partial', isDiff: false, isUSP: false },
  { de: 'Betroffenenrechte (DSR)', en: 'Data Subject Requests', bp: true, vanta: false, drata: false, sprinto: false, proliance: true, dataguard: true, heydata: 'partial', isDiff: false, isUSP: false },
@@ -231,13 +231,13 @@ const ALL_FEATURES: ComparisonFeature[] = [
  { de: 'Policy-Generator', en: 'Policy Generator', bp: true, vanta: true, drata: true, sprinto: 'partial', proliance: true, dataguard: true, heydata: 'partial', isDiff: false, isUSP: false },
  { de: 'Incident Response', en: 'Incident Response', bp: true, vanta: true, drata: true, sprinto: true, proliance: false, dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  // Technical Features
-  { de: 'KI-gestuetzte Analyse', en: 'AI-Powered Analysis', bp: true, vanta: true, drata: true, sprinto: 'partial', proliance: false, dataguard: true, heydata: false, isDiff: false, isUSP: false },
+  { de: 'KI-gestützte Analyse', en: 'AI-Powered Analysis', bp: true, vanta: true, drata: true, sprinto: 'partial', proliance: false, dataguard: true, heydata: false, isDiff: false, isUSP: false },
  { de: 'Automatische Evidence-Sammlung', en: 'Automatic Evidence Collection', bp: true, vanta: true, drata: true, sprinto: true, proliance: false, dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  { de: 'Continuous Monitoring', en: 'Continuous Monitoring', bp: true, vanta: true, drata: true, sprinto: true, proliance: false, dataguard: true, heydata: false, isDiff: false, isUSP: false },
  { de: 'Integrations (Slack, Jira, etc.)', en: 'Integrations (Slack, Jira, etc.)', bp: 'partial', vanta: true, drata: true, sprinto: true, proliance: false, dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  { de: 'API / SDK', en: 'API / SDK', bp: true, vanta: true, drata: true, sprinto: 'partial', proliance: false, dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  { de: 'Datensouveraenitaet (EU)', en: 'Data Sovereignty (EU)', bp: true, vanta: false, drata: false, sprinto: false, proliance: true, dataguard: true, heydata: true, isDiff: false, isUSP: false },
-  { de: 'Mehrmandantenfaehig', en: 'Multi-Tenancy', bp: true, vanta: true, drata: true, sprinto: true, proliance: 'partial', dataguard: true, heydata: false, isDiff: false, isUSP: false },
+  { de: 'Mehrmandantenfähig', en: 'Multi-Tenancy', bp: true, vanta: true, drata: true, sprinto: true, proliance: 'partial', dataguard: true, heydata: false, isDiff: false, isUSP: false },
  { de: 'Data Mapping / Datenfluss', en: 'Data Mapping / Data Flow', bp: true, vanta: 'partial', drata: 'partial', sprinto: false, proliance: false, dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
  { de: 'Cookie-Banner Generator', en: 'Cookie Banner Generator', bp: true, vanta: false, drata: false, sprinto: false, proliance: 'partial', dataguard: false, heydata: 'partial', isDiff: false, isUSP: false },
  { de: 'Dokument-Generator (61 Vorlagen)', en: 'Document Generator (61 Templates)', bp: true, vanta: 'partial', drata: 'partial', sprinto: false, proliance: 'partial', dataguard: 'partial', heydata: false, isDiff: false, isUSP: false },
@@ -277,7 +277,7 @@ const PRICING_COMPARISON: CompetitorPricing[] = [
  {
    name: 'ComplAI',
    flag: '🇩🇪',
-    model: 'Cloud (BSI DE / OVH FR)',
+    model: 'Cloud (BSI DE / FR)',
    publicPricing: true,
    tiers: [
      { name: { de: 'Startup/<10', en: 'Startup/<10' }, price: 'ab €300/mo', annual: 'ab €3.600/yr', notes: { de: '14-Tage-Test, Kreditkarte', en: '14-day trial, credit card' } },
@@ -526,7 +526,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
      {/* Tab Bar */}
      <FadeInView delay={0.15} className="flex justify-center gap-2 mb-4 flex-wrap">
        {([
-          { key: 'overview' as ViewTab, de: 'Ueberblick & Vergleich', en: 'Overview & Comparison' },
+          { key: 'overview' as ViewTab, de: 'Überblick & Vergleich', en: 'Overview & Comparison' },
          { key: 'features' as ViewTab, de: 'Feature-Matrix (Detail)', en: 'Feature Matrix (Detail)' },
          { key: 'pricing' as ViewTab, de: 'Pricing-Vergleich', en: 'Pricing Comparison' },
          { key: 'appsec' as ViewTab, de: 'Pentesting & AppSec', en: 'Pentesting & AppSec' },
@@ -537,7 +537,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
            className={`px-4 py-1.5 rounded-full text-xs font-medium transition-all ${
              activeTab === tab.key
                ? 'bg-indigo-500/20 text-indigo-300 border border-indigo-500/30'
-                : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08]'
+                : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08] animate-[pulse_3s_ease-in-out_infinite]'
            }`}
          >
            {lang === 'de' ? tab.de : tab.en}
@@ -660,7 +660,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
            {/* USPs */}
            <div>
              <SectionHeader
-                label={lang === 'de' ? 'USP — nur ComplAI' : 'USP — ComplAI only'}
+                label={lang === 'de' ? 'USP — nur COMPLAI' : 'USP — COMPLAI only'}
                count={usps.length}
                open={openSections.has('usp')}
                onToggle={() => toggleSection('usp')}
@@ -705,7 +705,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
                  <th className="py-2 px-1.5 text-white/40 font-medium text-center">Mid</th>
                  <th className="py-2 px-1.5 text-white/40 font-medium text-center">Enterprise</th>
                  <th className="py-2 px-1.5 text-white/40 font-medium text-center">Setup</th>
-                  <th className="py-2 px-1.5 text-white/40 font-medium text-center">{lang === 'de' ? 'Oeffentlich' : 'Public'}</th>
+                  <th className="py-2 px-1.5 text-white/40 font-medium text-center">{lang === 'de' ? 'Öffentlich' : 'Public'}</th>
                </tr>
              </thead>
              <tbody>
@@ -762,7 +762,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
                <div className="text-white/30 text-[10px]">{lang === 'de' ? 'Vanta, Drata — SOC 2 Fokus, Setup-Gebuehr, kein Self-Hosted' : 'Vanta, Drata — SOC 2 focus, setup fee, no self-hosted'}</div>
              </div>
              <div className="bg-indigo-500/5 border border-indigo-500/10 rounded-lg p-2">
-                <div className="text-indigo-400 mb-1 font-medium">ComplAI</div>
+                <div className="text-indigo-400 mb-1 font-medium"><BrandName /></div>
                <div className="text-white/80 font-medium">€990 – €2.990/mo</div>
                <div className="text-white/30 text-[10px]">{lang === 'de' ? 'Compliance + Code-Security + Self-Hosted KI, kein Setup' : 'Compliance + code security + self-hosted AI, no setup fee'}</div>
              </div>
@@ -776,7 +776,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet

          <p className="text-[10px] text-white/25 text-center mt-3 italic">
            {lang === 'de'
-              ? '~ = geschaetzte Preise (nicht oeffentlich). Alle Preise ohne MwSt. Stand: Q1 2026.'
+              ? '~ = geschätzte Preise (nicht öffentlich). Alle Preise ohne MwSt. Stand: Q1 2026.'
              : '~ = estimated pricing (not public). All prices excl. VAT. As of Q1 2026.'}
          </p>
        </FadeInView>
@@ -795,8 +795,8 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
                </span>
                <p className="text-white/50 mt-1 leading-relaxed">
                  {lang === 'de'
-                    ? 'Kein Compliance-Anbieter (Vanta, Drata, etc.) bietet DAST, SAST oder LLM-basierte Code-Fixes. Kein AppSec-Anbieter (Snyk, Veracode, etc.) bietet DSGVO/AI-Act-Compliance. ComplAI ist die einzige Plattform, die beides kombiniert.'
-                    : 'No compliance vendor (Vanta, Drata, etc.) offers DAST, SAST, or LLM-based code fixes. No AppSec vendor (Snyk, Veracode, etc.) offers GDPR/AI Act compliance. ComplAI is the only platform combining both.'}
+                    ? 'Kein Compliance-Anbieter (Vanta, Drata, etc.) bietet DAST, SAST oder LLM-basierte Code-Fixes. Kein AppSec-Anbieter (Snyk, Veracode, etc.) bietet DSGVO/AI-Act-Compliance. COMPLAI ist die einzige Plattform, die beides kombiniert.'
+                    : 'No compliance vendor (Vanta, Drata, etc.) offers DAST, SAST, or LLM-based code fixes. No AppSec vendor (Snyk, Veracode, etc.) offers GDPR/AI Act compliance. COMPLAI is the only platform combining both.'}
                </p>
              </div>
            </div>
@@ -819,7 +819,7 @@ export default function CompetitionSlide({ lang, features, competitors }: Compet
          <div className="space-y-2">
            <div>
              <SectionHeader
-                label={lang === 'de' ? 'USP — nur ComplAI' : 'USP — ComplAI only'}
+                label={lang === 'de' ? 'USP — nur COMPLAI' : 'USP — COMPLAI only'}
                count={APPSEC_FEATURES.filter(f => f.isUSP).length}
                open={openSections.has('appsec-usp')}
                onToggle={() => toggleSection('appsec-usp')}
@@ -0,0 +1,103 @@
+'use client'
+
+import { Language } from '@/lib/types'
+import GradientText from '../ui/GradientText'
+import FadeInView from '../ui/FadeInView'
+import { Shield, Lock } from 'lucide-react'
+
+interface DisclaimerSlideProps {
+  lang: Language
+}
+
+export default function DisclaimerSlide({ lang }: DisclaimerSlideProps) {
+  const de = lang === 'de'
+
+  return (
+    <div className="max-w-4xl mx-auto">
+      <FadeInView className="text-center mb-6">
+        <h2 className="text-3xl md:text-4xl font-bold mb-2">
+          <GradientText>{de ? 'Rechtlicher Hinweis' : 'Legal Notice'}</GradientText>
+        </h2>
+      </FadeInView>
+
+      <div className="space-y-4 max-h-[70vh] overflow-y-auto pr-2">
+
+        {/* Disclaimer */}
+        <FadeInView delay={0.1}>
+          <div className="bg-white/[0.03] border border-white/[0.06] rounded-xl p-5">
+            <div className="flex items-center gap-2 mb-3">
+              <Shield className="w-4 h-4 text-indigo-400" />
+              <h3 className="text-sm font-bold text-indigo-400 uppercase tracking-wider">
+                {de ? 'Haftungsausschluss' : 'Disclaimer'}
+              </h3>
+            </div>
+
+            <div className="space-y-3 text-xs text-white/40 leading-relaxed">
+              <p>
+                {de
+                  ? 'Dieses Dokument wird vorgelegt von Benjamin Boenisch, wohnhaft in Bodman, Deutschland, und Sharang Parnerkar, wohnhaft in Engen, Deutschland (nachfolgend „Gründer"). Die Gründer beabsichtigen die Gründung der BreakPilot GmbH im dritten Quartal 2026. Zum Zeitpunkt der Erstellung dieses Dokuments ist die Gesellschaft weder gegründet noch im Handelsregister eingetragen. Die Gründer handeln ausschließlich als Privatpersonen im Rahmen der Gründungsvorbereitung.'
+                  : 'This document is presented by Benjamin Boenisch, residing in Bodman, Germany, and Sharang Parnerkar, residing in Engen, Germany (hereinafter "Founders"). The Founders intend to establish BreakPilot GmbH in Q3 2026. At the time of this document, the company is neither founded nor registered in the commercial register. The Founders act exclusively as private individuals in preparation of the founding.'}
+              </p>
+              <p>
+                {de
+                  ? 'Dieses Dokument stellt weder ein Angebot zum Verkauf noch eine Aufforderung zur Abgabe eines Angebots zum Erwerb von Wertpapieren, Gesellschaftsanteilen oder sonstigen Vermögensanlagen dar. Es handelt sich nicht um einen Wertpapierprospekt im Sinne des VermAnlG oder der EU-Prospektverordnung. Jede etwaige künftige Beteiligung begründet sich ausschließlich auf gesonderten, rechtlich geprüften Beteiligungsverträgen.'
+                  : 'This document constitutes neither an offer to sell nor a solicitation of an offer to acquire securities, company shares or other financial instruments. It is not a securities prospectus within the meaning of the VermAnlG or the EU Prospectus Regulation. Any future participation shall be based exclusively on separate, legally reviewed participation agreements.'}
+              </p>
+              <p>
+                {de
+                  ? 'Dieses Dokument enthält zukunftsgerichtete Aussagen, die auf gegenwärtigen Erwartungen und Annahmen beruhen. Solche Aussagen beinhalten Risiken und Ungewissheiten, die dazu führen können, dass tatsächliche Ergebnisse wesentlich von den dargestellten Erwartungen abweichen. Sämtliche Finanzangaben in dieser Präsentation sind Planzahlen und stellen keine Garantie für künftige Ergebnisse dar.'
+                  : 'This document contains forward-looking statements based on current expectations and assumptions. Such statements involve risks and uncertainties that may cause actual results to differ materially from stated expectations. All financial figures in this presentation are projections and do not constitute a guarantee of future results.'}
+              </p>
+              <p>
+                {de
+                  ? 'Sämtliche Angaben wurden mit Sorgfalt zusammengestellt, erheben jedoch keinen Anspruch auf Vollständigkeit oder Richtigkeit. Die Gründer übernehmen keine Haftung für die Aktualität, Korrektheit oder Vollständigkeit der Informationen, sofern kein vorsätzliches oder grob fahrlässiges Verschulden vorliegt. Eine Beteiligung an einem jungen Unternehmen ist mit erheblichen Risiken verbunden, einschließlich des Risikos eines Totalverlusts des eingesetzten Kapitals.'
+                  : 'All information has been compiled with care but makes no claim to completeness or accuracy. The Founders assume no liability for the timeliness, correctness or completeness of the information, unless there is intentional or grossly negligent fault. An investment in a young company involves significant risks, including the risk of total loss of invested capital.'}
+              </p>
+            </div>
+          </div>
+        </FadeInView>
+
+        {/* Confidentiality */}
+        <FadeInView delay={0.2}>
+          <div className="bg-white/[0.03] border border-white/[0.06] rounded-xl p-5">
+            <div className="flex items-center gap-2 mb-3">
+              <Lock className="w-4 h-4 text-purple-400" />
+              <h3 className="text-sm font-bold text-purple-400 uppercase tracking-wider">
+                {de ? 'Vertraulichkeit' : 'Confidentiality'}
+              </h3>
+            </div>
+
+            <div className="space-y-3 text-xs text-white/40 leading-relaxed">
+              <p>
+                {de
+                  ? 'Dieses Dokument ist vertraulich und wurde ausschließlich für den namentlich eingeladenen Empfänger erstellt. Durch die Kenntnisnahme erklärt sich der Empfänger mit folgenden Bedingungen einverstanden:'
+                  : 'This document is confidential and has been prepared exclusively for the personally invited recipient. By accessing this document, the recipient agrees to the following terms:'}
+              </p>
+              <p>
+                {de
+                  ? '(a) Geheimhaltung — Der Empfänger verpflichtet sich, den Inhalt vertraulich zu behandeln und nicht an Dritte weiterzugeben, zu kopieren oder zugänglich zu machen. Ausgenommen sind Berater (Rechtsanwälte, Steuerberater), die berufsrechtlich zur Verschwiegenheit verpflichtet sind.'
+                  : '(a) Confidentiality — The recipient undertakes to treat the content confidentially and not to disclose, copy or make it accessible to third parties. Excluded are advisors (lawyers, tax advisors) who are professionally bound to secrecy.'}
+              </p>
+              <p>
+                {de
+                  ? '(b) Zweckbindung — Die Informationen dürfen ausschließlich zur Bewertung einer möglichen Beteiligung verwendet werden. Jede anderweitige Nutzung ist untersagt.'
+                  : '(b) Purpose limitation — The information may only be used for the purpose of evaluating a possible participation. Any other use is prohibited.'}
+              </p>
+              <p>
+                {de
+                  ? '(c) Geltungsdauer — Diese Vertraulichkeitsverpflichtung gilt für drei (3) Jahre ab Übermittlung, unabhängig davon, ob eine Beteiligung zustande kommt. Es gilt deutsches Recht. Gerichtsstand ist Konstanz, Deutschland.'
+                  : '(c) Duration — This confidentiality obligation applies for three (3) years from transmission, regardless of whether a participation materializes. German law applies. Place of jurisdiction is Konstanz, Germany.'}
+              </p>
+            </div>
+          </div>
+        </FadeInView>
+
+        <FadeInView delay={0.3}>
+          <p className="text-center text-[10px] text-white/20">
+            {de ? 'Stand: April 2026 · Dieser Hinweis ersetzt keine Rechtsberatung.' : 'As of: April 2026 · This notice does not replace legal advice.'}
+          </p>
+        </FadeInView>
+      </div>
+    </div>
+  )
+}
@@ -37,23 +37,23 @@ export default function EngineeringSlide({ lang }: EngineeringSlideProps) {
      borderColor: 'border-indigo-500/30',
    },
    {
-      value: '10',
-      label: de ? 'Docker Container' : 'Docker Containers',
-      sub: de ? 'Coolify → Hetzner (amd64)' : 'Coolify → Hetzner (amd64)',
+      value: '320',
+      label: de ? 'Dokumente im RAG' : 'Documents in RAG',
+      sub: de ? 'EU · DACH · Frameworks · Urteile' : 'EU · DACH · Frameworks · Rulings',
      color: 'text-emerald-400',
      borderColor: 'border-emerald-500/30',
    },
    {
-      value: '48+',
-      label: de ? 'SDK-Module' : 'SDK Modules',
-      sub: de ? 'DSGVO · AI Act · NIS2 · CRA' : 'GDPR · AI Act · NIS2 · CRA',
+      value: '70K+',
+      label: de ? 'Compliance Controls' : 'Compliance Controls',
+      sub: de ? '6 Pipeline-Versionen' : '6 pipeline versions',
      color: 'text-purple-400',
      borderColor: 'border-purple-500/30',
    },
    {
-      value: '14',
-      label: 'Dockerfiles',
-      sub: de ? 'Vollstaendig containerisiert' : 'Fully containerized',
+      value: '12',
+      label: de ? 'Produkt-Module' : 'Product Modules',
+      sub: de ? 'Security · Compliance · KI' : 'Security · Compliance · AI',
      color: 'text-amber-400',
      borderColor: 'border-amber-500/30',
    },
@@ -69,17 +69,17 @@ export default function EngineeringSlide({ lang }: EngineeringSlideProps) {
    {
      icon: GitBranch,
      label: 'Gitea + Actions',
-      desc: de ? 'Self-hosted Git + CI/CD · Lint → Tests → Validierung' : 'Self-hosted Git + CI/CD · Lint → Tests → Validation',
+      desc: de ? 'Self-hosted Git + CI/CD · Lint → Tests → Image-Build' : 'Self-hosted Git + CI/CD · Lint → Tests → Image build',
    },
    {
      icon: Workflow,
-      label: 'Coolify',
-      desc: de ? 'Auto-Deploy bei Push · Docker Compose auf Hetzner · Health Checks' : 'Auto-deploy on push · Docker Compose on Hetzner · Health checks',
+      label: 'orca',
+      desc: de ? 'Single-Binary Orchestrator (Rust) · Webhook-Deploy · Auto-TLS · Raft' : 'Single-binary orchestrator (Rust) · Webhook deploys · Auto-TLS · Raft',
    },
    {
      icon: Container,
-      label: 'Docker Compose',
-      desc: de ? 'arm64 → amd64 Build-Pipeline · Multi-Stage Builds' : 'arm64 → amd64 build pipeline · Multi-stage builds',
+      label: 'Private Registry',
+      desc: de ? 'registry.meghsakha.com · Signed Images · Tag pro Commit (:SHA + :latest)' : 'registry.meghsakha.com · Signed images · Per-commit tags (:SHA + :latest)',
    },
    {
      icon: ShieldCheck,
@@ -88,13 +88,13 @@ export default function EngineeringSlide({ lang }: EngineeringSlideProps) {
    },
    {
      icon: Database,
-      label: 'HashiCorp Vault',
-      desc: de ? 'Secrets Management · Auto-Rotation · PKI' : 'Secrets Management · Auto-Rotation · PKI',
+      label: 'Infisical',
+      desc: de ? 'Secrets Management · Rotation · RBAC · End-to-End verschlüsselt' : 'Secrets Management · Rotation · RBAC · End-to-end encrypted',
    },
    {
      icon: Server,
      label: de ? 'EU-Cloud Infrastruktur' : 'EU Cloud Infrastructure',
-      desc: de ? 'Hetzner · SysEleven (BSI) · OVH · PostgreSQL · Qdrant' : 'Hetzner · SysEleven (BSI) · OVH · PostgreSQL · Qdrant',
+      desc: de ? 'Hetzner · SysEleven (BSI) · PostgreSQL · Qdrant' : 'Hetzner · SysEleven (BSI) · PostgreSQL · Qdrant',
    },
  ]

@@ -120,8 +120,8 @@ export default function EngineeringSlide({ lang }: EngineeringSlideProps) {
      color: 'text-emerald-400',
      dotColor: 'bg-emerald-400',
      services: de
-        ? ['PostgreSQL 17 (Hetzner)', 'Qdrant Vector DB', 'DSMS/IPFS Node + Gateway', 'MinIO Object Storage']
-        : ['PostgreSQL 17 (Hetzner)', 'Qdrant Vector DB', 'DSMS/IPFS Node + Gateway', 'MinIO Object Storage'],
+        ? ['orca (Rust) Orchestrator', 'Infisical Secrets', 'PostgreSQL 17 (Hetzner)', 'Qdrant Vector DB', 'DSMS/IPFS Node + Gateway', 'Private Registry']
+        : ['orca (Rust) Orchestrator', 'Infisical Secrets', 'PostgreSQL 17 (Hetzner)', 'Qdrant Vector DB', 'DSMS/IPFS Node + Gateway', 'Private Registry'],
    },
  ]

@@ -261,8 +261,8 @@ export default function EngineeringSlide({ lang }: EngineeringSlideProps) {
              <div className="mt-3 pt-3 border-t border-white/5">
                <p className="text-[10px] text-white/20 text-center">
                  {de
-                    ? '100% EU-Cloud · Hetzner + SysEleven (BSI) + OVH · Keine US-Anbieter · Volle Datenkontrolle'
-                    : '100% EU Cloud · Hetzner + SysEleven (BSI) + OVH · No US Providers · Full Data Control'}
+                    ? '100% EU-Cloud · Hetzner + SysEleven (BSI) · Keine US-Anbieter · Volle Datenkontrolle'
+                    : '100% EU Cloud · Hetzner + SysEleven (BSI) · No US Providers · Full Data Control'}
                </p>
              </div>
            </GlassCard>
@@ -1,8 +1,10 @@
 'use client'

-import { useCallback } from 'react'
+import { useCallback, useMemo } from 'react'
 import { Language, PitchData } from '@/lib/types'
 import { t, formatEur } from '@/lib/i18n'
+import { useFinancialModel } from '@/lib/hooks/useFinancialModel'
+import { computeAnnualKPIs } from '@/lib/finanzplan/annual-kpis'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
@@ -11,13 +13,22 @@ import { Download, Shield, Server, Brain, TrendingUp, FileText, Target, ScanLine
 interface ExecutiveSummarySlideProps {
  lang: Language
  data: PitchData
+  investorId?: string | null
+  preferredScenarioId?: string | null
 }

-export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySlideProps) {
+export default function ExecutiveSummarySlide({ lang, data, investorId, preferredScenarioId }: ExecutiveSummarySlideProps) {
  const i = t(lang)
  const es = i.executiveSummary
  const de = lang === 'de'

+  // Financial model for Unternehmensentwicklung
+  const fm = useFinancialModel(investorId || null, preferredScenarioId)
+  const annualKPIs = useMemo(
+    () => computeAnnualKPIs(fm.activeResults?.results || []),
+    [fm.activeResults],
+  )
+
  const funding = data.funding
  const amount = funding?.amount_eur || 0
  const amountLabel = amount >= 1_000_000
@@ -179,7 +190,7 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
        <li><strong>SAST + DAST + SBOM</strong> ${de ? '\\u2014 Vollumf\\u00e4ngliche Sicherheitstests bei jeder Code-\\u00c4nderung' : '\\u2014 Full security testing on every code change'}</li>
        <li><strong>${de ? 'KI-gest\\u00fctztes Pentesting' : 'AI-powered Pentesting'}</strong> ${de ? '\\u2014 Kontinuierlich statt einmal im Jahr' : '\\u2014 Continuous instead of once a year'}</li>
        <li><strong>CE-Software-Risikobeurteilung</strong> ${de ? '\\u2014 F\\u00fcr Maschinenverordnung und Produktsicherheit' : '\\u2014 For Machinery Regulation and product safety'}</li>
-        <li><strong>Jira-Integration</strong> ${de ? '\\u2014 Findings als Tickets mit Implementierungsvorschl\\u00e4gen' : '\\u2014 Findings as tickets with implementation suggestions'}</li>
+        <li><strong>Issue-Tracker-Integration</strong> ${de ? '\\u2014 Findings als Tickets mit Implementierungsvorschl\\u00e4gen' : '\\u2014 Findings as tickets with implementation suggestions'}</li>
        <li><strong>Audit-Trail</strong> ${de ? '\\u2014 L\\u00fcckenloser Nachweis von Erkennung bis Behebung' : '\\u2014 Complete evidence from detection to remediation'}</li>
      </ul>
    </div>
@@ -191,7 +202,7 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
        <li><strong>Audit Manager</strong> ${de ? '\\u2014 Abweichungen End-to-End: Rollen, Stichtage, Eskalation' : '\\u2014 Deviations end-to-end: roles, deadlines, escalation'}</li>
        <li><strong>Compliance LLM</strong> ${de ? '\\u2014 GPT f\\u00fcr Text und Audio, sicher in der EU gehostet' : '\\u2014 GPT for text and audio, securely hosted in EU'}</li>
        <li><strong>Academy</strong> ${de ? '\\u2014 Online-Schulungen f\\u00fcr GF und Mitarbeiter' : '\\u2014 Online training for management and employees'}</li>
-        <li><strong>${de ? 'BSI-Cloud DE / OVH FR' : 'BSI Cloud DE / OVH FR'}</strong> ${de ? '\\u2014 Keine US-SaaS, Jitsi, Matrix, volle Integration' : '\\u2014 No US SaaS, Jitsi, Matrix, full integration'}</li>
+        <li><strong>${de ? 'BSI-Cloud DE / FR' : 'BSI Cloud DE / FR'}</strong> ${de ? '\\u2014 Keine US-SaaS, Jitsi, Matrix, volle Integration' : '\\u2014 No US SaaS, Jitsi, Matrix, full integration'}</li>
      </ul>
    </div>
  </div>
@@ -208,9 +219,9 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
    <div class="card bottom-card">
      <div class="section-title">${de ? 'Gesch\\u00e4ftsmodell' : 'Business Model'}</div>
      <ul>
-        <li><strong>SaaS Cloud</strong> ${de ? '\\u2014 BSI DE / OVH FR, mitarbeiterbasiert' : '\\u2014 BSI DE / OVH FR, employee-based'}</li>
+        <li><strong>SaaS Cloud</strong> ${de ? '\\u2014 BSI DE / FR, mitarbeiterbasiert' : '\\u2014 BSI DE / FR, employee-based'}</li>
        <li><strong>${de ? 'Modular w\\u00e4hlbar' : 'Modular choice'}</strong> ${de ? '\\u2014 Einzelne Module oder Full Compliance' : '\\u2014 Single modules or full compliance'}</li>
-        <li><strong>${de ? 'ROI ab Tag 1' : 'ROI from day 1'}</strong> ${de ? '\\u2014 Kunde spart 50.000+ EUR/Jahr' : '\\u2014 Customer saves EUR 50,000+/year'}</li>
+        <li><strong>${de ? 'ROI ab Tag 1' : 'ROI from day 1'}</strong> ${de ? '\\u2014 KMU spart 55.000 EUR/Jahr (3,7x ROI)' : '\\u2014 SME saves EUR 55,000/year (3.7x ROI)'}</li>
      </ul>
    </div>
    <div class="card bottom-card">
@@ -393,7 +404,7 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
              de ? 'SAST + DAST + SBOM — bei jeder Code-Änderung' : 'SAST + DAST + SBOM — on every code change',
              de ? 'KI-gestütztes Pentesting — kontinuierlich statt jährlich' : 'AI-powered pentesting — continuous not annual',
              de ? 'CE-Software-Risikobeurteilung für Maschinenverordnung' : 'CE software risk assessment for Machinery Regulation',
-              de ? 'Integration in Kundenprozesse — Tickets mit Implementierungsvorschlägen' : 'Integration into customer processes — tickets with implementation suggestions',
+              de ? 'AI Act Compliance (UCCA) + Tender Matching gegen Codebase' : 'AI Act Compliance (UCCA) + Tender Matching against codebase',
              de ? 'Lückenloser Audit-Trail von Erkennung bis Behebung' : 'Complete audit trail from detection to remediation',
            ].map((item, idx) => (
              <p key={idx} className="text-xs text-white/60 pl-3 relative">
@@ -416,7 +427,7 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
              de ? 'Audit Manager — Abweichungen End-to-End mit Eskalation' : 'Audit Manager — deviations end-to-end with escalation',
              de ? 'Compliance LLM — GPT für Text und Audio, EU-gehostet' : 'Compliance LLM — GPT for text and audio, EU-hosted',
              de ? 'Academy — Online-Schulungen für GF und Mitarbeiter' : 'Academy — online training for management and employees',
-              de ? 'BSI-Cloud DE / OVH FR' : 'BSI Cloud DE / OVH FR',
+              de ? 'BSI-Cloud DE / FR' : 'BSI Cloud DE / FR',
            ].map((item, idx) => (
              <p key={idx} className="text-xs text-white/60 pl-3 relative">
                <span className="absolute left-0 top-1 w-1.5 h-1.5 rounded-full bg-cyan-400/60" />
@@ -464,9 +475,9 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
            { name: 'Consent', desc: de ? 'Einwilligungen' : 'Consent mgmt', color: '#14b8a6', icon: UserCheck },
            { name: de ? 'Notfallpläne' : 'Incident Resp.', desc: de ? 'Vorfälle, Meldung' : 'Breaches, reporting', color: '#f59e0b', icon: AlertTriangle },
            { name: 'Compliance LLM', desc: de ? 'GPT Text + Audio' : 'GPT text + audio', color: '#a855f7', icon: Brain },
-            { name: 'Cookie-Generator', desc: de ? 'Cookie-Banner' : 'Cookie banner', color: '#8b5cf6', icon: Shield },
+            { name: 'Tender Matching', desc: de ? 'RFQ gegen Codebase' : 'RFQ vs codebase', color: '#8b5cf6', icon: Shield },
            { name: 'Academy', desc: de ? 'Schulungen' : 'Training', color: '#ec4899', icon: GraduationCap },
-            { name: de ? 'Integration' : 'Integration', desc: de ? 'Ticketsysteme' : 'Ticket systems', color: '#0ea5e9', icon: Cpu },
+            { name: 'AI Act Compliance', desc: de ? 'UCCA, Betriebsrat' : 'UCCA, works council', color: '#0ea5e9', icon: Cpu },
            { name: de ? 'Kommunikation' : 'Communication', desc: de ? 'Chat + Video + AI' : 'Chat + video + AI', color: '#22c55e', icon: Server },
          ].map((mod, idx) => {
            const Icon = mod.icon
@@ -527,20 +538,21 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
              <span>{de ? 'Jahr' : 'Year'}</span><span className="text-right">MA</span><span className="text-right">{de ? 'Kunden' : 'Customers'}</span><span className="text-right">ARR</span>
            </div>
            <div className="space-y-1">
-              {[
-                { year: '2026', emp: '5', cust: '~17', arr: de ? '~84k EUR' : '~EUR 84k' },
-                { year: '2027', emp: '10', cust: '~132', arr: de ? '~1,1 Mio. EUR' : '~EUR 1.1M' },
-                { year: '2028', emp: '17', cust: '~400', arr: de ? '~3,6 Mio. EUR' : '~EUR 3.6M' },
-                { year: '2029', emp: '25', cust: '~780', arr: de ? '~6,9 Mio. EUR' : '~EUR 6.9M' },
-                { year: '2030', emp: '35', cust: '~1.320', arr: de ? '~11,1 Mio. EUR' : '~EUR 11.1M' },
-              ].map((r, idx) => (
+              {annualKPIs.length === 0 ? (
+                <p className="text-xs text-white/30 text-center py-2">{de ? 'Lade Finanzplan...' : 'Loading financial plan...'}</p>
+              ) : annualKPIs.map((k, idx) => {
+                const arrLabel = k.arr >= 1_000_000
+                  ? (de ? `~${(k.arr / 1_000_000).toFixed(1).replace('.', ',')} Mio. EUR` : `~EUR ${(k.arr / 1_000_000).toFixed(1)}M`)
+                  : (de ? `~${Math.round(k.arr / 1000)}k EUR` : `~EUR ${Math.round(k.arr / 1000)}k`)
+                return (
                  <div key={idx} className="grid grid-cols-4 gap-x-3 text-xs">
-                  <span className="text-white/40">{r.year}</span>
-                  <span className="text-right text-white/50">{r.emp}</span>
-                  <span className="text-right text-white/50">{r.cust}</span>
-                  <span className={`text-right font-mono ${idx >= 3 ? 'text-emerald-300 font-bold' : 'text-white/70'}`}>{r.arr}</span>
+                    <span className="text-white/40">{k.year}</span>
+                    <span className="text-right text-white/50">{k.employees}</span>
+                    <span className="text-right text-white/50">~{k.customers.toLocaleString('de-DE')}</span>
+                    <span className={`text-right font-mono ${idx >= 3 ? 'text-emerald-300 font-bold' : 'text-white/70'}`}>{arrLabel}</span>
                  </div>
-              ))}
+                )
+              })}
            </div>
          </GlassCard>

@@ -578,10 +590,9 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
            <h3 className="text-xs font-bold text-amber-400 uppercase tracking-wider mb-2">{de ? 'Pricing' : 'Pricing'}</h3>
            <div className="space-y-1.5">
              {[
-                { tier: 'Startup', price: de ? 'ab 3.600€/J.' : 'from €3,600/yr' },
-                { tier: '10–50 MA', price: de ? 'ab 15.000€/J.' : 'from €15k/yr' },
-                { tier: '50–250 MA', price: de ? 'ab 30.000€/J.' : 'from €30k/yr' },
-                { tier: '250+ MA', price: de ? 'ab 40.000€/J.' : 'from €40k/yr', highlight: true },
+                { tier: de ? 'Starter (<10 MA)' : 'Starter (<10 emp.)', price: de ? '3.600€/J.' : '€3,600/yr' },
+                { tier: de ? 'Professional (10–250)' : 'Professional (10–250)', price: de ? '15.000–40.000€/J.' : '€15k–40k/yr', highlight: true },
+                { tier: de ? 'Enterprise (250+)' : 'Enterprise (250+)', price: de ? 'ab 50.000€/J.' : 'from €50k/yr' },
              ].map((t, idx) => (
                <div key={idx} className={`flex justify-between text-xs ${t.highlight ? 'text-amber-300 font-bold' : 'text-white/60'}`}>
                  <span>{t.tier}</span>
@@ -593,11 +604,12 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl

          <GlassCard delay={0.65} hover={false} className="p-3">
            <h3 className="text-xs font-bold text-emerald-400 uppercase tracking-wider mb-2">{de ? 'Kundenersparnis' : 'Customer Savings'}</h3>
-            <div className="space-y-1.5 text-xs text-white/60">
-              <div className="flex justify-between"><span>Pentests</span><strong className="text-emerald-300">30k</strong></div>
-              <div className="flex justify-between"><span>CE-Beurt.</span><strong className="text-emerald-300">20k</strong></div>
-              <div className="flex justify-between"><span>Audit Mgr.</span><strong className="text-emerald-300">60k+</strong></div>
-              <div className="flex justify-between border-t border-white/10 pt-1 mt-1"><span className="font-bold text-white/80">{de ? 'pro Jahr' : '/year'}</span><strong className="text-emerald-300">50-110k</strong></div>
+            <div className="space-y-1 text-xs text-white/60">
+              <div className="flex justify-between"><span>Pentests</span><strong className="text-emerald-300">13k</strong></div>
+              <div className="flex justify-between"><span>CE-Risiko</span><strong className="text-emerald-300">9k</strong></div>
+              <div className="flex justify-between"><span>{de ? 'Compliance-Zeit' : 'Compliance time'}</span><strong className="text-emerald-300">15k</strong></div>
+              <div className="flex justify-between"><span>{de ? 'Audit-Vorb.' : 'Audit prep.'}</span><strong className="text-emerald-300">9k</strong></div>
+              <div className="flex justify-between border-t border-white/10 pt-1 mt-1"><span className="font-bold text-white/80">{de ? 'KMU/Jahr' : 'SME/year'}</span><strong className="text-emerald-300">55k</strong></div>
            </div>
          </GlassCard>
        </div>
@@ -607,10 +619,10 @@ export default function ExecutiveSummarySlide({ lang, data }: ExecutiveSummarySl
      {/* Disclaimer */}
      <FadeInView delay={0.7} className="mb-4">
        <div className="bg-white/[0.03] border border-white/[0.03] rounded-lg px-4 py-3">
-          <h4 className="text-[10px] font-bold text-white/30 uppercase tracking-wider mb-1">{de ? 'Hinweis / Haftungsausschluss' : 'Disclaimer'}</h4>
-          <p className="text-[9px] text-white/20 leading-relaxed">
+          <h4 className="text-xs font-bold text-white/40 uppercase tracking-wider mb-1">{de ? 'Hinweis / Haftungsausschluss' : 'Disclaimer'}</h4>
+          <p className="text-[11px] text-white/30 leading-relaxed">
            {de
-              ? 'Dieses Dokument dient ausschliesslich Informationszwecken und stellt weder ein Angebot zum Verkauf noch eine Aufforderung zum Kauf von Anteilen oder Wertpapieren dar. Die enthaltenen Informationen wurden vom Team Breakpilot (Gruenderteam, noch keine Gesellschaft gegruendet) nach bestem Wissen und Gewissen erstellt, koennen jedoch unvollstaendig sein und jederzeit ohne vorherige Ankuendigung geaendert werden. Es wird keine ausdrueckliche oder konkludente Gewaehr fuer die Richtigkeit, Vollstaendigkeit oder Aktualitaet der Inhalte uebernommen. Dieses Dokument enthaelt zukunftsgerichtete Aussagen, die auf aktuellen Annahmen und Erwartungen beruhen und mit erheblichen Risiken und Unsicherheiten verbunden sind. Die tatsaechlichen Ergebnisse koennen wesentlich von den dargestellten abweichen. Eine Investitionsentscheidung sollte ausschliesslich auf Grundlage weitergehender, rechtlich verbindlicher Unterlagen sowie unter Hinzuziehung eigener rechtlicher, steuerlicher und finanzieller Beratung getroffen werden. Soweit gesetzlich zulaessig, wird jede Haftung des Team Breakpilot sowie seiner Mitglieder fuer etwaige Schaeden, die direkt oder indirekt aus der Nutzung dieses Dokuments entstehen, ausgeschlossen. Dieses Dokument ist vertraulich und ausschliesslich fuer den vorgesehenen Empfaenger bestimmt. Eine Weitergabe, Vervielfaeltigung oder Veroeffentlichung ist ohne vorherige schriftliche Zustimmung nicht gestattet.'
+              ? 'Dieses Dokument dient ausschließlich Informationszwecken und stellt weder ein Angebot zum Verkauf noch eine Aufforderung zum Kauf von Anteilen oder Wertpapieren dar. Die enthaltenen Informationen wurden vom Team Breakpilot (Gründerteam, noch keine Gesellschaft gegründet) nach bestem Wissen und Gewissen erstellt, können jedoch unvollständig sein und jederzeit ohne vorherige Ankündigung geändert werden. Es wird keine ausdrückliche oder konkludente Gewähr für die Richtigkeit, Vollständigkeit oder Aktualität der Inhalte übernommen. Dieses Dokument enthält zukunftsgerichtete Aussagen, die auf aktuellen Annahmen und Erwartungen beruhen und mit erheblichen Risiken und Unsicherheiten verbunden sind. Die tatsächlichen Ergebnisse können wesentlich von den dargestellten abweichen. Eine Investitionsentscheidung sollte ausschließlich auf Grundlage weitergehender, rechtlich verbindlicher Unterlagen sowie unter Hinzuziehung eigener rechtlicher, steuerlicher und finanzieller Beratung getroffen werden. Soweit gesetzlich zulässig, wird jede Haftung des Team Breakpilot sowie seiner Mitglieder für etwaige Schäden, die direkt oder indirekt aus der Nutzung dieses Dokuments entstehen, ausgeschlossen. Dieses Dokument ist vertraulich und ausschließlich für den vorgesehenen Empfänger bestimmt. Eine Weitergabe, Vervielfältigung oder Veröffentlichung ist ohne vorherige schriftliche Zustimmung nicht gestattet.'
              : 'This document is for informational purposes only and does not constitute an offer to sell or a solicitation to purchase shares or securities. The information contained herein was prepared by Team Breakpilot (founding team, no company incorporated yet) to the best of their knowledge, but may be incomplete and subject to change without prior notice. No express or implied warranty is given for the accuracy, completeness or timeliness of the content. This document contains forward-looking statements based on current assumptions and expectations that involve significant risks and uncertainties. Actual results may differ materially. Any investment decision should be based solely on further legally binding documents and with the advice of independent legal, tax and financial counsel. To the extent permitted by law, all liability of Team Breakpilot and its members for any damages arising directly or indirectly from the use of this document is excluded. This document is confidential and intended solely for the designated recipient. Distribution, reproduction or publication without prior written consent is prohibited.'
            }
          </p>
@@ -3,6 +3,7 @@
 import { useState } from 'react'
 import { Language } from '@/lib/types'
 import { t } from '@/lib/i18n'
+import ProjectionFooter from '../ui/ProjectionFooter'
 import { useFinancialModel } from '@/lib/hooks/useFinancialModel'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
@@ -21,11 +22,12 @@ type FinTab = 'overview' | 'guv' | 'cashflow'
 interface FinancialsSlideProps {
  lang: Language
  investorId: string | null
+  preferredScenarioId?: string | null
 }

-export default function FinancialsSlide({ lang, investorId }: FinancialsSlideProps) {
+export default function FinancialsSlide({ lang, investorId, preferredScenarioId }: FinancialsSlideProps) {
  const i = t(lang)
-  const fm = useFinancialModel(investorId)
+  const fm = useFinancialModel(investorId, preferredScenarioId)
  const [activeTab, setActiveTab] = useState<FinTab>('overview')
  const de = lang === 'de'

@@ -46,7 +48,7 @@ export default function FinancialsSlide({ lang, investorId }: FinancialsSlidePro
  const initialFunding = (fm.activeScenario?.assumptions.find(a => a.key === 'initial_funding')?.value as number) || 200000

  const tabs: { id: FinTab; label: string }[] = [
-    { id: 'overview', label: de ? 'Uebersicht' : 'Overview' },
+    { id: 'overview', label: de ? 'Übersicht' : 'Overview' },
    { id: 'guv', label: de ? 'GuV (Jahres)' : 'P&L (Annual)' },
    { id: 'cashflow', label: de ? 'Cashflow & Finanzbedarf' : 'Cashflow & Funding' },
  ]
@@ -116,7 +118,7 @@ export default function FinancialsSlide({ lang, investorId }: FinancialsSlidePro
            className={`px-3 py-1.5 rounded-lg text-xs transition-all
              ${activeTab === tab.id
                ? 'bg-indigo-500/20 text-indigo-300 border border-indigo-500/30'
-                : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06]'
+                : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06] animate-[pulse_3s_ease-in-out_infinite]'
              }`}
          >
            {tab.label}
@@ -124,10 +126,8 @@ export default function FinancialsSlide({ lang, investorId }: FinancialsSlidePro
        ))}
      </div>

-      {/* Main content: 3-column layout */}
-      <div className="grid md:grid-cols-12 gap-3">
-        {/* Left: Charts (8 columns) */}
-        <div className="md:col-span-8 space-y-3">
+      {/* Main content: full width */}
+      <div className="space-y-3">

          {/* TAB: Overview — monatlicher Chart + Waterfall + Unit Economics */}
          {activeTab === 'overview' && (
@@ -222,77 +222,7 @@ export default function FinancialsSlide({ lang, investorId }: FinancialsSlidePro
            </FadeInView>
          )}
      </div>
-
-        {/* Right: Controls (4 columns) */}
-        <div className="md:col-span-4 space-y-3">
-          {/* Scenario Switcher */}
-          <FadeInView delay={0.15}>
-            <div className="bg-white/[0.05] backdrop-blur-xl border border-white/10 rounded-2xl p-3">
-              <ScenarioSwitcher
-                scenarios={fm.scenarios}
-                activeId={fm.activeScenarioId}
-                compareMode={fm.compareMode}
-                onSelect={(id) => {
-                  fm.setActiveScenarioId(id)
-                }}
-                onToggleCompare={() => {
-                  if (!fm.compareMode) {
-                    fm.computeAll()
-                  }
-                  fm.setCompareMode(!fm.compareMode)
-                }}
-                lang={lang}
-              />
-            </div>
-          </FadeInView>
-
-          {/* Assumption Sliders */}
-          <FadeInView delay={0.2}>
-            <div className="bg-white/[0.05] backdrop-blur-xl border border-white/10 rounded-2xl p-3">
-              <p className="text-[10px] text-white/40 uppercase tracking-wider mb-2">
-                {i.financials.adjustAssumptions}
-              </p>
-              {fm.activeScenario && (
-                <FinancialSliders
-                  assumptions={fm.activeScenario.assumptions}
-                  onAssumptionChange={(key, value) => {
-                    if (fm.activeScenarioId) {
-                      fm.updateAssumption(fm.activeScenarioId, key, value)
-                    }
-                  }}
-                  lang={lang}
-                />
-              )}
-              {fm.computing && (
-                <div className="flex items-center gap-2 mt-2 text-[10px] text-indigo-400">
-                  <div className="w-3 h-3 border border-indigo-400 border-t-transparent rounded-full animate-spin" />
-                  {de ? 'Berechne...' : 'Computing...'}
-                </div>
-              )}
-
-              {/* Snapshot status + reset */}
-              {investorId && (
-                <div className="flex items-center justify-between mt-2 pt-2 border-t border-white/5">
-                  <span className="text-[9px] text-white/30">
-                    {fm.snapshotStatus === 'saving' && (de ? 'Speichere...' : 'Saving...')}
-                    {fm.snapshotStatus === 'saved' && (de ? 'Ihre Aenderungen gespeichert' : 'Your changes saved')}
-                    {fm.snapshotStatus === 'restored' && (de ? 'Ihre Werte geladen' : 'Your values restored')}
-                    {fm.snapshotStatus === 'default' && (de ? 'Standardwerte' : 'Defaults')}
-                  </span>
-                  {fm.snapshotStatus !== 'default' && (
-                    <button
-                      onClick={() => fm.activeScenarioId && fm.resetToDefaults(fm.activeScenarioId)}
-                      className="text-[9px] text-white/40 hover:text-white/70 transition-colors"
-                    >
-                      {de ? 'Zuruecksetzen' : 'Reset to defaults'}
-                    </button>
-                  )}
-                </div>
-              )}
-            </div>
-          </FadeInView>
-        </div>
-      </div>
+      <ProjectionFooter lang={lang} />
    </div>
  )
 }
@@ -1,8 +1,11 @@
 'use client'

-import { useCallback, useEffect, useState } from 'react'
+import { useCallback, useEffect, useMemo, useState } from 'react'
 import { Language } from '@/lib/types'
 import { t } from '@/lib/i18n'
+import { useFinancialModel } from '@/lib/hooks/useFinancialModel'
+import { computeAnnualKPIs } from '@/lib/finanzplan/annual-kpis'
+import ProjectionFooter from '../ui/ProjectionFooter'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
@@ -10,6 +13,8 @@ import { RefreshCw, Download, ChevronLeft, ChevronRight, BarChart3, Target } fro

 interface FinanzplanSlideProps {
  lang: Language
+  investorId?: string | null
+  preferredScenarioId?: string | null
 }

 interface SheetMeta {
@@ -56,7 +61,7 @@ function formatCell(v: number | undefined): string {
  return Math.round(v).toLocaleString('de-DE', { maximumFractionDigits: 0 })
 }

-export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
+export default function FinanzplanSlide({ lang, investorId, preferredScenarioId }: FinanzplanSlideProps) {
  const [sheets, setSheets] = useState<SheetMeta[]>([])
  const [activeSheet, setActiveSheet] = useState<string>('personalkosten')
  const [rows, setRows] = useState<SheetRow[]>([])
@@ -65,6 +70,18 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
  const [yearOffset, setYearOffset] = useState(0) // 0=2026, 1=2027, ...
  const de = lang === 'de'

+  // Financial model — same source as FinancialsSlide (Slide 15)
+  const fm = useFinancialModel(investorId || null, preferredScenarioId)
+  const annualKPIs = useMemo(
+    () => computeAnnualKPIs(fm.activeResults?.results || []),
+    [fm.activeResults],
+  )
+
+  // Determine fp_scenario_id from the active FM scenario name
+  const fpScenarioParam = fm.activeScenario?.name?.toLowerCase().includes('wandeldarlehen')
+    ? '?scenarioId=c0000000-0000-0000-0000-000000000200'
+    : ''
+
  // Load sheet list
  useEffect(() => {
    fetch('/api/finanzplan')
@@ -82,12 +99,12 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
    }
    setLoading(true)
    try {
-      const r = await fetch(`/api/finanzplan/${name}`)
+      const r = await fetch(`/api/finanzplan/${name}${fpScenarioParam}`)
      const data = await r.json()
      setRows(data.rows || [])
    } catch { /* ignore */ }
    setLoading(false)
-  }, [])
+  }, [fpScenarioParam])

  useEffect(() => { loadSheet(activeSheet) }, [activeSheet, loadSheet])

@@ -190,24 +207,25 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
            </thead>
            <tbody>
              {(() => {
-                // Compute KPIs from loaded data — we need liquidität and umsatz data
-                // These are approximate since we don't have all sheets loaded simultaneously
+                if (annualKPIs.length === 0) return (
+                  <tr><td colSpan={6} className="text-center py-4 text-white/30">{de ? 'Finanzmodell wird geladen...' : 'Loading financial model...'}</td></tr>
+                )
                const kpiRows = [
-                  { label: 'MRR (Dez)', values: [6100, 84450, 267950, 517650, 834750], unit: '€', bold: true },
-                  { label: 'ARR', values: [73200, 1013400, 3215400, 6211800, 10017000], unit: '€', bold: true },
-                  { label: de ? 'Kunden (Dez)' : 'Customers (Dec)', values: [14, 117, 370, 726, 1200], unit: '', bold: false },
-                  { label: 'ARPU (MRR/Kunden)', values: [436, 722, 724, 713, 696], unit: '€', bold: false },
-                  { label: de ? 'Mitarbeiter' : 'Employees', values: [5, 10, 17, 25, 35], unit: '', bold: false },
-                  { label: de ? 'Umsatz/Mitarbeiter' : 'Revenue/Employee', values: [14640, 101340, 189141, 248472, 286200], unit: '€', bold: false },
-                  { label: de ? 'Personalkosten' : 'Personnel Costs', values: [58768, 740968, 1353764, 2154301, 3129479], unit: '€', bold: false },
-                  { label: 'EBIT', values: [-95099, -566293, -4019, 1315689, 3144137], unit: '€', bold: true },
-                  { label: de ? 'EBIT-Marge' : 'EBIT Margin', values: [-130, -56, -1, 21, 31], unit: '%', bold: false },
-                  { label: de ? 'Steuern' : 'Taxes', values: [0, 0, 0, 182565, 882717], unit: '€', bold: false },
-                  { label: de ? 'Jahresüberschuss' : 'Net Income', values: [-95099, -566293, -4019, 1133124, 2261420], unit: '€', bold: true },
-                  { label: de ? 'Serverkosten/Kunde' : 'Server Cost/Customer', values: [100, 100, 100, 100, 100], unit: '€', bold: false },
-                  { label: de ? 'Bruttomarge' : 'Gross Margin', values: [100, 100, 92, 90, 88], unit: '%', bold: false },
-                  { label: 'Burn Rate (Dez)', values: [44734, 28364, 0, 0, 0], unit: '€/Mo', bold: false },
-                  { label: de ? 'Runway (Monate)' : 'Runway (months)', values: [19, 4, '∞', '∞', '∞'], unit: '', bold: false },
+                  { label: 'MRR (Dez)', values: annualKPIs.map(k => k.mrr), unit: '€', bold: true },
+                  { label: 'ARR', values: annualKPIs.map(k => k.arr), unit: '€', bold: true },
+                  { label: de ? 'Kunden (Dez)' : 'Customers (Dec)', values: annualKPIs.map(k => k.customers), unit: '', bold: false },
+                  { label: 'ARPU (MRR/Kunden)', values: annualKPIs.map(k => k.arpu), unit: '€', bold: false },
+                  { label: de ? 'Mitarbeiter' : 'Employees', values: annualKPIs.map(k => k.employees), unit: '', bold: false },
+                  { label: de ? 'Umsatz/Mitarbeiter' : 'Revenue/Employee', values: annualKPIs.map(k => k.revenuePerEmployee), unit: '€', bold: false },
+                  { label: de ? 'Personalkosten' : 'Personnel Costs', values: annualKPIs.map(k => k.personnelCosts), unit: '€', bold: false },
+                  { label: 'EBIT', values: annualKPIs.map(k => k.ebit), unit: '€', bold: true },
+                  { label: de ? 'EBIT-Marge' : 'EBIT Margin', values: annualKPIs.map(k => k.ebitMargin), unit: '%', bold: false },
+                  { label: de ? 'Steuern' : 'Taxes', values: annualKPIs.map(k => k.taxes), unit: '€', bold: false },
+                  { label: de ? 'Jahresueberschuss' : 'Net Income', values: annualKPIs.map(k => k.netIncome), unit: '€', bold: true },
+                  { label: de ? 'Serverkosten/Kunde' : 'Server Cost/Customer', values: annualKPIs.map(k => k.serverCostPerCustomer), unit: '€', bold: false },
+                  { label: de ? 'Bruttomarge' : 'Gross Margin', values: annualKPIs.map(k => k.grossMargin), unit: '%', bold: false },
+                  { label: 'Burn Rate (Dez)', values: annualKPIs.map(k => k.burnRate), unit: '€/Mo', bold: false },
+                  { label: de ? 'Runway (Monate)' : 'Runway (months)', values: annualKPIs.map(k => k.runway === null ? '∞' : k.runway), unit: '', bold: false },
                ]
                return kpiRows.map((row, idx) => (
                  <tr key={idx} className={`border-b border-white/[0.03] ${row.bold ? 'bg-white/[0.03]' : ''}`}>
@@ -240,13 +258,11 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
          <GlassCard hover={false} className="p-4">
            <h3 className="text-xs font-bold text-indigo-400 uppercase tracking-wider mb-3">{de ? 'MRR & Kundenentwicklung' : 'MRR & Customer Growth'}</h3>
            <div className="grid grid-cols-5 gap-1 items-end h-48">
-              {[
-                { year: '2026', mrr: 6100, cust: 14, max_mrr: 834750, max_cust: 1200 },
-                { year: '2027', mrr: 84450, cust: 117, max_mrr: 834750, max_cust: 1200 },
-                { year: '2028', mrr: 267950, cust: 370, max_mrr: 834750, max_cust: 1200 },
-                { year: '2029', mrr: 517650, cust: 726, max_mrr: 834750, max_cust: 1200 },
-                { year: '2030', mrr: 834750, cust: 1200, max_mrr: 834750, max_cust: 1200 },
-              ].map((d, idx) => (
+              {(() => {
+                const maxMrr = Math.max(...annualKPIs.map(k => k.mrr), 1)
+                const maxCust = Math.max(...annualKPIs.map(k => k.customers), 1)
+                return annualKPIs.map(k => ({ year: String(k.year), mrr: k.mrr, cust: k.customers, max_mrr: maxMrr, max_cust: maxCust }))
+              })().map((d, idx) => (
                <div key={idx} className="flex flex-col items-center gap-1">
                  <div className="flex items-end gap-1 w-full justify-center" style={{ height: '160px' }}>
                    {/* MRR bar */}
@@ -275,56 +291,50 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
            <GlassCard hover={false} className="p-4">
              <h3 className="text-xs font-bold text-purple-400 uppercase tracking-wider mb-3">EBIT</h3>
              <div className="grid grid-cols-5 gap-1 items-end h-36">
-                {[
-                  { year: '2026', val: -95099 },
-                  { year: '2027', val: -566293 },
-                  { year: '2028', val: -4019 },
-                  { year: '2029', val: 1315689 },
-                  { year: '2030', val: 3144137 },
-                ].map((d, idx) => {
-                  const maxAbs = 3144137
-                  const h = Math.abs(d.val) / maxAbs * 100
+                {(() => {
+                  const maxAbs = Math.max(...annualKPIs.map(k => Math.abs(k.ebit)), 1)
+                  return annualKPIs.map((k, idx) => {
+                    const h = Math.abs(k.ebit) / maxAbs * 100
                    return (
                      <div key={idx} className="flex flex-col items-center">
                        <div className="w-10 flex flex-col justify-end" style={{ height: '110px' }}>
-                        {d.val >= 0 ? (
+                          {k.ebit >= 0 ? (
                            <div className="bg-emerald-500/60 rounded-t w-full" style={{ height: `${h}px` }}>
-                            <div className="text-[7px] text-emerald-300 text-center -mt-3 whitespace-nowrap">{Math.round(d.val/1000)}k</div>
+                              <div className="text-[7px] text-emerald-300 text-center -mt-3 whitespace-nowrap">{Math.round(k.ebit/1000)}k</div>
                            </div>
                          ) : (
                            <div className="flex flex-col justify-end h-full">
                              <div className="bg-red-500/60 rounded-b w-full" style={{ height: `${h}px` }}>
-                              <div className="text-[7px] text-red-300 text-center mt-1 whitespace-nowrap">{Math.round(d.val/1000)}k</div>
+                                <div className="text-[7px] text-red-300 text-center mt-1 whitespace-nowrap">{Math.round(k.ebit/1000)}k</div>
                              </div>
                            </div>
                          )}
                        </div>
-                      <span className="text-[10px] text-white/40 mt-1">{d.year}</span>
+                        <span className="text-[10px] text-white/40 mt-1">{k.year}</span>
                      </div>
                    )
-                })}
+                  })
+                })()}
              </div>
            </GlassCard>

            <GlassCard hover={false} className="p-4">
              <h3 className="text-xs font-bold text-amber-400 uppercase tracking-wider mb-3">{de ? 'Personalaufbau' : 'Headcount'}</h3>
              <div className="grid grid-cols-5 gap-1 items-end h-36">
-                {[
-                  { year: '2026', val: 5 },
-                  { year: '2027', val: 10 },
-                  { year: '2028', val: 17 },
-                  { year: '2029', val: 25 },
-                  { year: '2030', val: 35 },
-                ].map((d, idx) => (
+                {(() => {
+                  const maxEmp = Math.max(...annualKPIs.map(k => k.employees), 1)
+                  return annualKPIs.map(k => ({ year: String(k.year), val: k.employees }))
+                    .map((d, idx) => (
                      <div key={idx} className="flex flex-col items-center">
                        <div className="w-10 flex flex-col justify-end" style={{ height: '110px' }}>
-                      <div className="bg-amber-500/60 rounded-t w-full" style={{ height: `${(d.val / 35) * 100}px` }}>
+                          <div className="bg-amber-500/60 rounded-t w-full" style={{ height: `${(d.val / maxEmp) * 100}px` }}>
                            <div className="text-[8px] text-amber-300 text-center -mt-3 font-bold">{d.val}</div>
                          </div>
                        </div>
                        <span className="text-[10px] text-white/40 mt-1">{d.year}</span>
                      </div>
-                ))}
+                    ))
+                })()}
              </div>
            </GlassCard>
          </div>
@@ -368,7 +378,7 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
              {rows.map(row => {
                const values = getValues(row)
                const label = getLabel(row)
-                const isSumRow = row.is_sum_row || label.includes('EBIT') || label.includes('Summe') || label.includes('Rohergebnis') || label.includes('Gesamtleistung') || label.includes('Jahresueberschuss') || label.includes('Ergebnis')
+                const isSumRow = row.is_sum_row || label.includes('EBIT') || label.includes('Summe') || label.includes('Rohergebnis') || label.includes('Gesamtleistung') || label.includes('Jahresüberschuss') || label.includes('Ergebnis')

                return (
                  <tr key={row.id} className={`border-b border-white/[0.03] ${isSumRow ? 'bg-white/[0.03]' : ''} hover:bg-white/[0.02]`}>
@@ -513,11 +523,7 @@ export default function FinanzplanSlide({ lang }: FinanzplanSlideProps) {
      </GlassCard>
      )}

-      <p className="text-center text-[9px] text-white/40 mt-2">
-        {de
-          ? 'Doppelklick auf blaue Zellen zum Bearbeiten · Gründung: 01.08.2026'
-          : 'Double-click blue cells to edit · Founding: 01.08.2026'}
-      </p>
+      <ProjectionFooter lang={lang} />
    </div>
  )
 }
@@ -22,7 +22,7 @@ export default function GTMSlide({ lang }: GTMSlideProps) {
      textColor: 'text-indigo-400',
      items: [
        de ? 'Direktvertrieb an 5-20 KMU in DACH' : 'Direct sales to 5-20 SMEs in DACH',
-        de ? 'Fokus: Gesundheitswesen, Finanzdienstleister, Rechtsanwaelte' : 'Focus: Healthcare, Financial Services, Law Firms',
+        de ? 'Fokus: Maschinen- & Anlagenbau, Automobilindustrie, Elektro- & Digitalindustrie' : 'Focus: Machinery & Plant Eng., Automotive, Electrical & Digital Industry',
        de ? 'Persoenliches Onboarding, White-Glove-Service' : 'Personal onboarding, white-glove service',
        de ? 'Case Studies und Referenzkunden aufbauen' : 'Build case studies and reference customers',
      ],
@@ -32,7 +32,7 @@ export default function GTMSlide({ lang }: GTMSlideProps) {
      color: 'border-purple-500/30 bg-purple-500/5',
      textColor: 'text-purple-400',
      items: [
-        de ? 'Channel-Partnerschaften mit IT-Systemhaeusern' : 'Channel partnerships with IT system integrators',
+        de ? 'Channel-Partnerschaften mit IT-Systemhäusern' : 'Channel partnerships with IT system integrators',
        de ? 'IHK- und Handwerkskammer-Kooperationen' : 'Chamber of Commerce & Industry partnerships',
        de ? 'Content Marketing: Compliance-Webinare, Whitepaper' : 'Content marketing: Compliance webinars, whitepapers',
        de ? 'Zielkunden: 50-200 in regulierten Branchen' : 'Target: 50-200 customers in regulated industries',
@@ -43,9 +43,9 @@ export default function GTMSlide({ lang }: GTMSlideProps) {
      color: 'border-emerald-500/30 bg-emerald-500/5',
      textColor: 'text-emerald-400',
      items: [
-        de ? 'Cloud-Tier fuer groessere Unternehmen (50-500 MA)' : 'Cloud tier for larger companies (50-500 employees)',
-        de ? 'EU-Expansion: Oesterreich, Schweiz, Benelux, Nordics' : 'EU expansion: Austria, Switzerland, Benelux, Nordics',
-        de ? 'OEM/Whitelabel fuer Steuerberater und Wirtschaftspruefer' : 'OEM/whitelabel for tax advisors and auditors',
+        de ? 'Cloud-Tier für größere Unternehmen (50-500 MA)' : 'Cloud tier for larger companies (50-500 employees)',
+        de ? 'EU-Expansion: Österreich, Schweiz, Benelux, Nordics' : 'EU expansion: Austria, Switzerland, Benelux, Nordics',
+        de ? 'OEM/Whitelabel für Steuerberater und Wirtschaftsprüfer' : 'OEM/whitelabel for tax advisors and auditors',
        de ? 'Self-Service-Onboarding und PLG-Motion' : 'Self-service onboarding and PLG motion',
      ],
    },
@@ -53,14 +53,14 @@ export default function GTMSlide({ lang }: GTMSlideProps) {

  const channels = [
    { icon: Target, label: de ? 'Direktvertrieb' : 'Direct Sales', pct: '40%', desc: de ? 'Outbound + Inbound, 2 AEs ab 2027' : 'Outbound + Inbound, 2 AEs from 2027' },
-    { icon: Handshake, label: de ? 'Channel-Partner' : 'Channel Partners', pct: '30%', desc: de ? 'IT-Haendler, Systemhaeuser, MSPs' : 'IT resellers, system integrators, MSPs' },
+    { icon: Handshake, label: de ? 'Channel-Partner' : 'Channel Partners', pct: '30%', desc: de ? 'IT-Händler, Systemhäuser, MSPs' : 'IT resellers, system integrators, MSPs' },
    { icon: Megaphone, label: de ? 'Content & Events' : 'Content & Events', pct: '20%', desc: de ? 'Webinare, Messen (it-sa), SEO' : 'Webinars, trade shows (it-sa), SEO' },
    { icon: Users, label: de ? 'Empfehlungen' : 'Referrals', pct: '10%', desc: de ? 'Bestandskunden-Empfehlungsprogramm' : 'Customer referral program' },
  ]

  const idealCustomer = [
    { icon: Building2, label: de ? '10-250 Mitarbeiter' : '10-250 Employees' },
-    { icon: GraduationCap, label: de ? 'Regulierte Branche (Gesundheit, Finanzen, Energie, KRITIS)' : 'Regulated Industry (Healthcare, Finance, Energy, Critical Infrastructure)' },
+    { icon: GraduationCap, label: de ? 'Produzierende Industrie (Maschinenbau, Automotive, Elektro, Chemie)' : 'Manufacturing Industry (Machinery, Automotive, Electrical, Chemicals)' },
    { icon: Target, label: de ? 'Kein interner Compliance-Officer oder DSB' : 'No Internal Compliance Officer or DPO' },
  ]

@@ -40,14 +40,18 @@ export default function GlossarySlide({ lang }: GlossarySlideProps) {
      ],
    },
    {
-      title: de ? 'EU-Regulierungen' : 'EU Regulations',
+      title: de ? 'EU-Regulierungen & Gesetze' : 'EU Regulations & Laws',
      color: 'text-cyan-400',
      terms: [
        { abbr: 'AI Act', full: de ? 'KI-Verordnung (EU) 2024/1689' : 'AI Regulation (EU) 2024/1689', desc: de ? 'Weltweit erste KI-Regulierung, Risikoklassen für KI-Systeme' : 'World\'s first AI regulation, risk classes for AI systems' },
        { abbr: 'CRA', full: 'Cyber Resilience Act', desc: de ? 'Cybersicherheit für Produkte mit digitalen Elementen, SBOM-Pflicht' : 'Cybersecurity for products with digital elements, SBOM mandatory' },
        { abbr: 'NIS2', full: 'Network and Information Security Directive 2', desc: de ? 'Cybersicherheits-Richtlinie, 30.000+ Unternehmen in DE betroffen' : 'Cybersecurity directive, 30,000+ companies in DE affected' },
        { abbr: 'MVO', full: de ? 'Maschinenverordnung (EU) 2023/1230' : 'Machinery Regulation (EU) 2023/1230', desc: de ? 'CE-Kennzeichnung inkl. Cybersicherheit ab Jan 2027' : 'CE marking incl. cybersecurity from Jan 2027' },
+        { abbr: 'FISA 702', full: 'Foreign Intelligence Surveillance Act, Section 702', desc: de ? 'US-Überwachungsgesetz — erlaubt Zugriff auf Daten von Nicht-US-Personen' : 'US surveillance law — allows access to data of non-US persons' },
+        { abbr: 'Cloud Act', full: 'Clarifying Lawful Overseas Use of Data Act', desc: de ? 'US-Gesetz — extraterritorialer Datenzugriff auf US-Anbieter' : 'US law — extraterritorial data access to US providers' },
+        { abbr: 'BDSG', full: de ? 'Bundesdatenschutzgesetz' : 'Federal Data Protection Act', desc: de ? 'Deutsche Ergänzung zur DSGVO' : 'German supplement to GDPR' },
        { abbr: 'TISAX', full: 'Trusted Information Security Assessment Exchange', desc: de ? 'Informationssicherheits-Standard der Automobilindustrie' : 'Information security standard for automotive industry' },
+        { abbr: 'BSI', full: de ? 'Bundesamt für Sicherheit in der Informationstechnik' : 'Federal Office for Information Security', desc: de ? 'Deutsche Cyber-Sicherheitsbehörde' : 'German cybersecurity authority' },
      ],
    },
    {
@@ -64,6 +68,22 @@ export default function GlossarySlide({ lang }: GlossarySlideProps) {
        { abbr: 'ROI', full: 'Return on Investment', desc: de ? 'Rendite auf die Investition' : 'Return on investment' },
      ],
    },
+    {
+      title: de ? 'Technologie & Plattform' : 'Technology & Platform',
+      color: 'text-amber-400',
+      terms: [
+        { abbr: 'RAG', full: 'Retrieval Augmented Generation', desc: de ? 'KI-Methode: Wissenssuche + Textgenerierung kombiniert' : 'AI method: knowledge retrieval + text generation combined' },
+        { abbr: 'LLM', full: 'Large Language Model', desc: de ? 'Großes Sprachmodell (z.B. GPT, Claude, Qwen)' : 'Large language model (e.g. GPT, Claude, Qwen)' },
+        { abbr: 'UCCA', full: 'Use-Case Compliance Assessment', desc: de ? 'Automatische Bewertung von KI-Anwendungsfällen nach AI Act' : 'Automatic assessment of AI use cases per AI Act' },
+        { abbr: 'FRIA', full: 'Fundamental Rights Impact Assessment', desc: de ? 'Grundrechte-Folgenabschätzung nach Art. 27 AI Act' : 'Fundamental rights impact assessment per Art. 27 AI Act' },
+        { abbr: 'SDK', full: 'Software Development Kit', desc: de ? 'Entwicklungspaket zur Integration in Kundensysteme' : 'Development kit for integration into customer systems' },
+        { abbr: 'OWASP', full: 'Open Web Application Security Project', desc: de ? 'Open-Source-Sicherheitsstandards für Webanwendungen' : 'Open-source security standards for web applications' },
+        { abbr: 'NIST', full: 'National Institute of Standards and Technology', desc: de ? 'US-Behörde für Technologiestandards (auch international anerkannt)' : 'US standards body (internationally recognized)' },
+        { abbr: 'ENISA', full: 'European Union Agency for Cybersecurity', desc: de ? 'EU-Agentur für Cybersicherheit' : 'EU Agency for Cybersecurity' },
+        { abbr: 'CE', full: de ? 'Conformité Européenne' : 'Conformité Européenne', desc: de ? 'EU-Konformitätskennzeichnung für Produkte' : 'EU conformity marking for products' },
+        { abbr: 'RFQ', full: 'Request for Quotation', desc: de ? 'Kundenanfrage / Angebotsanforderung' : 'Customer request for quotation' },
+      ],
+    },
  ]

  return (
@@ -81,11 +101,11 @@ export default function GlossarySlide({ lang }: GlossarySlideProps) {
              <h3 className={`text-xs font-bold ${cat.color} uppercase tracking-wider mb-3`}>{cat.title}</h3>
              <div className="space-y-2">
                {cat.terms.map((term, i) => (
-                  <div key={i} className="flex gap-2">
+                  <div key={i} className="flex gap-2 items-baseline">
                    <span className={`text-xs font-bold ${cat.color} min-w-[65px] shrink-0`}>{term.abbr}</span>
                    <div>
                      <span className="text-xs text-white/70">{term.full}</span>
-                      <span className="text-[10px] text-white/40 ml-1">— {term.desc}</span>
+                      <span className="text-xs text-white/40 ml-1">— {term.desc}</span>
                    </div>
                  </div>
                ))}
@@ -27,8 +27,8 @@ export default function HowItWorksSlide({ lang }: HowItWorksSlideProps) {
      </FadeInView>

      <div className="relative max-w-4xl mx-auto">
-        {/* Connection Line */}
-        <div className="absolute left-8 top-12 bottom-12 w-px bg-gradient-to-b from-blue-500 via-purple-500 to-green-500 hidden md:block" />
+        {/* Connection Line — behind icons (z-0), icons have z-10 with opaque bg */}
+        <div className="absolute left-8 top-20 bottom-20 w-px bg-gradient-to-b from-blue-500/40 via-purple-500/40 to-green-500/40 hidden md:block z-0" />

        <div className="space-y-8">
          {i.howItWorks.steps.map((step, idx) => {
@@ -42,7 +42,7 @@ export default function HowItWorksSlide({ lang }: HowItWorksSlideProps) {
                className="flex items-start gap-6 relative"
              >
                <div className={`
-                  w-16 h-16 rounded-2xl bg-white/[0.06] border border-white/10
+                  w-16 h-16 rounded-2xl bg-[#0c0c1d] border border-white/10
                  flex items-center justify-center shrink-0 relative z-10
                  ${stepColors[idx]}
                `}>
@@ -57,8 +57,8 @@ export default function IntroPresenterSlide({ lang, onStartPresenter, isPresenti
        </h1>
        <p className="text-lg text-white/60 max-w-lg mx-auto mb-8">
          {isDE
-            ? 'Ihr persönlicher KI-Guide durch das BreakPilot ComplAI Pitch Deck. 15 Minuten, alle Fakten, jederzeit unterbrechbar.'
-            : 'Your personal AI guide through the BreakPilot ComplAI pitch deck. 15 minutes, all facts, interruptible at any time.'}
+            ? 'Ihr persönlicher KI-Guide durch das BreakPilot COMPLAI Pitch Deck. 15 Minuten, alle Fakten, jederzeit unterbrechbar.'
+            : 'Your personal AI guide through the BreakPilot COMPLAI pitch deck. 15 minutes, all facts, interruptible at any time.'}
        </p>
      </motion.div>

@@ -22,21 +22,21 @@ interface MarketSourceInfo {
  excerpt_en: string
 }

-// Quellenangaben fuer die Marktzahlen
+// Quellenangaben für die Marktzahlen
 const marketSources: Record<string, MarketSourceInfo[]> = {
  TAM: [
    {
      name: 'Bottom-Up-Validierung: Echte Umsatzdaten der Top-10 Compliance-Anbieter',
      url: 'https://sacra.com/c/vanta/',
      date: '2025-2026',
-      excerpt_de: 'Die Top-10 Compliance-Automation-Anbieter erzielen zusammen ~$1,13 Mrd. Umsatz (Vanta $220M, OneTrust $500M, Drata $100M, Usercentrics $117M, Securiti $76M, DataGuard €52M, Sprinto $38M, heyData €15M, Caralegal €5.8M, Proliance €3.9M). Mit 50+ weiteren Anbietern liegt der Gesamtmarkt bei ~$1,6-2 Mrd. — aktuell nur ~20% des adressierbaren Volumens (Gartner: 80% der Unternehmen managen Compliance noch manuell). Inkl. DevSecOps fuer Manufacturing (~$3,5 Mrd.) ergibt sich ein TAM von $8-12 Mrd.',
+      excerpt_de: 'Die Top-10 Compliance-Automation-Anbieter erzielen zusammen ~$1,13 Mrd. Umsatz (Vanta $220M, OneTrust $500M, Drata $100M, Usercentrics $117M, Securiti $76M, DataGuard €52M, Sprinto $38M, heyData €15M, Caralegal €5.8M, Proliance €3.9M). Mit 50+ weiteren Anbietern liegt der Gesamtmarkt bei ~$1,6-2 Mrd. — aktuell nur ~20% des adressierbaren Volumens (Gartner: 80% der Unternehmen managen Compliance noch manuell). Inkl. DevSecOps für Manufacturing (~$3,5 Mrd.) ergibt sich ein TAM von $8-12 Mrd.',
      excerpt_en: 'The top 10 compliance automation providers generate ~$1.13B combined revenue (Vanta $220M, OneTrust $500M, Drata $100M, Usercentrics $117M, Securiti $76M, DataGuard €52M, Sprinto $38M, heyData €15M, Caralegal €5.8M, Proliance €3.9M). With 50+ additional vendors, the total market is ~$1.6-2B — currently only ~20% of addressable volume (Gartner: 80% manage compliance manually). Incl. DevSecOps for manufacturing (~$3.5B), the TAM is $8-12B.',
    },
    {
      name: 'Grand View Research — GRC Market Report 2024',
      url: 'https://www.grandviewresearch.com/industry-analysis/governance-risk-management-compliance-market',
      date: '2024',
-      excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf 11,8 Mrd. USD bewertet, CAGR 13,8%. Die Compliance-Automation-Welle (Vanta, Drata) zeigt 30-45% Wachstum p.a. — deutlich ueber dem Branchendurchschnitt.',
+      excerpt_de: 'Der globale GRC-Software-Markt wurde 2023 auf 11,8 Mrd. USD bewertet, CAGR 13,8%. Die Compliance-Automation-Welle (Vanta, Drata) zeigt 30-45% Wachstum p.a. — deutlich über dem Branchendurchschnitt.',
      excerpt_en: 'The global GRC software market was valued at USD 11.8B in 2023, CAGR 13.8%. The compliance automation wave (Vanta, Drata) shows 30-45% p.a. growth — well above industry average.',
    },
  ],
@@ -45,7 +45,7 @@ const marketSources: Record<string, MarketSourceInfo[]> = {
      name: 'Bottom-Up: DACH Compliance-Anbieter + NIS2/CRA/AI-Act Expansion',
      url: 'https://www.vdma.org/statistics',
      date: '2025-2026',
-      excerpt_de: 'DACH-Compliance-Umsaetze heute: DataGuard €52M + heyData €15M + Proliance €3.9M + Caralegal €5.8M + OneTrust DACH ~€30M + Secjur/andere ~€10M = ~€120M (nur DSGVO-Compliance). NIS2 erweitert die Regulierung auf 30.000+ Unternehmen (bisher 4.500). CRA und AI Act schaffen voellig neue Pflichten fuer Maschinenbauer. DACH-DevSecOps-Markt: +€300-400M. Gesamtes SAM fuer Compliance + Code-Security in DACH Manufacturing: €850M-1,2 Mrd.',
+      excerpt_de: 'DACH-Compliance-Umsaetze heute: DataGuard €52M + heyData €15M + Proliance €3.9M + Caralegal €5.8M + OneTrust DACH ~€30M + Secjur/andere ~€10M = ~€120M (nur DSGVO-Compliance). NIS2 erweitert die Regulierung auf 30.000+ Unternehmen (bisher 4.500). CRA und AI Act schaffen voellig neue Pflichten für Maschinenbauer. DACH-DevSecOps-Markt: +€300-400M. Gesamtes SAM für Compliance + Code-Security in DACH Manufacturing: €850M-1,2 Mrd.',
      excerpt_en: 'DACH compliance revenues today: DataGuard €52M + heyData €15M + Proliance €3.9M + Caralegal €5.8M + OneTrust DACH ~€30M + Secjur/others ~€10M = ~€120M (GDPR compliance only). NIS2 expands regulation to 30,000+ companies (from 4,500). CRA and AI Act create entirely new obligations for manufacturers. DACH DevSecOps market: +€300-400M. Total SAM for compliance + code security in DACH manufacturing: €850M-1.2B.',
    },
  ],
@@ -54,7 +54,7 @@ const marketSources: Record<string, MarketSourceInfo[]> = {
      name: 'VDMA Mitgliederstatistik + Wettbewerbs-Benchmarks',
      url: 'https://www.vdma.org/mitglieder',
      date: '2025-2026',
-      excerpt_de: 'DACH-weit ca. 5.000 Maschinenbauer mit Eigenentwicklung (VDMA). Bei 10% Marktdurchdringung (~500 Unternehmen) und €14.400/Jahr ARPU (Blended Avg.) ergibt sich ein SOM von €7,2 Mio. Zum Vergleich: Proliance mit 65 Mitarbeitern erreicht €3,9M, heyData mit 58 MA bereits €15M. Mit KI-Automatisierung ist eine hoehere Durchdringung bei niedrigerer Personalintensitaet moeglich.',
+      excerpt_de: 'DACH-weit ca. 5.000 Maschinenbauer mit Eigenentwicklung (VDMA). Bei 10% Marktdurchdringung (~500 Unternehmen) und €14.400/Jahr ARPU (Blended Avg.) ergibt sich ein SOM von €7,2 Mio. Zum Vergleich: Proliance mit 65 Mitarbeitern erreicht €3,9M, heyData mit 58 MA bereits €15M. Mit KI-Automatisierung ist eine höhere Durchdringung bei niedrigerer Personalintensität möglich.',
      excerpt_en: 'Approx. 5,000 DACH machine manufacturers with in-house dev (VDMA). At 10% penetration (~500 companies) and €14,400/yr ARPU (blended avg.), SOM is €7.2M. For comparison: Proliance with 65 employees achieves €3.9M, heyData with 58 employees already €15M. AI automation enables higher penetration with lower headcount intensity.',
    },
  ],
@@ -84,14 +84,14 @@ const pentestMarketSources: Record<string, MarketSourceInfo[]> = {
      name: 'MarketsAndMarkets — Application Security Testing Market 2025',
      url: 'https://www.marketsandmarkets.com/Market-Reports/application-security-testing-market-150735030.html',
      date: '2025',
-      excerpt_de: 'Der globale AST-Markt (SAST, DAST, IAST, SCA) wird auf $8,5 Mrd. (2025) geschaetzt und soll bis 2030 auf $19,5 Mrd. wachsen (CAGR 18,2%). Hinzu kommt der Pentesting-Markt ($2,7 Mrd.) und der Compliance-Convergence-Anteil ($1,8 Mrd.). Gesamt-TAM fuer integriertes AppSec + Compliance: ~$13 Mrd.',
+      excerpt_de: 'Der globale AST-Markt (SAST, DAST, IAST, SCA) wird auf $8,5 Mrd. (2025) geschätzt und soll bis 2030 auf $19,5 Mrd. wachsen (CAGR 18,2%). Hinzu kommt der Pentesting-Markt ($2,7 Mrd.) und der Compliance-Convergence-Anteil ($1,8 Mrd.). Gesamt-TAM für integriertes AppSec + Compliance: ~$13 Mrd.',
      excerpt_en: 'The global AST market (SAST, DAST, IAST, SCA) is estimated at $8.5B (2025), projected to reach $19.5B by 2030 (CAGR 18.2%). Adding the pentesting market ($2.7B) and compliance convergence share ($1.8B), total TAM for integrated AppSec + compliance: ~$13B.',
    },
    {
      name: 'Gartner — Magic Quadrant for Application Security Testing 2024',
      url: 'https://www.gartner.com/reviews/market/application-security-testing',
      date: '2024',
-      excerpt_de: 'Gartner bestaetigt den Trend zur Konvergenz von AppSec und Compliance. Fuehrende Anbieter (Snyk, Veracode, Checkmarx) erreichen zusammen >$850M Umsatz. Der Markt waechst mit 17-20% p.a., getrieben durch regulatorische Anforderungen (CRA, NIS2) und AI-getriebene Entwicklung.',
+      excerpt_de: 'Gartner bestätigt den Trend zur Konvergenz von AppSec und Compliance. Führende Anbieter (Snyk, Veracode, Checkmarx) erreichen zusammen >$850M Umsatz. Der Markt wächst mit 17-20% p.a., getrieben durch regulatorische Anforderungen (CRA, NIS2) und AI-getriebene Entwicklung.',
      excerpt_en: 'Gartner confirms the AppSec-compliance convergence trend. Leading vendors (Snyk, Veracode, Checkmarx) generate >$850M combined revenue. The market grows at 17-20% p.a., driven by regulatory requirements (CRA, NIS2) and AI-driven development.',
    },
  ],
@@ -100,7 +100,7 @@ const pentestMarketSources: Record<string, MarketSourceInfo[]> = {
      name: 'Bottom-Up: DACH AppSec + Manufacturing Pentesting',
      url: 'https://www.bitkom.org/Marktdaten/ITK-Konjunktur/IT-Markt-Deutschland',
      date: '2025-2026',
-      excerpt_de: 'DACH IT-Security-Markt: €8,2 Mrd. (Bitkom 2025). AppSec-Anteil: ~15% = €1,2 Mrd. Davon Pentesting/DAST/SAST fuer produzierende Industrie: ~€400M. CRA-Pflicht fuer Maschinenbauer erzeugt neue Nachfrage: geschaetzt +€200M bis 2028. SAM fuer integriertes AppSec + Compliance im DACH-Manufacturing: ~€1,6 Mrd.',
+      excerpt_de: 'DACH IT-Security-Markt: €8,2 Mrd. (Bitkom 2025). AppSec-Anteil: ~15% = €1,2 Mrd. Davon Pentesting/DAST/SAST für produzierende Industrie: ~€400M. CRA-Pflicht für Maschinenbauer erzeugt neue Nachfrage: geschätzt +€200M bis 2028. SAM für integriertes AppSec + Compliance im DACH-Manufacturing: ~€1,6 Mrd.',
      excerpt_en: 'DACH IT security market: €8.2B (Bitkom 2025). AppSec share: ~15% = €1.2B. Pentesting/DAST/SAST for manufacturing: ~€400M. CRA obligation for manufacturers creates new demand: est. +€200M by 2028. SAM for integrated AppSec + compliance in DACH manufacturing: ~€1.6B.',
    },
  ],
@@ -225,7 +225,7 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) {
          className={`px-4 py-1.5 rounded-full text-xs font-medium transition-all ${
            marketView === 'compliance'
              ? 'bg-indigo-500/20 text-indigo-300 border border-indigo-500/30'
-              : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08]'
+              : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08] animate-[pulse_3s_ease-in-out_infinite]'
          }`}
        >
          {lang === 'de' ? 'Compliance & Code-Security' : 'Compliance & Code Security'}
@@ -235,7 +235,7 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) {
          className={`px-4 py-1.5 rounded-full text-xs font-medium transition-all flex items-center gap-1.5 ${
            marketView === 'pentesting'
              ? 'bg-red-500/20 text-red-300 border border-red-500/30'
-              : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08]'
+              : 'bg-white/[0.04] text-white/40 border border-white/5 hover:bg-white/[0.08] animate-[pulse_3s_ease-in-out_infinite]'
          }`}
        >
          <Shield className="w-3 h-3" />
@@ -304,7 +304,7 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) {
                      </div>
                      <p className="text-[10px] text-indigo-400/60 group-hover:text-indigo-400 transition-colors mt-0.5">
                        {sourceCount} {lang === 'de' ? (sourceCount === 1 ? 'Quelle' : 'Quellen') : (sourceCount === 1 ? 'source' : 'sources')}
-                        {' · '}{lang === 'de' ? 'Klicken fuer Details' : 'Click for details'}
+                        {' · '}{lang === 'de' ? 'Klicken für Details' : 'Click for details'}
                      </p>
                    </div>
                  </div>
@@ -380,7 +380,7 @@ export default function MarketSlide({ lang, market }: MarketSlideProps) {
                      </div>
                      <p className="text-[10px] text-red-400/60 group-hover:text-red-400 transition-colors mt-0.5">
                        {sourceCount} {lang === 'de' ? (sourceCount === 1 ? 'Quelle' : 'Quellen') : (sourceCount === 1 ? 'source' : 'sources')}
-                        {' · '}{lang === 'de' ? 'Klicken fuer Details' : 'Click for details'}
+                        {' · '}{lang === 'de' ? 'Klicken für Details' : 'Click for details'}
                      </p>
                    </div>
                  </div>
@@ -25,7 +25,7 @@ interface ProblemCardData {
  sources: SourceInfo[]
 }

-// Quellenangaben fuer jede Behauptung
+// Quellenangaben für jede Behauptung
 const cardSources: ProblemCardData[] = [
  {
    // KI-Dilemma: Maschinenbauer wollen KI, aber nicht US-SaaS
@@ -34,7 +34,7 @@ const cardSources: ProblemCardData[] = [
        name: 'Bitkom Cloud Monitor 2024 — Industrieunternehmen',
        url: 'https://www.bitkom.org/Themen/Datenschutz-Sicherheit/Cloud-Monitor',
        date: '2024',
-        excerpt_de: 'Laut Bitkom Cloud Monitor lehnen 64% der deutschen Industrieunternehmen US-Cloud-Dienste fuer sensible Daten ab. Im Maschinenbau liegt die Ablehnung bei ueber 70%. Unternehmen wollen KI nutzen, aber nicht auf Kosten ihrer Datensouveraenitaet.',
+        excerpt_de: 'Laut Bitkom Cloud Monitor lehnen 64% der deutschen Industrieunternehmen US-Cloud-Dienste für sensible Daten ab. Im Maschinenbau liegt die Ablehnung bei über 70%. Unternehmen wollen KI nutzen, aber nicht auf Kosten ihrer Datensouveraenitaet.',
        excerpt_en: 'According to Bitkom Cloud Monitor, 64% of German industrial companies reject US cloud services for sensitive data. In machine manufacturing, rejection exceeds 70%. Companies want AI but not at the cost of their data sovereignty.',
      },
      {
@@ -53,7 +53,7 @@ const cardSources: ProblemCardData[] = [
        name: 'Schrems II — EuGH C-311/18',
        url: 'https://curia.europa.eu/juris/liste.jsf?num=C-311/18',
        date: '2020',
-        excerpt_de: 'Der EuGH erklaerte das EU-US Privacy Shield fuer ungueltig. US-Unternehmen unterliegen dem CLOUD Act und dem FISA 702 — auch fuer Daten auf europaeischen Servern. Selbst EU-Rechenzentren von AWS, Google und Microsoft bieten keinen Schutz vor US-Zugriff.',
+        excerpt_de: 'Der EuGH erklaerte das EU-US Privacy Shield für ungueltig. US-Unternehmen unterliegen dem CLOUD Act und dem FISA 702 — auch für Daten auf europaeischen Servern. Selbst EU-Rechenzentren von AWS, Google und Microsoft bieten keinen Schutz vor US-Zugriff.',
        excerpt_en: 'The CJEU invalidated the EU-US Privacy Shield. US companies are subject to the CLOUD Act and FISA 702 — even for data on European servers. Even EU data centers of AWS, Google and Microsoft offer no protection from US access.',
      },
    ],
@@ -65,14 +65,14 @@ const cardSources: ProblemCardData[] = [
        name: 'VDMA — Compliance-Kosten im Maschinenbau',
        url: 'https://www.vdma.org/',
        date: '2024',
-        excerpt_de: 'Externe Pentests kosten 15.000-40.000 EUR pro Durchlauf, CE-Software-Risikobeurteilungen 10.000-25.000 EUR. Diese Pruefungen erfolgen einmal jaehrlich und decken nur eine Momentaufnahme ab. KMU mit 10-500 Mitarbeitern koennen sich weder Personal noch Budget fuer kontinuierliche Compliance leisten.',
+        excerpt_de: 'Externe Pentests kosten 15.000-40.000 EUR pro Durchlauf, CE-Software-Risikobeurteilungen 10.000-25.000 EUR. Diese Prüfungen erfolgen einmal jaehrlich und decken nur eine Momentaufnahme ab. KMU mit 10-500 Mitarbeitern können sich weder Personal noch Budget für kontinuierliche Compliance leisten.',
        excerpt_en: 'External pentests cost EUR 15,000-40,000 per run, CE software risk assessments EUR 10,000-25,000. These audits occur annually, covering only a snapshot. SMEs with 10-500 employees can afford neither staff nor budget for continuous compliance.',
      },
      {
        name: 'Compliance-Markt: Top-10 Anbieter >$1,1 Mrd. Umsatz',
        url: 'https://sacra.com/c/vanta/',
        date: '2025',
-        excerpt_de: 'Vanta ($220M ARR, $4,15 Mrd. Bewertung), Drata ($100M), OneTrust ($500M+), DataGuard (€52M). Der Markt ist validiert — aber keiner dieser Anbieter kombiniert Code-Security mit Compliance fuer den Maschinenbau.',
+        excerpt_de: 'Vanta ($220M ARR, $4,15 Mrd. Bewertung), Drata ($100M), OneTrust ($500M+), DataGuard (€52M). Der Markt ist validiert — aber keiner dieser Anbieter kombiniert Code-Security mit Compliance für den Maschinenbau.',
        excerpt_en: 'Vanta ($220M ARR, $4.15B valuation), Drata ($100M), OneTrust ($500M+), DataGuard (€52M). The market is validated — but none of these providers combine code security with compliance for manufacturing.',
      },
    ],
@@ -194,7 +194,7 @@ export default function ProblemSlide({ lang }: ProblemSlideProps) {
              <p className="text-[10px] text-indigo-400/60 group-hover:text-indigo-400 transition-colors">
                {sourceCount} {lang === 'de' ? (sourceCount === 1 ? 'Quelle' : 'Quellen') : (sourceCount === 1 ? 'source' : 'sources')}
                {' · '}
-                {lang === 'de' ? 'Klicken fuer Details' : 'Click for details'}
+                {lang === 'de' ? 'Klicken für Details' : 'Click for details'}
              </p>
            </GlassCard>
          )
@@ -24,9 +24,9 @@ const MODULES = [
  { icon: UserCheck, color: '#14b8a6', de: 'Consent Management', en: 'Consent Management', descDe: 'Einwilligungen, Cookie-Banner, Widerruf', descEn: 'Consent, cookie banner, withdrawal' },
  { icon: AlertTriangle, color: '#f59e0b', de: 'Notfallpläne', en: 'Incident Response', descDe: 'Datenschutzvorfälle, Meldepflichten, Eskalation', descEn: 'Data breaches, reporting obligations, escalation' },
  { icon: Brain, color: '#a855f7', de: 'Compliance LLM', en: 'Compliance LLM', descDe: 'GPT für Text und Audio — sicher in der EU', descEn: 'GPT for text and audio — securely in EU' },
-  { icon: Shield, color: '#8b5cf6', de: 'Cookie-Generator', en: 'Cookie Generator', descDe: 'Cookie-Banner, Consent-Konfiguration', descEn: 'Cookie banner, consent configuration' },
+  { icon: Shield, color: '#8b5cf6', de: 'Tender Matching', en: 'Tender Matching', descDe: 'Kundenanfragen (RFQ) gegen Codebase prüfen', descEn: 'Verify customer RFQs against codebase' },
  { icon: GraduationCap, color: '#ec4899', de: 'Academy', en: 'Academy', descDe: 'Online-Schulungen für GF und Mitarbeiter', descEn: 'Online training for management and employees' },
-  { icon: Puzzle, color: '#0ea5e9', de: 'Integration in Kundenprozesse', en: 'Process Integration', descDe: 'Ticketsysteme, Workflows', descEn: 'Ticket systems, workflows' },
+  { icon: Puzzle, color: '#0ea5e9', de: 'AI Act Compliance', en: 'AI Act Compliance', descDe: 'UCCA, Use-Case-Bewertung, Betriebsratsmodul', descEn: 'UCCA, use case assessment, works council module' },
  { icon: CheckCircle2, color: '#22c55e', de: 'Sichere Kommunikation', en: 'Secure Communication', descDe: 'Chat + Video mit AI Notetaker', descEn: 'Chat + video with AI notetaker' },
 ]

@@ -58,68 +58,37 @@ export default function ProductSlide({ lang }: ProductSlideProps) {
            <GlassCard key={idx} delay={0.1 + idx * 0.05} hover className="p-3 text-center">
              <Icon className="w-5 h-5 mx-auto mb-2" style={{ color: mod.color }} />
              <p className="text-xs font-bold text-white mb-1">{de ? mod.de : mod.en}</p>
-              <p className="text-[10px] text-white/40 leading-tight">{de ? mod.descDe : mod.descEn}</p>
+              <p className="text-xs text-white/40 leading-tight">{de ? mod.descDe : mod.descEn}</p>
            </GlassCard>
          )
        })}
      </div>

-      {/* Pricing + Deployment */}
+      {/* Deployment Options — 2 cards side by side */}
      <div className="grid md:grid-cols-2 gap-4">
-        {/* Pricing */}
        <FadeInView delay={0.6}>
-          <GlassCard hover={false} className="p-4">
-            <h3 className="text-xs font-bold text-indigo-400 uppercase tracking-wider mb-3">{i.product.pricingTitle}</h3>
-            <p className="text-[10px] text-white/40 mb-3">{i.product.pricingSubtitle}</p>
-            <div className="space-y-2">
-              {PRICING_TIERS.map((tier, idx) => (
-                <div
-                  key={idx}
-                  className={`flex justify-between items-center p-2.5 rounded-xl ${
-                    tier.highlight ? 'bg-indigo-500/15 border border-indigo-500/30' : 'bg-white/[0.04]'
-                  }`}
-                >
-                  <div>
-                    <span className="text-xs text-white/70 font-medium">{tier.employees}</span>
-                    <span className="text-[10px] text-white/40 ml-1">{de ? 'Mitarbeiter' : 'employees'}</span>
+          <GlassCard hover={false} className="p-4 h-full border-t-2 border-t-blue-500">
+            <div className="flex items-center gap-2 mb-2">
+              <Cloud className="w-5 h-5 text-blue-400" />
+              <h3 className="text-sm font-bold text-blue-400">{i.product.cloud}</h3>
            </div>
-                  <div className="text-right">
-                    <span className={`text-xs font-bold ${tier.highlight ? 'text-indigo-300' : 'text-white/70'}`}>
-                      {de ? tier.priceDe : tier.priceEn}
-                    </span>
-                    {tier.noteDe && (
-                      <p className="text-[8px] text-white/30">{de ? tier.noteDe : tier.noteEn}</p>
-                    )}
-                  </div>
-                </div>
-              ))}
+            <p className="text-sm text-white/50 leading-relaxed mb-3">{i.product.cloudDesc}</p>
+            <div className="flex gap-2">
+              <span className="text-xs bg-blue-500/15 text-blue-300 px-2 py-0.5 rounded-full">BSI DE</span>
+              <span className="text-xs bg-blue-500/15 text-blue-300 px-2 py-0.5 rounded-full">{de ? 'Fix oder flexibel' : 'Fixed or flexible'}</span>
            </div>
          </GlassCard>
        </FadeInView>

-        {/* Deployment Options */}
        <FadeInView delay={0.7}>
-          <GlassCard hover={false} className="p-4">
-            <div className="space-y-4">
-              <div>
-                <div className="flex items-center gap-2 mb-1">
-                  <Cloud className="w-4 h-4 text-blue-400" />
-                  <h3 className="text-xs font-bold text-blue-400 uppercase tracking-wider">{i.product.cloud}</h3>
-                </div>
-                <p className="text-[10px] text-white/50 leading-relaxed">{i.product.cloudDesc}</p>
-                <div className="flex gap-2 mt-2">
-                  <span className="text-[9px] bg-blue-500/15 text-blue-300 px-2 py-0.5 rounded-full">BSI DE</span>
-                  <span className="text-[9px] bg-blue-500/15 text-blue-300 px-2 py-0.5 rounded-full">OVH FR</span>
-                  <span className="text-[9px] bg-blue-500/15 text-blue-300 px-2 py-0.5 rounded-full">{de ? 'Fix oder flexibel' : 'Fixed or flexible'}</span>
-                </div>
-              </div>
-              <div className="border-t border-white/10 pt-3">
-                <div className="flex items-center gap-2 mb-1">
-                  <HardDrive className="w-4 h-4 text-white/40" />
-                  <h3 className="text-xs font-bold text-white/40 uppercase tracking-wider">{i.product.privacy}</h3>
-                </div>
-                <p className="text-[10px] text-white/40 leading-relaxed">{i.product.privacyDesc}</p>
+          <GlassCard hover={false} className="p-4 h-full border-t-2 border-t-white/20">
+            <div className="flex items-center gap-2 mb-2">
+              <HardDrive className="w-5 h-5 text-white/50" />
+              <h3 className="text-sm font-bold text-white/50">{i.product.privacy}</h3>
            </div>
+            <p className="text-sm text-white/40 leading-relaxed mb-3">{i.product.privacyDesc}</p>
+            <div className="flex gap-2">
+              <span className="text-xs bg-white/[0.08] text-white/40 px-2 py-0.5 rounded-full">{de ? 'Geplant, optional' : 'Planned, optional'}</span>
            </div>
          </GlassCard>
        </FadeInView>
@@ -6,74 +6,105 @@ import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
 import KPICard from '../ui/KPICard'
-import {
-  Shield, Lock, Brain, Globe, Package, Landmark, Heart, ShoppingCart,
-  Activity, Cpu, Bot, Radio, Monitor, Building2, Cog
-} from 'lucide-react'

 interface RegulatoryLandscapeSlideProps {
  lang: Language
 }

-// Regulation categories with their color
-const CATEGORIES = [
-  { id: 'privacy', color: '#6366f1', icon: Shield },
-  { id: 'cyber', color: '#ef4444', icon: Lock },
-  { id: 'ai', color: '#a855f7', icon: Brain },
-  { id: 'markets', color: '#22c55e', icon: Globe },
-  { id: 'product', color: '#f97316', icon: Package },
-  { id: 'finance', color: '#10b981', icon: Landmark },
-  { id: 'health', color: '#ec4899', icon: Heart },
-  { id: 'consumer', color: '#f59e0b', icon: ShoppingCart },
+// Key EU regulations as columns — the ones investors care about
+const KEY_REGULATIONS = [
+  { id: 'GDPR', label: 'DSGVO', color: '#6366f1' },
+  { id: 'AI_ACT', label: 'AI Act', color: '#a855f7' },
+  { id: 'NIS2', label: 'NIS2', color: '#ef4444' },
+  { id: 'CRA', label: 'CRA', color: '#f97316' },
+  { id: 'MACHINERY_REG', label: 'Masch.-VO', color: '#22c55e' },
+  { id: 'DATA_ACT', label: 'Data Act', color: '#06b6d4' },
+  { id: 'BATTERIE_VO', label: 'Batt.-VO', color: '#f59e0b' },
 ]

-// Industry → which categories apply (synced with INDUSTRY_REGULATION_MAP in breakpilot-lehrer)
-const INDUSTRY_MATRIX: { id: string; icon: typeof Shield; categories: string[]; regCount: number }[] = [
-  { id: 'allIndustries', icon: Building2, categories: ['privacy'], regCount: 6 },
-  { id: 'maschinenbau', icon: Cog, categories: ['privacy', 'cyber', 'ai', 'product', 'consumer'], regCount: 15 },
-  { id: 'health', icon: Heart, categories: ['privacy', 'cyber', 'ai', 'product', 'health'], regCount: 12 },
-  { id: 'finance', icon: Landmark, categories: ['privacy', 'cyber', 'ai', 'markets', 'finance'], regCount: 15 },
-  { id: 'ecommerce', icon: ShoppingCart, categories: ['privacy', 'markets', 'product', 'finance', 'consumer'], regCount: 25 },
-  { id: 'tech', icon: Cpu, categories: ['privacy', 'cyber', 'ai', 'markets'], regCount: 14 },
-  { id: 'iot', icon: Activity, categories: ['privacy', 'cyber', 'ai', 'product', 'consumer'], regCount: 13 },
-  { id: 'ai', icon: Bot, categories: ['privacy', 'cyber', 'ai', 'product', 'markets'], regCount: 9 },
-  { id: 'kritis', icon: Lock, categories: ['privacy', 'cyber', 'ai', 'finance', 'markets'], regCount: 9 },
-  { id: 'media', icon: Monitor, categories: ['privacy', 'markets', 'ai'], regCount: 9 },
-  { id: 'public', icon: Radio, categories: ['privacy', 'cyber', 'ai', 'markets', 'health'], regCount: 10 },
+// 10 real VDMA/VDA/BDI industry sectors with regulation applicability
+// Based on rag-documents.json: 244 horizontal + 65 sector-specific = 320 total
+const INDUSTRIES: { id: string; de: string; en: string; regs: string[]; totalDocs: number }[] = [
+  {
+    id: 'automotive',
+    de: 'Automobilindustrie',
+    en: 'Automotive',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT', 'BATTERIE_VO'],
+    totalDocs: 263,
+  },
+  {
+    id: 'maschinenbau',
+    de: 'Maschinen- & Anlagenbau',
+    en: 'Machinery & Plant Eng.',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'],
+    totalDocs: 266,
+  },
+  {
+    id: 'elektrotechnik',
+    de: 'Elektro- & Digitalindustrie',
+    en: 'Electrical & Digital',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT', 'BATTERIE_VO'],
+    totalDocs: 281,
+  },
+  {
+    id: 'chemie',
+    de: 'Chemie- & Prozessindustrie',
+    en: 'Chemicals & Process',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'],
+    totalDocs: 250,
+  },
+  {
+    id: 'metall',
+    de: 'Metallindustrie',
+    en: 'Metal Industry',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'],
+    totalDocs: 246,
+  },
+  {
+    id: 'energie',
+    de: 'Energie & Versorgung',
+    en: 'Energy & Utilities',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT', 'BATTERIE_VO'],
+    totalDocs: 256,
+  },
+  {
+    id: 'transport',
+    de: 'Transport & Logistik',
+    en: 'Transport & Logistics',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'],
+    totalDocs: 256,
+  },
+  {
+    id: 'handel',
+    de: 'Handel',
+    en: 'Retail & Commerce',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT'],
+    totalDocs: 271,
+  },
+  {
+    id: 'konsumgueter',
+    de: 'Konsumgüter & Lebensmittel',
+    en: 'Consumer Goods & Food',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'DATA_ACT', 'BATTERIE_VO'],
+    totalDocs: 265,
+  },
+  {
+    id: 'bau',
+    de: 'Bauwirtschaft',
+    en: 'Construction',
+    regs: ['GDPR', 'AI_ACT', 'NIS2', 'CRA', 'MACHINERY_REG', 'DATA_ACT'],
+    totalDocs: 245,
+  },
 ]

 export default function RegulatoryLandscapeSlide({ lang }: RegulatoryLandscapeSlideProps) {
  const i = t(lang)
  const rl = i.regulatoryLandscape
-
-  const categoryLabels: Record<string, string> = {
-    privacy: rl.categoryPrivacy,
-    cyber: rl.categoryCyber,
-    ai: rl.categoryAI,
-    markets: rl.categoryMarkets,
-    product: rl.categoryProduct,
-    finance: rl.categoryFinance,
-    health: rl.categoryHealth,
-    consumer: rl.categoryConsumer,
-  }
-
-  const industryLabels: Record<string, string> = {
-    allIndustries: rl.allIndustries,
-    maschinenbau: rl.maschinenbau,
-    health: rl.health,
-    finance: rl.finance,
-    ecommerce: rl.ecommerce,
-    tech: rl.tech,
-    iot: rl.iot,
-    ai: rl.ai,
-    kritis: rl.kritis,
-    media: rl.media,
-    public: rl.public,
-  }
+  const de = lang === 'de'

  return (
    <div className="max-w-6xl mx-auto">
-      <FadeInView className="text-center mb-6">
+      <FadeInView className="text-center mb-5">
        <h2 className="text-3xl md:text-5xl font-bold mb-2">
          <GradientText>{rl.title}</GradientText>
        </h2>
@@ -81,68 +112,71 @@ export default function RegulatoryLandscapeSlide({ lang }: RegulatoryLandscapeSl
      </FadeInView>

      {/* KPI Row */}
-      <div className="grid grid-cols-3 gap-3 mb-6">
-        <KPICard label={rl.controls} value={25000} suffix="+" color="#6366f1" delay={0.1} />
-        <KPICard label={rl.regulations} value={110} color="#a78bfa" delay={0.2} />
-        <KPICard label={rl.industries} value={10} color="#34d399" delay={0.4} />
+      <div className="grid grid-cols-4 gap-3 mb-5">
+        <KPICard label={de ? 'Gesetze & Dokumente im RAG' : 'Laws & Documents in RAG'} value={320} color="#6366f1" delay={0.1} />
+        <KPICard label={de ? 'Gelten für alle Branchen' : 'Apply to All Industries'} value={244} color="#a78bfa" delay={0.2} />
+        <KPICard label={de ? 'Branchenspezifische Gesetze' : 'Industry-specific Laws'} value={65} color="#f97316" delay={0.3} />
+        <KPICard label={de ? 'Abgedeckte Branchen' : 'Covered Industries'} value={10} color="#34d399" delay={0.4} />
      </div>

      {/* Matrix */}
      <FadeInView delay={0.5}>
        <GlassCard hover={false} className="p-4 overflow-x-auto">
-          {/* Category Legend */}
-          <div className="flex flex-wrap gap-3 mb-4 justify-center">
-            {CATEGORIES.map((cat) => (
-              <div key={cat.id} className="flex items-center gap-1.5">
-                <div className="w-2.5 h-2.5 rounded-full" style={{ backgroundColor: cat.color }} />
-                <span className="text-[10px] text-white/50">{categoryLabels[cat.id]}</span>
+          <div className="space-y-1">
+            {/* Header rows — staggered for space */}
+            <div className="grid items-end gap-1" style={{ gridTemplateColumns: '180px repeat(7, 1fr) 70px' }}>
+              <div className="text-[9px] text-white/70 uppercase tracking-wider pl-1 font-semibold">
+                {de ? 'Branche' : 'Industry'}
+              </div>
+              {KEY_REGULATIONS.map((reg, idx) => (
+                <div key={reg.id} className="text-center">
+                  {idx % 2 === 0 ? (
+                    <span className="text-[8px] font-semibold uppercase tracking-wider" style={{ color: reg.color }}>
+                      {reg.label}
+                    </span>
+                  ) : null}
                </div>
              ))}
+              <div className="text-[8px] text-indigo-400 text-center font-semibold uppercase tracking-wider">
+                {de ? 'Gesetze gesamt' : 'Total Laws'}
              </div>
-
-          {/* Matrix Grid */}
-          <div className="space-y-1.5">
-            {/* Header row */}
-            <div className="grid items-center gap-1" style={{ gridTemplateColumns: '140px repeat(8, 1fr) 50px' }}>
-              <div className="text-[9px] text-white/30 uppercase tracking-wider pl-1">
-                {lang === 'de' ? 'Branche' : 'Industry'}
            </div>
-              {CATEGORIES.map((cat) => {
-                const CatIcon = cat.icon
-                return (
-                  <div key={cat.id} className="flex justify-center">
-                    <CatIcon className="w-3.5 h-3.5 opacity-50" style={{ color: cat.color }} />
+            <div className="grid items-start gap-1" style={{ gridTemplateColumns: '180px repeat(7, 1fr) 70px' }}>
+              <div />
+              {KEY_REGULATIONS.map((reg, idx) => (
+                <div key={reg.id} className="text-center">
+                  {idx % 2 === 1 ? (
+                    <span className="text-[8px] font-semibold uppercase tracking-wider" style={{ color: reg.color }}>
+                      {reg.label}
+                    </span>
+                  ) : null}
                </div>
-                )
-              })}
-              <div className="text-[9px] text-white/30 text-center">#</div>
+              ))}
+              <div />
            </div>

            {/* Industry rows */}
-            {INDUSTRY_MATRIX.map((industry, idx) => {
-              const Icon = industry.icon
-              return (
+            {INDUSTRIES.map((industry) => (
              <div
                key={industry.id}
                className="grid items-center gap-1 py-1.5 rounded-lg hover:bg-white/[0.04] transition-colors"
-                  style={{ gridTemplateColumns: '140px repeat(8, 1fr) 50px' }}
+                style={{ gridTemplateColumns: '180px repeat(7, 1fr) 70px' }}
              >
                <div className="flex items-center gap-2 pl-1">
-                    <Icon className="w-3.5 h-3.5 text-white/40" />
                  <span className="text-[11px] text-white/70 font-medium truncate">
-                      {industryLabels[industry.id]}
+                    {de ? industry.de : industry.en}
                  </span>
                </div>
-                  {CATEGORIES.map((cat) => {
-                    const applies = industry.categories.includes(cat.id)
+                {KEY_REGULATIONS.map((reg) => {
+                  const applies = industry.regs.includes(reg.id)
                  return (
-                      <div key={cat.id} className="flex justify-center">
+                    <div key={reg.id} className="flex justify-center">
                      {applies ? (
                        <div
                          className="w-4 h-4 rounded-full flex items-center justify-center"
-                            style={{ backgroundColor: `${cat.color}20` }}
+                          style={{ backgroundColor: `${reg.color}20` }}
                        >
-                            <div className="w-2 h-2 rounded-full" style={{ backgroundColor: cat.color }} />
+                          <div className="w-2 h-2 rounded-full" style={{ backgroundColor: reg.color }} />
                        </div>
                      ) : (
                        <div className="w-4 h-4 rounded-full bg-white/[0.03]" />
@@ -151,11 +185,19 @@ export default function RegulatoryLandscapeSlide({ lang }: RegulatoryLandscapeSl
                  )
                })}
                <div className="text-center">
-                    <span className="text-xs font-bold text-white/80">{industry.regCount}</span>
+                  <span className="text-xs font-bold text-white/80">{industry.totalDocs}</span>
                </div>
              </div>
-              )
-            })}
+            ))}
+
+            {/* Footer note */}
+            <div className="pt-2 mt-1 border-t border-white/5">
+              <p className="text-xs text-white/50 text-center">
+                {de
+                  ? '244 Dokumente gelten horizontal für alle Branchen (DSGVO, BDSG, AI Act, NIS2, CRA, BetrVG, HGB, ...). Sektorspezifische Regulierungen kommen hinzu.'
+                  : '244 documents apply horizontally to all industries (GDPR, BDSG, AI Act, NIS2, CRA, ...). Sector-specific regulations are added on top.'}
+              </p>
+            </div>
          </div>
        </GlassCard>
      </FadeInView>
@@ -4,6 +4,7 @@ import { useState } from 'react'
 import { Language } from '@/lib/types'
 import { t } from '@/lib/i18n'
 import GradientText from '../ui/GradientText'
+import BrandName from '../ui/BrandName'
 import FadeInView from '../ui/FadeInView'
 import GlassCard from '../ui/GlassCard'
 import { Shield, Scale, Wifi, Lock, Calendar, AlertTriangle, CheckCircle2, Clock } from 'lucide-react'
@@ -47,9 +48,9 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      keyRequirements: de
        ? [
            'Verzeichnis von Verarbeitungstaetigkeiten (VVT)',
-            'Datenschutz-Folgenabschaetzung (DSFA)',
-            'Technische und organisatorische Massnahmen (TOM)',
-            'Betroffenenrechte (Auskunft, Loeschung, Portabilitaet)',
+            'Datenschutz-Folgenabschätzung (DSFA)',
+            'Technische und organisatorische Maßnahmen (TOM)',
+            'Betroffenenrechte (Auskunft, Löschung, Portabilität)',
            'Auftragsverarbeitungsvertraege (AVV)',
            'Datenschutzbeauftragter (ab 20 MA)',
            'Meldepflicht bei Datenpannen (72h)',
@@ -67,9 +68,9 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      howWeHelp: de
        ? [
            'Automatische VVT-Erstellung aus Unternehmensdaten',
-            'KI-gestuetzte DSFA-Durchfuehrung',
+            'KI-gestützte DSFA-Durchführung',
            'TOM-Generator mit Branchenvorlagen',
-            'Self-Service-Portal fuer Betroffenenanfragen',
+            'Self-Service-Portal für Betroffenenanfragen',
            'Automatische Dokumentation und Audit-Trail',
          ]
        : [
@@ -85,17 +86,17 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      status: de ? 'Schrittweise ab Aug 2025' : 'Phased from Aug 2025',
      statusColor: 'text-amber-400',
      statusIcon: Clock,
-      deadline: de ? 'Aug 2025: Verbote · Aug 2026: Hochrisiko · Aug 2027: Vollstaendig' : 'Aug 2025: Prohibitions · Aug 2026: High-Risk · Aug 2027: Full',
+      deadline: de ? 'Aug 2025: Verbote · Aug 2026: Hochrisiko · Aug 2027: Vollständig' : 'Aug 2025: Prohibitions · Aug 2026: High-Risk · Aug 2027: Full',
      affectedCompanies: de ? 'Anbieter und Betreiber von KI-Systemen in der EU' : 'Providers and deployers of AI systems in the EU',
      keyRequirements: de
        ? [
            'Risikoklassifizierung aller KI-Systeme (Art. 6)',
-            'Konformitaetsbewertung fuer Hochrisiko-KI (Art. 43)',
+            'Konformitätsbewertung für Hochrisiko-KI (Art. 43)',
            'Technische Dokumentation und Transparenz (Art. 11-13)',
            'Menschliche Aufsicht (Art. 14)',
            'Registrierung in EU-Datenbank (Art. 49)',
            'GPAI-Modell-Pflichten (Art. 51-56)',
-            'Grundrechte-Folgenabschaetzung (Art. 27)',
+            'Grundrechte-Folgenabschätzung (Art. 27)',
          ]
        : [
            'Risk classification of all AI systems (Art. 6)',
@@ -110,10 +111,10 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      howWeHelp: de
        ? [
            'Automatische Risikoklassifizierung von KI-Systemen',
-            'Konformitaets-Checklisten mit KI-Unterstuetzung',
+            'Konformitäts-Checklisten mit KI-Unterstützung',
            'Technische Dokumentation per Template-Engine',
-            'Audit-Vorbereitung fuer Hochrisiko-Systeme',
-            'Monitoring von Rechtsaenderungen',
+            'Audit-Vorbereitung für Hochrisiko-Systeme',
+            'Monitoring von Rechtsänderungen',
          ]
        : [
            'Automatic AI system risk classification',
@@ -128,17 +129,17 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      status: de ? 'In Kraft seit Dez 2024' : 'In effect since Dec 2024',
      statusColor: 'text-amber-400',
      statusIcon: Clock,
-      deadline: de ? 'Sep 2026: Meldepflichten · Dez 2027: Vollstaendig anzuwenden' : 'Sep 2026: Reporting · Dec 2027: Fully applicable',
+      deadline: de ? 'Sep 2026: Meldepflichten · Dez 2027: Vollständig anzuwenden' : 'Sep 2026: Reporting · Dec 2027: Fully applicable',
      affectedCompanies: de ? 'Alle Hersteller von Produkten mit digitalen Elementen (Hardware & Software)' : 'All manufacturers of products with digital elements (hardware & software)',
      keyRequirements: de
        ? [
-            'Security by Design fuer alle Produkte mit Software',
-            'Schwachstellen-Management ueber gesamten Produktlebenszyklus',
-            'Software Bill of Materials (SBOM) fuer jedes Produkt',
-            'Kostenlose Sicherheitsupdates fuer Kunden',
+            'Security by Design für alle Produkte mit Software',
+            'Schwachstellen-Management über gesamten Produktlebenszyklus',
+            'Software Bill of Materials (SBOM) für jedes Produkt',
+            'Kostenlose Sicherheitsupdates für Kunden',
            'Meldepflicht bei aktiv ausgenutzten Schwachstellen (24h)',
-            'Konformitaetsbewertung durch Drittstelle (fuer kritische Produkte)',
-            'CE-Kennzeichnung fuer Cybersecurity-Compliance',
+            'Konformitätsbewertung durch Drittstelle (für kritische Produkte)',
+            'CE-Kennzeichnung für Cybersecurity-Compliance',
          ]
        : [
            'Security by design for all products with software',
@@ -156,7 +157,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
            'Kontinuierliches Schwachstellen-Scanning (Trivy, Grype)',
            'Security-Fixes durch 1000B Cloud-LLM implementiert',
            'CRA-konforme Dokumentation und Audit-Trail',
-            'Risikoanalysen fuer Embedded-Software und Firmware',
+            'Risikoanalysen für Embedded-Software und Firmware',
          ]
        : [
            'Automatic SBOM generation from code repositories',
@@ -175,13 +176,13 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      affectedCompanies: de ? '30.000+ Unternehmen in DE (Energie, Transport, Gesundheit, Digital, KRITIS)' : '30,000+ companies in DE (Energy, Transport, Healthcare, Digital, Critical Infrastructure)',
      keyRequirements: de
        ? [
-            'Risikomanagement-Massnahmen (Art. 21)',
+            'Risikomanagement-Maßnahmen (Art. 21)',
            'Incident-Meldepflichten: 24h Fruehwarnung, 72h Bericht (Art. 23)',
            'Business Continuity und Krisenmanagement',
            'Supply-Chain-Security (Lieferkettenrisiken)',
            'Geschaeftsleiterhaftung (persoenliche Haftung)',
            'Registrierung beim BSI',
-            'Regelmaessige Audits und Nachweise',
+            'Regelmäßige Audits und Nachweise',
          ]
        : [
            'Risk management measures (Art. 21)',
@@ -196,7 +197,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
      howWeHelp: de
        ? [
            'Cybersecurity-Policy-Generator nach BSI-Grundschutz',
-            'Incident-Response-Plaene mit KI-Unterstuetzung',
+            'Incident-Response-Pläne mit KI-Unterstützung',
            'Supply-Chain-Risikoanalyse',
            'Automatische Audit-Dokumentation',
            'NIS2-Readiness-Assessment',
@@ -237,7 +238,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
                className={`flex items-center gap-2 px-4 py-2 rounded-xl text-sm transition-all
                  ${activeTab === tab.id
                    ? 'bg-indigo-500/20 text-indigo-300 border border-indigo-500/30'
-                    : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06]'
+                    : 'bg-white/[0.04] text-white/40 border border-transparent hover:text-white/60 hover:bg-white/[0.06] animate-[pulse_3s_ease-in-out_infinite]'
                  }`}
              >
                <Icon className="w-4 h-4" />
@@ -272,8 +273,8 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
            </GlassCard>

            <GlassCard hover={false} className="p-4">
-              <p className="text-xs font-semibold text-emerald-400 uppercase tracking-wider mb-2">
-                {de ? 'Wie ComplAI hilft' : 'How ComplAI Helps'}
+              <p className="text-xs font-semibold text-white uppercase tracking-wider mb-2">
+                {de ? <>Wie <BrandName /> hilft</> : <>How <BrandName /> Helps</>}
              </p>
              <ul className="space-y-1.5">
                {reg.howWeHelp.map((item, idx) => (
@@ -289,7 +290,7 @@ export default function RegulatorySlide({ lang }: RegulatorySlideProps) {
          {/* Right: Requirements */}
          <div className="md:col-span-7">
            <GlassCard hover={false} className="p-4 h-full">
-              <p className="text-xs font-semibold text-white/40 uppercase tracking-wider mb-3">
+              <p className="text-xs font-semibold text-white uppercase tracking-wider mb-3">
                {de ? 'Kernanforderungen' : 'Key Requirements'}
              </p>
              <div className="space-y-2">
@@ -1,6 +1,6 @@
 'use client'

-import { useState, useEffect, useCallback } from 'react'
+import { useState, useEffect, useCallback, useRef } from 'react'
 import { motion, AnimatePresence } from 'framer-motion'
 import Image from 'next/image'
 import { Language } from '@/lib/types'
@@ -43,6 +43,26 @@ export default function SDKDemoSlide({ lang }: SDKDemoSlideProps) {
  const [fullscreen, setFullscreen] = useState(false)
  const [autoPlay, setAutoPlay] = useState(true)

+  // Track which images have actually loaded so we never cross-fade to a blank
+  // frame. While the target image is still fetching, `shown` stays on the
+  // previous loaded one — this eliminates the flash of empty canvas the user
+  // hit on the first pass through the carousel.
+  const loadedRef = useRef<Set<number>>(new Set())
+  const [shown, setShown] = useState(0)
+
+  const handleLoaded = useCallback((idx: number) => {
+    loadedRef.current.add(idx)
+    // If the user is currently waiting on this image, reveal it immediately.
+    // Otherwise the preceding loaded image keeps showing — no blank flash.
+    if (idx === current) setShown(idx)
+  }, [current])
+
+  useEffect(() => {
+    if (loadedRef.current.has(current)) {
+      setShown(current)
+    }
+  }, [current])
+
  const next = useCallback(() => {
    setCurrent(i => (i + 1) % SCREENSHOTS.length)
  }, [])
@@ -71,8 +91,8 @@ export default function SDKDemoSlide({ lang }: SDKDemoSlideProps) {
        </h2>
        <p className="text-base text-white/50 max-w-2xl mx-auto">
          {de
-            ? 'Echte Screenshots aus dem Compliance SDK — Kundenprojekt: Müller Maschinenbau GmbH'
-            : 'Real screenshots from the Compliance SDK — Customer project: Müller Maschinenbau GmbH'}
+            ? 'Echte Screenshots aus dem Compliance SDK — Beispielkunde: Muster Maschinenbau GmbH'
+            : 'Real screenshots from the Compliance SDK — Example customer: Muster Maschinenbau GmbH'}
        </p>
      </FadeInView>

@@ -90,7 +110,7 @@ export default function SDKDemoSlide({ lang }: SDKDemoSlideProps) {
                </div>
                <div className="flex-1 ml-3">
                  <div className="bg-white/[0.06] rounded-md px-3 py-1 text-xs text-white/30 font-mono max-w-md">
-                    admin.breakpilot.ai/sdk/{shot.file.replace(/^\d+-/, '').replace('.png', '')}
+                    admin-dev.breakpilot.ai/sdk/{shot.file.replace(/^\d+-/, '').replace('.png', '')}
                  </div>
                </div>
                <button
@@ -101,25 +121,31 @@ export default function SDKDemoSlide({ lang }: SDKDemoSlideProps) {
                </button>
              </div>

-              {/* Screenshot */}
-              <AnimatePresence mode="wait">
-                <motion.div
-                  key={current}
-                  initial={{ opacity: 0 }}
-                  animate={{ opacity: 1 }}
-                  exit={{ opacity: 0 }}
-                  transition={{ duration: 0.3 }}
+              {/* Screenshot stack — all images mount at once so we can cross-fade
+                  between them by toggling opacity. AnimatePresence mode="wait"
+                  unmounts before the next mounts, which forces a cold fetch and
+                  produces a blank frame; the stack avoids both. */}
+              <div className="relative aspect-[1920/1080] bg-black/40">
+                {SCREENSHOTS.map((s, idx) => (
+                  <div
+                    key={s.file}
+                    className="absolute inset-0 transition-opacity duration-300 ease-out"
+                    style={{ opacity: idx === shown ? 1 : 0 }}
+                    aria-hidden={idx !== shown}
                  >
                    <Image
-                    src={`/screenshots/${shot.file}`}
-                    alt={de ? shot.de : shot.en}
-                    width={1920}
-                    height={1080}
-                    className="w-full h-auto"
-                    priority={current < 3}
+                      src={`/screenshots/${s.file}`}
+                      alt={de ? s.de : s.en}
+                      fill
+                      sizes="(max-width: 1024px) 100vw, 1024px"
+                      className="object-cover"
+                      priority={idx < 3}
+                      loading={idx < 3 ? undefined : 'eager'}
+                      onLoadingComplete={() => handleLoaded(idx)}
                    />
-                </motion.div>
-              </AnimatePresence>
+                  </div>
+                ))}
+              </div>
            </div>

            {/* Navigation arrows */}
@@ -19,60 +19,60 @@ export default function SavingsSlide({ lang }: SavingsSlideProps) {
      color: 'text-indigo-400',
      bg: 'border-indigo-500/20',
      name: de ? 'KMU (25 MA)' : 'SME (25 emp.)',
-      desc: de ? '2-3 Apps, 1-2 Produkte mit SW' : '2-3 apps, 1-2 products with SW',
+      desc: de ? '2-3 Anwendungen, 1-2 Produkte mit Software' : '2-3 applications, 1-2 products with software',
      bp_price: de ? '15.000 EUR/Jahr' : 'EUR 15,000/yr',
      savings: [
-        { label: de ? 'Pentests (2-3 Apps × 6.000€)' : 'Pentests (2-3 apps × €6,000)', without: '18.000', with: '5.000', save: '13.000' },
+        { label: de ? 'Pentests (2-3 Anwendungen × 6.000€)' : 'Pentests (2-3 applications × €6,000)', without: '18.000', with: '5.000', save: '13.000' },
        { label: de ? 'CE-SW-Risikobeurteilung (1-2 Produkte)' : 'CE SW risk assessment (1-2 products)', without: '12.000', with: '3.000', save: '9.000' },
-        { label: de ? 'Ext. Datenschutzbeauftragter' : 'External DPO', without: '6.000', with: '0', save: '6.000' },
-        { label: de ? 'Compliance-Dokumentation (VVT, TOMs)' : 'Compliance docs (RoPA, TOMs)', without: '8.000', with: '0', save: '8.000' },
-        { label: de ? 'Entwickler-Produktivität (Shift-Left)' : 'Developer productivity (shift-left)', without: '26.000', with: '10.000', save: '16.000' },
+        { label: de ? 'Ext. Datenschutzbeauftragter' : 'External DPO', without: '6.000', with: '3.000', save: '3.000' },
+        { label: de ? 'Compliance-Dokumentation (VVT, TOMs)' : 'Compliance docs (RoPA, TOMs)', without: '8.000', with: '2.000', save: '6.000' },
+        { label: de ? 'Produktivere Compliance-Arbeitszeit (~50%)' : 'More productive compliance time (~50%)', without: '30.000', with: '15.000', save: '15.000' },
        { label: de ? 'Audit-Vorbereitung' : 'Audit preparation', without: '12.000', with: '3.000', save: '9.000' },
      ],
-      totalWithout: '97.750',
-      totalWith: '44.530',
-      totalSave: '53.220',
-      roi: '3,5x',
+      totalWithout: '86.000',
+      totalWith: '31.000',
+      totalSave: '55.000',
+      roi: '3,7x',
    },
    {
      icon: Factory,
      color: 'text-emerald-400',
      bg: 'border-emerald-500/20',
      name: de ? 'Mittelstand (100 MA)' : 'Mid-size (100 emp.)',
-      desc: de ? '5-8 Apps, 3-5 Produkte, MES/ERP' : '5-8 apps, 3-5 products, MES/ERP',
+      desc: de ? '5-8 Anwendungen, 3-5 Produkte, MES/ERP' : '5-8 applications, 3-5 products, MES/ERP',
      bp_price: de ? '30.000 EUR/Jahr' : 'EUR 30,000/yr',
      savings: [
-        { label: de ? 'Pentests (5-8 Apps × 8.000€)' : 'Pentests (5-8 apps × €8,000)', without: '56.000', with: '15.000', save: '41.000' },
+        { label: de ? 'Pentests (5-8 Anwendungen × 8.000€)' : 'Pentests (5-8 applications × €8,000)', without: '56.000', with: '15.000', save: '41.000' },
        { label: de ? 'CE-SW-Risiko (3-5 Produkte × 15.000€)' : 'CE SW risk (3-5 products × €15,000)', without: '60.000', with: '10.000', save: '50.000' },
-        { label: de ? 'Compliance-Team (0,5 FTE Audit Manager)' : 'Compliance team (0.5 FTE audit manager)', without: '35.000', with: '10.000', save: '25.000' },
+        { label: de ? 'Produktivere Compliance-Arbeitszeit (~50%)' : 'More productive compliance time (~50%)', without: '70.000', with: '35.000', save: '35.000' },
        { label: de ? 'TISAX / ISO 27001 Zertifizierung' : 'TISAX / ISO 27001 certification', without: '25.000', with: '8.000', save: '17.000' },
-        { label: de ? 'Entwickler-Produktivität (5 Devs)' : 'Developer productivity (5 devs)', without: '130.000', with: '50.000', save: '80.000' },
+        { label: de ? 'Compliance-Team (0,5 FTE Audit Manager)' : 'Compliance team (0.5 FTE audit manager)', without: '35.000', with: '15.000', save: '20.000' },
        { label: de ? 'CRA/NIS2 Compliance-Aufwand' : 'CRA/NIS2 compliance effort', without: '45.000', with: '15.000', save: '30.000' },
      ],
-      totalWithout: '419.500',
-      totalWith: '193.880',
-      totalSave: '225.620',
-      roi: '7,5x',
+      totalWithout: '291.000',
+      totalWith: '98.000',
+      totalSave: '193.000',
+      roi: '6,4x',
    },
    {
      icon: Building,
      color: 'text-amber-400',
      bg: 'border-amber-500/20',
      name: de ? 'Konzern (500+ MA)' : 'Enterprise (500+ emp.)',
-      desc: de ? '15-25 Apps, 10-20 Produkte, SCADA/ICS' : '15-25 apps, 10-20 products, SCADA/ICS',
+      desc: de ? '15-25 Anwendungen, 10-20 Produkte, SCADA/ICS' : '15-25 applications, 10-20 products, SCADA/ICS',
      bp_price: de ? '50.000 EUR/Jahr' : 'EUR 50,000/yr',
      savings: [
-        { label: de ? 'Pentests (15-25 Apps × 10.000€)' : 'Pentests (15-25 apps × €10,000)', without: '200.000', with: '50.000', save: '150.000' },
+        { label: de ? 'Pentests (15-25 Anwendungen × 10.000€)' : 'Pentests (15-25 applications × €10,000)', without: '200.000', with: '50.000', save: '150.000' },
        { label: de ? 'CE-SW-Risiko (10-20 Produkte × 18.000€)' : 'CE SW risk (10-20 products × €18,000)', without: '270.000', with: '50.000', save: '220.000' },
-        { label: de ? 'Compliance-Abteilung (2-3 FTE)' : 'Compliance department (2-3 FTE)', without: '250.000', with: '100.000', save: '150.000' },
-        { label: de ? 'Externe Berater (TÜV, DEKRA, Anwälte)' : 'External consultants (TÜV, DEKRA, lawyers)', without: '120.000', with: '30.000', save: '90.000' },
-        { label: de ? 'Entwickler-Produktivität (20+ Devs)' : 'Developer productivity (20+ devs)', without: '540.000', with: '200.000', save: '340.000' },
+        { label: de ? 'Produktivere Compliance-Arbeitszeit (~50%)' : 'More productive compliance time (~50%)', without: '200.000', with: '100.000', save: '100.000' },
+        { label: de ? 'Externe Berater (TÜV, DEKRA, Anwälte)' : 'External consultants (TÜV, DEKRA, lawyers)', without: '120.000', with: '40.000', save: '80.000' },
+        { label: de ? 'Compliance-Abteilung (2-3 FTE)' : 'Compliance department (2-3 FTE)', without: '250.000', with: '120.000', save: '130.000' },
        { label: de ? 'Incident Response / Strafvermeidung' : 'Incident response / penalty avoidance', without: '150.000', with: '50.000', save: '100.000' },
      ],
-      totalWithout: '2.113.500',
-      totalWith: '1.074.080',
-      totalSave: '1.039.420',
-      roi: '20,8x',
+      totalWithout: '1.190.000',
+      totalWith: '410.000',
+      totalSave: '780.000',
+      roi: '15,6x',
    },
  ]

@@ -100,7 +100,7 @@ export default function SavingsSlide({ lang }: SavingsSlideProps) {
                    <Icon className={`w-6 h-6 ${co.color}`} />
                    <div>
                      <h3 className={`text-sm font-bold ${co.color}`}>{co.name}</h3>
-                      <p className="text-[10px] text-white/40">{co.desc}</p>
+                      <p className="text-xs text-white/40">{co.desc}</p>
                    </div>
                  </div>
                  <div className="text-right">
@@ -110,7 +110,7 @@ export default function SavingsSlide({ lang }: SavingsSlideProps) {
                </div>

                {/* Savings table */}
-                <div className="grid grid-cols-[1fr_80px_80px_80px] gap-x-2 text-[10px] text-white/30 uppercase tracking-wider mb-1.5 border-b border-white/10 pb-1">
+                <div className="grid grid-cols-[1fr_80px_80px_80px] gap-x-2 text-xs text-white/30 uppercase tracking-wider mb-1.5 border-b border-white/10 pb-1">
                  <span>{de ? 'Kostenposition' : 'Cost Item'}</span>
                  <span className="text-right">{de ? 'Ohne' : 'Without'}</span>
                  <span className="text-right">{de ? 'Mit' : 'With'}</span>
@@ -126,14 +126,14 @@ export default function StrategySlide({ lang }: StrategySlideProps) {
                  <Icon className={`w-4 h-4 ${phase.color}`} />
                  <h4 className={`text-xs font-bold ${phase.color}`}>{phase.title}</h4>
                </div>
-                <p className="text-[10px] text-white/30 mb-1">{phase.period}</p>
-                <div className="flex justify-between text-[10px] mb-2">
+                <p className="text-xs text-white/30 mb-1">{phase.period}</p>
+                <div className="flex justify-between text-xs mb-2">
                  <span className="text-white/50">{phase.team}</span>
                  <span className={`font-mono font-bold ${phase.color}`}>{phase.arr}</span>
                </div>
                <div className="space-y-1">
                  {phase.items.map((item, i) => (
-                    <p key={i} className="text-[10px] text-white/60 pl-3 relative">
+                    <p key={i} className="text-xs text-white/60 pl-3 relative">
                      <span className={`absolute left-0 top-1 w-1.5 h-1.5 rounded-full ${phase.color.replace('text-', 'bg-')}/60`} />
                      {item}
                    </p>
@@ -154,9 +154,9 @@ export default function StrategySlide({ lang }: StrategySlideProps) {
          <GlassCard delay={0.5} hover={false} className="p-4 border-t-2 border-t-blue-500">
            <div className="flex items-center justify-between mb-2">
              <h4 className="text-sm font-bold text-blue-400">CANCOM Cloud Marketplace</h4>
-              <span className="text-[9px] bg-blue-500/20 text-blue-300 px-2 py-0.5 rounded-full">{de ? 'Schneller Einstieg' : 'Fast Entry'}</span>
+              <span className="text-[11px] bg-blue-500/20 text-blue-300 px-2 py-0.5 rounded-full">{de ? 'Schneller Einstieg' : 'Fast Entry'}</span>
            </div>
-            <p className="text-[10px] text-white/40 mb-2">{de ? 'TecDAX · ~5.800 MA · 120+ SaaS-Produkte gelistet' : 'TecDAX · ~5,800 emp. · 120+ SaaS products listed'}</p>
+            <p className="text-xs text-white/40 mb-2">{de ? 'TecDAX · ~5.800 MA · 120+ SaaS-Produkte gelistet' : 'TecDAX · ~5,800 emp. · 120+ SaaS products listed'}</p>
            <div className="space-y-1.5">
              {(de ? [
                'Formales ISV-Partnerprogramm — strukturiertes Onboarding',
@@ -180,9 +180,9 @@ export default function StrategySlide({ lang }: StrategySlideProps) {
          <GlassCard delay={0.55} hover={false} className="p-4 border-t-2 border-t-emerald-500">
            <div className="flex items-center justify-between mb-2">
              <h4 className="text-sm font-bold text-emerald-400">Bechtle Systemhäuser</h4>
-              <span className="text-[9px] bg-emerald-500/20 text-emerald-300 px-2 py-0.5 rounded-full">{de ? 'Größte Reichweite' : 'Largest Reach'}</span>
+              <span className="text-[11px] bg-emerald-500/20 text-emerald-300 px-2 py-0.5 rounded-full">{de ? 'Größte Reichweite' : 'Largest Reach'}</span>
            </div>
-            <p className="text-[10px] text-white/40 mb-2">{de ? '15.000 MA · 85+ Standorte · 6,3 Mrd. EUR · 70.000 Kunden' : '15,000 emp. · 85+ locations · EUR 6.3B · 70,000 customers'}</p>
+            <p className="text-xs text-white/40 mb-2">{de ? '15.000 MA · 85+ Standorte · 6,3 Mrd. EUR · 70.000 Kunden' : '15,000 emp. · 85+ locations · EUR 6.3B · 70,000 customers'}</p>
            <div className="space-y-1.5">
              {(de ? [
                'Regionaler Einstieg: Lokales Systemhaus wo wir Kunden haben',
@@ -203,6 +203,11 @@ export default function StrategySlide({ lang }: StrategySlideProps) {
            </div>
          </GlassCard>
        </div>
+        <p className="text-xs text-white/30 text-center mt-2 italic">
+          {de
+            ? '* CANCOM und Bechtle sind geplante Distributionspartner. Eine Kontaktaufnahme ist noch nicht erfolgt.'
+            : '* CANCOM and Bechtle are planned distribution partners. No contact has been made yet.'}
+        </p>
      </FadeInView>

      {/* Channel-First Quote */}
@@ -3,7 +3,7 @@
 import { motion } from 'framer-motion'
 import { Language, PitchTeamMember } from '@/lib/types'
 import { t } from '@/lib/i18n'
-import { User, Linkedin } from 'lucide-react'
+import { User, Linkedin, Github } from 'lucide-react'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import Image from 'next/image'
@@ -13,89 +13,109 @@ interface TeamSlideProps {
  team: PitchTeamMember[]
 }

+function equityDisplay(pct: number | string | null | undefined): string {
+  const n = Number(pct)
+  if (!Number.isFinite(n)) return '—'
+  return Number.isInteger(n) ? `${n}%` : `${n.toFixed(1)}%`
+}
+
+function detectProfileLink(url: string | null | undefined): { icon: typeof Linkedin | typeof Github; label: string } | null {
+  if (!url) return null
+  if (url.includes('github.com')) return { icon: Github, label: 'GitHub' }
+  if (url.includes('linkedin.com')) return { icon: Linkedin, label: 'LinkedIn' }
+  return { icon: Linkedin, label: 'Profile' }
+}
+
 export default function TeamSlide({ lang, team }: TeamSlideProps) {
  const i = t(lang)

  return (
    <div>
-      <FadeInView className="text-center mb-12">
+      <FadeInView className="text-center mb-8">
        <h2 className="text-4xl md:text-5xl font-bold mb-3">
          <GradientText>{i.team.title}</GradientText>
        </h2>
        <p className="text-lg text-white/50 max-w-2xl mx-auto">{i.team.subtitle}</p>
      </FadeInView>

-      <div className="grid md:grid-cols-2 gap-8 max-w-4xl mx-auto">
-        {team.map((member, idx) => (
+      <div className="grid md:grid-cols-2 gap-6 max-w-5xl mx-auto items-stretch">
+        {team.map((member, idx) => {
+          const link = detectProfileLink(member.linkedin_url)
+          const LinkIcon = link?.icon
+          return (
            <motion.div
              key={member.id}
-            initial={{ opacity: 0, x: idx === 0 ? -40 : 40 }}
-            animate={{ opacity: 1, x: 0 }}
-            transition={{ delay: 0.3 + idx * 0.2, duration: 0.6 }}
-            className="bg-white/[0.08] backdrop-blur-xl border border-white/10 rounded-3xl p-8"
+              initial={{ opacity: 0, y: 20 }}
+              animate={{ opacity: 1, y: 0 }}
+              transition={{ delay: 0.2 + idx * 0.15, duration: 0.5 }}
+              className="bg-white/[0.04] backdrop-blur-xl border border-white/[0.08] rounded-2xl p-6 flex flex-col hover:border-indigo-500/20 transition-colors"
            >
-            <div className="flex items-start gap-5">
-              {/* Avatar — Foto oder Fallback */}
+              {/* Header: avatar + name + role */}
+              <div className="flex items-center gap-4 mb-5">
                {member.photo_url ? (
-                <div className="w-20 h-20 rounded-2xl overflow-hidden shrink-0 shadow-lg">
+                  <div className="w-16 h-16 rounded-2xl overflow-hidden shrink-0 shadow-lg">
                    <Image
                      src={member.photo_url}
                      alt={member.name}
-                    width={80}
-                    height={80}
+                      width={64}
+                      height={64}
                      className="w-full h-full object-cover"
                    />
                  </div>
                ) : (
-                <div className="w-20 h-20 rounded-2xl bg-gradient-to-br from-indigo-500 to-purple-600
-                  flex items-center justify-center shrink-0 shadow-lg">
-                  <User className="w-10 h-10 text-white" />
+                  <div className="w-16 h-16 rounded-2xl bg-gradient-to-br from-indigo-500 to-purple-600 flex items-center justify-center shrink-0 shadow-lg shadow-indigo-500/20">
+                    <User className="w-8 h-8 text-white" />
                  </div>
                )}

-              <div className="flex-1">
-                <div className="flex items-center gap-2 mb-1">
-                  <h3 className="text-xl font-bold text-white">{member.name}</h3>
-                  {member.linkedin_url && (
+                <div className="min-w-0 flex-1">
+                  <div className="flex items-center gap-2 mb-0.5 flex-wrap">
+                    <h3 className="text-xl font-bold text-white truncate">{member.name}</h3>
+                    {link && LinkIcon && (
                      <a
-                      href={member.linkedin_url}
+                        href={member.linkedin_url!}
                        target="_blank"
                        rel="noopener noreferrer"
-                      className="p-1 text-white/30 hover:text-[#0A66C2] transition-colors"
-                      title="LinkedIn"
+                        className="text-white/30 hover:text-indigo-300 transition-colors"
+                        title={link.label}
                      >
-                      <Linkedin className="w-4 h-4" />
+                        <LinkIcon className="w-4 h-4" />
                      </a>
                    )}
                  </div>
-                <p className="text-indigo-400 text-sm font-medium mb-3">
+                  <p className="text-indigo-400 text-sm font-medium">
                    {lang === 'de' ? member.role_de : member.role_en}
                  </p>
-                <p className="text-sm text-white/50 leading-relaxed mb-4">
+                </div>
+
+                {/* Equity pill in top-right */}
+                <div className="text-right shrink-0">
+                  <div className="text-[10px] uppercase tracking-wider text-white/30">{i.team.equity}</div>
+                  <div className="text-base font-bold text-white tabular-nums">{equityDisplay(member.equity_pct)}</div>
+                </div>
+              </div>
+
+              {/* Bio */}
+              <p className="text-sm text-white/60 leading-relaxed mb-5 flex-1">
                {lang === 'de' ? member.bio_de : member.bio_en}
              </p>

-                {/* Equity */}
-                <div className="flex items-center gap-2 mb-3">
-                  <span className="text-xs text-white/40">{i.team.equity}:</span>
-                  <span className="text-sm font-bold text-white">{member.equity_pct}%</span>
-                </div>
-
-                {/* Expertise Tags */}
-                <div className="flex flex-wrap gap-1.5">
+              {/* Expertise tags */}
+              {(member.expertise || []).length > 0 && (
+                <div className="flex flex-wrap gap-1.5 pt-4 border-t border-white/[0.06]">
                  {(member.expertise || []).map((skill, sidx) => (
                    <span
                      key={sidx}
-                      className="text-xs px-2.5 py-1 rounded-full bg-indigo-500/10 text-indigo-300 border border-indigo-500/20"
+                      className="text-[11px] px-2.5 py-1 rounded-full bg-indigo-500/10 text-indigo-300 border border-indigo-500/20"
                    >
                      {skill}
                    </span>
                  ))}
                </div>
-              </div>
-            </div>
+              )}
            </motion.div>
-        ))}
+          )
+        })}
      </div>
    </div>
  )
@@ -3,11 +3,12 @@
 import { motion } from 'framer-motion'
 import { Language, PitchFunding } from '@/lib/types'
 import { t } from '@/lib/i18n'
+import ProjectionFooter from '../ui/ProjectionFooter'
 import GradientText from '../ui/GradientText'
 import FadeInView from '../ui/FadeInView'
 import AnimatedCounter from '../ui/AnimatedCounter'
 import GlassCard from '../ui/GlassCard'
-import { Target, Calendar, FileText } from 'lucide-react'
+import { Landmark, Banknote, ArrowRightLeft, TrendingUp, ShieldCheck, Target, Calendar, FileText } from 'lucide-react'
 import { PieChart, Pie, Cell, ResponsiveContainer, Tooltip } from 'recharts'

 interface TheAskSlideProps {
@@ -40,13 +41,17 @@ function formatTargetDate(dateStr: string, lang: Language): string {

 export default function TheAskSlide({ lang, funding }: TheAskSlideProps) {
  const i = t(lang)
-  const useOfFunds = funding?.use_of_funds || []
-  const amount = funding?.amount_eur || 0
+  const de = lang === 'de'
+  const isWandeldarlehen = (funding?.instrument || '').toLowerCase().includes('wandeldarlehen')
+  const rawFunds = funding?.use_of_funds
+  const useOfFunds = Array.isArray(rawFunds) ? rawFunds : (typeof rawFunds === 'string' ? JSON.parse(rawFunds) : [])
+  const amount = Number(funding?.amount_eur) || 0
  const { target, suffix } = formatFundingAmount(amount)
+  const totalBudget = isWandeldarlehen ? amount * 2 : amount

-  const pieData = useOfFunds.map((item) => ({
-    name: lang === 'de' ? item.label_de : item.label_en,
-    value: item.percentage,
+  const pieData = useOfFunds.map((item: Record<string, unknown>) => ({
+    name: (de ? item.label_de : item.label_en) as string || 'N/A',
+    value: Number(item.percentage) || 0,
  }))

  return (
@@ -70,6 +75,48 @@ export default function TheAskSlide({ lang, funding }: TheAskSlideProps) {
            <span className="text-3xl md:text-4xl text-white/50 ml-2">EUR</span>
          </p>
        </motion.div>
+        {isWandeldarlehen && (
+          <div className="space-y-3 mt-4">
+            {/* Row 1: 200k Scenario */}
+            <div className="flex items-center justify-center gap-3">
+              <div className="text-center px-4 py-2 bg-indigo-500/10 border border-indigo-500/20 rounded-xl">
+                <p className="text-xs text-white/40">{de ? 'Ihr Investment' : 'Your Investment'}</p>
+                <p className="text-lg font-bold text-indigo-400">40k EUR</p>
+                <p className="text-[10px] text-white/30">{de ? 'ab 20% — auch mehr möglich' : 'from 20% — more possible'}</p>
+              </div>
+              <span className="text-2xl text-white/30 font-light">+</span>
+              <div className="text-center px-4 py-2 bg-emerald-500/10 border border-emerald-500/20 rounded-xl">
+                <p className="text-xs text-white/40">L-Bank Pre-Seed</p>
+                <p className="text-lg font-bold text-emerald-400">160k EUR</p>
+              </div>
+              <span className="text-2xl text-white/30 font-light">=</span>
+              <div className="text-center px-4 py-2 bg-white/5 border border-white/10 rounded-xl">
+                <p className="text-xs text-white/40">{de ? 'Gesamtfinanzierung' : 'Total Funding'}</p>
+                <p className="text-lg font-bold text-white">200k EUR</p>
+              </div>
+            </div>
+            {/* Row 2: 400k Scenario (optional) */}
+            <div className="flex items-center justify-center gap-3 opacity-60">
+              <div className="text-center px-3 py-1.5 bg-indigo-500/5 border border-indigo-500/10 rounded-xl">
+                <p className="text-[10px] text-white/30">{de ? 'Ihr Investment' : 'Your Investment'}</p>
+                <p className="text-sm font-bold text-indigo-400/70">80k EUR</p>
+              </div>
+              <span className="text-lg text-white/20 font-light">+</span>
+              <div className="text-center px-3 py-1.5 bg-emerald-500/5 border border-emerald-500/10 rounded-xl">
+                <p className="text-[10px] text-white/30">L-Bank Pre-Seed</p>
+                <p className="text-sm font-bold text-emerald-400/70">320k EUR</p>
+              </div>
+              <span className="text-lg text-white/20 font-light">=</span>
+              <div className="text-center px-3 py-1.5 bg-white/5 border border-white/10 rounded-xl">
+                <p className="text-[10px] text-white/30">{de ? 'Gesamtfinanzierung' : 'Total Funding'}</p>
+                <p className="text-sm font-bold text-white/70">400k EUR</p>
+              </div>
+            </div>
+            <p className="text-[10px] text-white/25 text-center">
+              {de ? 'Optional: doppelte Tranche bei höherem Investor-Anteil' : 'Optional: double tranche with higher investor share'}
+            </p>
+          </div>
+        )}
      </FadeInView>

      {/* Details — dynamisch aus funding-Objekt */}
@@ -93,6 +140,75 @@ export default function TheAskSlide({ lang, funding }: TheAskSlideProps) {
        </GlassCard>
      </div>

+      {/* Wandeldarlehen Explanation — only shown for Wandeldarlehen versions */}
+      {isWandeldarlehen && (
+        <>
+          {/* How it works */}
+          <FadeInView delay={0.5} className="mb-6">
+            <GlassCard hover={false} className="p-6">
+              <h3 className="text-lg font-semibold text-white mb-4 text-center">
+                {de ? 'So funktioniert das Wandeldarlehen' : 'How the Convertible Loan Works'}
+              </h3>
+              <div className="grid md:grid-cols-3 gap-4">
+                <div className="text-center p-4 bg-white/5 rounded-xl">
+                  <Banknote className="w-6 h-6 text-indigo-400 mx-auto mb-2" />
+                  <p className="text-sm font-bold text-white mb-1">
+                    {de ? '1. Investition' : '1. Investment'}
+                  </p>
+                  <p className="text-xs text-white/50 leading-relaxed">
+                    {de
+                      ? 'Investor stellt Darlehen bereit — keine sofortige Bewertung, keine sofortige Verwässerung.'
+                      : 'Investor provides a loan — no immediate valuation, no immediate dilution.'}
+                  </p>
+                </div>
+                <div className="text-center p-4 bg-white/5 rounded-xl">
+                  <ArrowRightLeft className="w-6 h-6 text-purple-400 mx-auto mb-2" />
+                  <p className="text-sm font-bold text-white mb-1">
+                    {de ? '2. Conversion' : '2. Conversion'}
+                  </p>
+                  <p className="text-xs text-white/50 leading-relaxed">
+                    {de
+                      ? 'Bei der nächsten Finanzierungsrunde wandelt das Darlehen in Anteile — mit Discount für den Frühphasen-Investor.'
+                      : 'At the next funding round, the loan converts to equity — with a discount for the early-stage investor.'}
+                  </p>
+                </div>
+                <div className="text-center p-4 bg-white/5 rounded-xl">
+                  <TrendingUp className="w-6 h-6 text-emerald-400 mx-auto mb-2" />
+                  <p className="text-sm font-bold text-white mb-1">
+                    {de ? '3. Investor-Vorteil' : '3. Investor Advantage'}
+                  </p>
+                  <p className="text-xs text-white/50 leading-relaxed">
+                    {de
+                      ? 'Durch den Discount erhält der Investor mehr Anteile pro Euro als spätere Investoren — Prämie für frühes Vertrauen.'
+                      : 'The discount gives the investor more shares per euro than later investors — a premium for early trust.'}
+                  </p>
+                </div>
+              </div>
+            </GlassCard>
+          </FadeInView>
+
+          {/* Pre-Seed BW / L-Bank */}
+          <FadeInView delay={0.6} className="mb-6">
+            <div className="bg-gradient-to-r from-emerald-500/10 to-blue-500/10 border border-emerald-500/20 rounded-xl px-5 py-3">
+              <div className="flex items-start gap-3">
+                <ShieldCheck className="w-5 h-5 text-emerald-400 mt-0.5 shrink-0" />
+                <div>
+                  <p className="text-sm font-bold text-white mb-1">
+                    {de ? 'Pre-Seed BW — Staatliche Co-Finanzierung (L-Bank)' : 'Pre-Seed BW — Government Co-Financing (L-Bank)'}
+                  </p>
+                  <p className="text-xs text-white/50 leading-relaxed">
+                    {de
+                      ? 'Das Investment wird über das Pre-Seed-Programm von Start-up BW / L-Bank staatlich co-finanziert. Die L-Bank stellt eine Zuwendung mit Wandlungsvorbehalt bereit — das reduziert das Risiko für private Investoren und signalisiert staatliches Vertrauen in das Geschäftsmodell.'
+                      : 'The investment is co-financed through the Pre-Seed BW / L-Bank government program. L-Bank provides a grant with conversion option — reducing risk for private investors and signaling government confidence in the business model.'}
+                  </p>
+                </div>
+              </div>
+            </div>
+          </FadeInView>
+
+        </>
+      )}
+
      {/* Use of Funds */}
      <FadeInView delay={0.8}>
        <GlassCard hover={false} className="p-6">
@@ -139,7 +255,7 @@ export default function TheAskSlide({ lang, funding }: TheAskSlideProps) {
                  </span>
                  <span className="text-sm font-bold text-white">{item.percentage}%</span>
                  <span className="text-xs text-white/30">
-                    {((amount * item.percentage) / 100).toLocaleString('de-DE')} EUR
+                    {((totalBudget * item.percentage) / 100).toLocaleString('de-DE')} EUR
                  </span>
                </div>
              ))}
@@ -147,6 +263,34 @@ export default function TheAskSlide({ lang, funding }: TheAskSlideProps) {
          </div>
        </GlassCard>
      </FadeInView>
+
+      {/* INVEST Program Hint */}
+      <FadeInView delay={0.6} className="mt-4">
+        <div className="bg-gradient-to-r from-indigo-500/10 to-emerald-500/10 border border-indigo-500/20 rounded-xl px-5 py-3">
+          <div className="flex items-start gap-3">
+            <Landmark className="w-5 h-5 text-indigo-400 mt-0.5 shrink-0" />
+            <div>
+              <p className="text-sm font-bold text-white mb-1">
+                {de
+                  ? 'BAFA INVEST — Zuschuss für Wagniskapital (Kombinierbarkeit mit L-Bank Wandeldarlehen muss geprüft werden)'
+                  : 'BAFA INVEST — Venture Capital Grant (Compatibility with L-Bank convertible loan must be verified)'}
+              </p>
+              <p className="text-xs text-white/50 leading-relaxed">
+                {de
+                  ? 'Investoren erhalten über das BAFA INVEST-Programm bis zu 15% steuerfreien Erwerbszuschuss auf ihr Investment (max. 50.000 EUR pro Einzelinvestment) sowie zusätzlich 25% Exit-Zuschuss auf Veräußerungsgewinne. Effektive Förderung: bis zu 40% (Entry + Exit kombiniert). Voraussetzung: natürliche Person, Mindesthaltedauer 3 Jahre.'
+                  : 'Investors receive up to 15% tax-free acquisition grant on their investment through the BAFA INVEST program (max. EUR 50,000 per single investment) plus an additional 25% exit grant on capital gains. Effective support: up to 40% (entry + exit combined). Requirements: natural person, 3-year minimum holding period.'}
+              </p>
+              <p className="text-[11px] text-white/30 mt-1 italic">
+                {de
+                  ? '* Programm verlängert bis 31.12.2026. Aktuelle Konditionen auf bafa.de prüfen.'
+                  : '* Program extended until 31.12.2026. Verify current terms at bafa.de.'}
+              </p>
+            </div>
+          </div>
+        </div>
+      </FadeInView>
+
+      <ProjectionFooter lang={lang} />
    </div>
  )
 }
@@ -0,0 +1,160 @@
+'use client'
+
+import { Language } from '@/lib/types'
+import GradientText from '../ui/GradientText'
+import FadeInView from '../ui/FadeInView'
+import GlassCard from '../ui/GlassCard'
+import {
+  FileCheck,
+  Code,
+  Zap,
+  Shield,
+  GitPullRequest,
+  ArrowLeftRight,
+} from 'lucide-react'
+
+interface USPSlideProps {
+  lang: Language
+}
+
+export default function USPSlide({ lang }: USPSlideProps) {
+  const de = lang === 'de'
+
+  const subtitle = de
+    ? 'Die erste Plattform, die Compliance-Dokumente und tatsächliche Code-Umsetzung verbindet'
+    : 'The first platform that connects compliance documents with actual code implementation'
+
+  const complianceItems = de
+    ? ['DSGVO-Dokumente', 'Audit-Management', 'RFQ-Anforderungen', 'CE-Bewertungen']
+    : ['GDPR documents', 'Audit management', 'RFQ requirements', 'CE assessments']
+
+  const codeItems = de
+    ? ['SAST / DAST / SBOM', 'Pentesting', 'Issue-Tracker', 'Auto-Fixes']
+    : ['SAST / DAST / SBOM', 'Pentesting', 'Issue tracker', 'Auto-fixes']
+
+  const capabilities = [
+    {
+      icon: GitPullRequest,
+      color: 'text-indigo-400',
+      label: de ? 'RFQ-Prüfung' : 'RFQ Verification',
+      desc: de
+        ? 'Kunden-Anforderungsdokumente werden automatisiert gegen die aktuelle Source-Code-Umsetzung geprüft. Abweichungen werden erkannt, Änderungen vorgeschlagen und auf Wunsch direkt im Code umgesetzt — ohne manuelles Nacharbeiten.'
+        : 'Customer requirement documents are automatically verified against current source code. Deviations are detected, changes proposed and implemented directly in code on request — no manual rework needed.',
+    },
+    {
+      icon: ArrowLeftRight,
+      color: 'text-purple-400',
+      label: de ? 'Bidirektional' : 'Bidirectional',
+      desc: de
+        ? 'Compliance-Anforderungen fliessen direkt in den Code. Umgekehrt aktualisieren Code-Änderungen automatisch die Compliance-Dokumentation. Beide Seiten sind immer synchron — kein Informationsverlust zwischen Audit und Entwicklung.'
+        : 'Compliance requirements flow directly into code. Conversely, code changes automatically update compliance documentation. Both sides always stay in sync — no information loss between audit and development.',
+    },
+    {
+      icon: Zap,
+      color: 'text-amber-400',
+      label: de ? 'Prozess-Compliance' : 'Process Compliance',
+      desc: de
+        ? 'Vom Audit-Finding über das Ticket bis zur Code-Änderung läuft der gesamte Prozess automatisiert durch. Rollen, Fristen und Eskalation werden End-to-End verwaltet. Nachweise werden automatisch generiert und archiviert.'
+        : 'From audit finding to ticket to code change, the entire process runs automatically. Roles, deadlines and escalation are managed end-to-end. Evidence is automatically generated and archived.',
+    },
+    {
+      icon: Shield,
+      color: 'text-emerald-400',
+      label: de ? 'Kontinuierlich' : 'Continuous',
+      desc: de
+        ? 'Klassische Compliance prüft einmal im Jahr und hofft auf das Beste. Unsere Plattform prüft bei jeder Code-Änderung. Findings werden sofort zu Tickets mit konkreten Implementierungsvorschlägen im Issue-Tracker der Wahl.'
+        : 'Traditional compliance checks once a year and hopes for the best. Our platform checks on every code change. Findings immediately become tickets with concrete implementation proposals in the issue tracker of choice.',
+    },
+  ]
+
+  return (
+    <div>
+      <FadeInView className="text-center mb-8">
+        <h2 className="text-4xl md:text-5xl font-bold mb-3">
+          <GradientText>USP</GradientText>
+        </h2>
+        <p className="text-lg text-white/50 max-w-3xl mx-auto">{subtitle}</p>
+      </FadeInView>
+
+      <FadeInView delay={0.2}>
+        <div className="relative max-w-6xl mx-auto" style={{ height: '580px' }}>
+
+          {/* CENTER: Large circle */}
+          <div className="absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2" style={{ width: '440px', height: '440px' }}>
+            <div className="absolute inset-0 rounded-full border-2 border-dashed border-indigo-500/20 animate-[spin_20s_linear_infinite]" />
+            <div className="absolute inset-4 rounded-full border border-white/[0.06] bg-white/[0.015]" />
+
+            <div className="absolute inset-0 flex items-center justify-center z-10">
+              <div className="w-20 h-20 rounded-full bg-gradient-to-br from-indigo-500 to-purple-600 flex items-center justify-center shadow-xl shadow-indigo-500/30">
+                <span className="text-3xl font-black text-white">&#x221E;</span>
+              </div>
+            </div>
+
+            <div className="absolute left-12 top-1/2 -translate-y-1/2 w-[120px] z-10">
+              <div className="flex items-center gap-1.5 mb-2">
+                <FileCheck className="w-4 h-4 text-indigo-400" />
+                <span className="text-sm font-bold text-indigo-400">Compliance</span>
+              </div>
+              <ul className="space-y-1.5">
+                {complianceItems.map((item, idx) => (
+                  <li key={idx} className="flex items-center gap-1.5 text-sm text-white/50">
+                    <span className="w-1.5 h-1.5 rounded-full bg-indigo-400 shrink-0" />
+                    {item}
+                  </li>
+                ))}
+              </ul>
+            </div>
+
+            <div className="absolute right-7 top-1/2 -translate-y-1/2 w-[120px] z-10">
+              <div className="flex items-center gap-1.5 mb-2">
+                <Code className="w-4 h-4 text-purple-400" />
+                <span className="text-sm font-bold text-purple-400">Code</span>
+              </div>
+              <ul className="space-y-1.5">
+                {codeItems.map((item, idx) => (
+                  <li key={idx} className="flex items-center gap-1.5 text-sm text-white/50">
+                    <span className="w-1.5 h-1.5 rounded-full bg-purple-400 shrink-0" />
+                    {item}
+                  </li>
+                ))}
+              </ul>
+            </div>
+
+            <div className="absolute top-[12%] left-[12%] text-indigo-400/60 text-lg z-20">&#x25C0;</div>
+            <div className="absolute top-[12%] right-[12%] text-purple-400/60 text-lg z-20">&#x25B6;</div>
+            <div className="absolute bottom-[12%] left-[12%] text-amber-400/60 text-lg z-20">&#x25C0;</div>
+            <div className="absolute bottom-[12%] right-[12%] text-emerald-400/60 text-lg z-20">&#x25B6;</div>
+          </div>
+
+          {/* 4 CORNER CARDS */}
+          {capabilities.map((cap, idx) => {
+            const Icon = cap.icon
+            const posClass = idx === 0 ? 'top-0 left-0'
+              : idx === 1 ? 'top-0 right-0'
+              : idx === 2 ? 'bottom-0 left-0'
+              : 'bottom-0 right-0'
+            return (
+              <div key={idx} className={`absolute ${posClass} w-[290px]`}>
+                <GlassCard hover={false} className="p-4" delay={0}>
+                  <div className="flex items-center gap-2 mb-2">
+                    <Icon className={`w-5 h-5 ${cap.color}`} />
+                    <h3 className={`text-base font-bold ${cap.color}`}>{cap.label}</h3>
+                  </div>
+                  <p className="text-sm text-white/50 leading-relaxed">{cap.desc}</p>
+                </GlassCard>
+              </div>
+            )
+          })}
+
+          {/* SVG connection lines */}
+          <svg className="absolute inset-0 w-full h-full pointer-events-none z-0" preserveAspectRatio="none" viewBox="0 0 100 100">
+            <line x1="30" y1="25" x2="22" y2="15" stroke="rgba(99,102,241,0.15)" strokeWidth="0.3" strokeDasharray="1 1" />
+            <line x1="70" y1="25" x2="78" y2="15" stroke="rgba(168,85,247,0.15)" strokeWidth="0.3" strokeDasharray="1 1" />
+            <line x1="30" y1="75" x2="22" y2="85" stroke="rgba(245,158,11,0.15)" strokeWidth="0.3" strokeDasharray="1 1" />
+            <line x1="70" y1="75" x2="78" y2="85" stroke="rgba(16,185,129,0.15)" strokeWidth="0.3" strokeDasharray="1 1" />
+          </svg>
+        </div>
+      </FadeInView>
+    </div>
+  )
+}
@@ -40,8 +40,8 @@ export default function KPICard({
        style={{ backgroundColor: color }}
      />

-      <p className="text-[10px] uppercase tracking-wider text-white/40 mb-1">{label}</p>
-      <div className="flex items-end gap-2">
+      <p className="text-[10px] uppercase tracking-wider text-white/40 mb-1 text-center">{label}</p>
+      <div className="flex items-end justify-center gap-2">
        <p className="text-2xl font-bold text-white leading-none">
          <AnimatedCounter target={value} prefix={prefix} suffix={suffix} duration={1200} decimals={decimals} />
        </p>
@@ -52,7 +52,7 @@ export default function KPICard({
        )}
      </div>
      {subLabel && (
-        <p className="text-[10px] text-white/30 mt-1">{subLabel}</p>
+        <p className="text-[10px] text-white/30 mt-1 text-center">{subLabel}</p>
      )}
    </motion.div>
  )
@@ -0,0 +1,20 @@
+'use client'
+
+import { Language } from '@/lib/types'
+
+interface ProjectionFooterProps {
+  lang: Language
+}
+
+export default function ProjectionFooter({ lang }: ProjectionFooterProps) {
+  const de = lang === 'de'
+  return (
+    <div className="mt-3 pt-2 border-t border-white/5">
+      <p className="text-[9px] text-white/20 text-center italic">
+        {de
+          ? 'Alle Finanzdaten sind Planzahlen und stellen keine Garantie für künftige Ergebnisse dar (Stand: Q2 2026)'
+          : 'All financial data are projections and do not constitute a guarantee of future results (as of: Q2 2026)'}
+      </p>
+    </div>
+  )
+}
@@ -1,11 +1,11 @@
-import { SignJWT, jwtVerify } from 'jose'
+import { SignJWT, jwtVerify, decodeJwt } from 'jose'
 import { randomBytes, createHash } from 'crypto'
 import { cookies } from 'next/headers'
 import pool from './db'

 const COOKIE_NAME = 'pitch_session'
-const JWT_EXPIRY = '1h'
 const SESSION_EXPIRY_HOURS = 24
+const JWT_EXPIRY = `${SESSION_EXPIRY_HOURS}h`

 function getJwtSecret() {
  const secret = process.env.PITCH_JWT_SECRET
@@ -125,7 +125,34 @@ export async function getSessionFromCookie(): Promise<JwtPayload | null> {
  const cookieStore = await cookies()
  const token = cookieStore.get(COOKIE_NAME)?.value
  if (!token) return null
-  return verifyJwt(token)
+
+  // Fast path: valid non-expired JWT
+  const payload = await verifyJwt(token)
+  if (payload) return payload
+
+  // Slow path: JWT may be expired but DB session could still be valid.
+  // Decode without signature/expiry check to recover sessionId + sub.
+  try {
+    const decoded = decodeJwt(token) as Partial<JwtPayload>
+    if (!decoded.sessionId || !decoded.sub) return null
+
+    const valid = await validateSession(decoded.sessionId, decoded.sub)
+    if (!valid) return null
+
+    // DB session still live — fetch email and reissue a fresh JWT
+    const { rows } = await pool.query(
+      `SELECT email FROM pitch_investors WHERE id = $1`,
+      [decoded.sub]
+    )
+    if (rows.length === 0) return null
+
+    const freshJwt = await createJwt({ sub: decoded.sub, email: rows[0].email, sessionId: decoded.sessionId })
+    await setSessionCookie(freshJwt)
+
+    return { sub: decoded.sub, email: rows[0].email, sessionId: decoded.sessionId }
+  } catch {
+    return null
+  }
 }

 export function getClientIp(request: Request): string | null {
@@ -1,4 +1,11 @@
-import { Pool } from 'pg'
+import { Pool, types } from 'pg'
+
+// Coerce NUMERIC/DECIMAL columns to JS numbers globally. The default
+// node-postgres behavior hands them back as strings, which silently breaks
+// every downstream `.toFixed()` / direct-number call (seen crashing
+// UnitEconomicsCards on the Finanzen slide). Our values fit comfortably in
+// Number.MAX_SAFE_INTEGER, so the precision trade-off is fine.
+types.setTypeParser(types.builtins.NUMERIC, (val) => (val === null ? null : parseFloat(val)))

 const pool = new Pool({
  connectionString: process.env.DATABASE_URL || 'postgres://breakpilot:breakpilot123@localhost:5432/breakpilot_db',
@@ -0,0 +1,9 @@
+export const DEFAULT_GREETING = 'Sehr geehrte Damen und Herren'
+export const DEFAULT_MESSAGE =
+  'wir freuen uns, Ihnen einen exklusiven Zugang zu unserem interaktiven Investor Pitch Deck zu gewähren. Die Präsentation enthält alle relevanten Informationen zu unserem Unternehmen, unserem Produkt und unserer Finanzierungsstrategie.'
+export const DEFAULT_CLOSING =
+  'Mit freundlichen Grüßen,\nBenjamin Boenisch & Sharang Parnerkar\nGründer — BreakPilot ComplAI'
+
+export function getDefaultGreeting(name: string | null): string {
+  return name ? `Sehr geehrte(r) ${name}` : DEFAULT_GREETING
+}
@@ -1,4 +1,12 @@
+import 'server-only'
 import nodemailer from 'nodemailer'
+import {
+  DEFAULT_MESSAGE,
+  DEFAULT_CLOSING,
+  getDefaultGreeting,
+} from '@/lib/email-templates'
+
+export { DEFAULT_GREETING, DEFAULT_MESSAGE, DEFAULT_CLOSING, getDefaultGreeting } from '@/lib/email-templates'

 const transporter = nodemailer.createTransport({
  host: process.env.SMTP_HOST,
@@ -16,14 +24,21 @@ const fromAddr = process.env.SMTP_FROM_ADDR || 'noreply@breakpilot.ai'
 export async function sendMagicLinkEmail(
  to: string,
  investorName: string | null,
-  magicLinkUrl: string
+  magicLinkUrl: string,
+  greeting?: string,
+  message?: string,
+  closing?: string,
 ): Promise<void> {
-  const greeting = investorName ? `Hello ${investorName}` : 'Hello'
+  const effectiveGreeting = greeting || getDefaultGreeting(investorName)
+  const effectiveMessage = message || DEFAULT_MESSAGE
+  const effectiveClosing = closing || DEFAULT_CLOSING
+  const closingHtml = effectiveClosing.replace(/\n/g, '<br>')
+  const ttl = process.env.MAGIC_LINK_TTL_HOURS || '72'

  await transporter.sendMail({
    from: `"${fromName}" <${fromAddr}>`,
    to,
-    subject: 'Your BreakPilot Pitch Deck Access',
+    subject: 'BreakPilot ComplAI — Ihr persönlicher Pitch-Deck-Zugang',
    html: `
      <!DOCTYPE html>
      <html>
@@ -36,6 +51,8 @@ export async function sendMagicLinkEmail(
          <tr>
            <td align="center">
              <table width="560" cellpadding="0" cellspacing="0" style="background:#111127;border-radius:12px;border:1px solid rgba(99,102,241,0.2);">
+
+                <!-- Header -->
                <tr>
                  <td style="padding:40px 40px 20px;">
                    <h1 style="margin:0;font-size:24px;color:#e0e0ff;font-weight:600;">
@@ -46,40 +63,96 @@ export async function sendMagicLinkEmail(
                    </p>
                  </td>
                </tr>
+
+                <!-- Greeting + Message -->
                <tr>
-                  <td style="padding:20px 40px;">
+                  <td style="padding:20px 40px 0;">
                    <p style="margin:0 0 16px;font-size:16px;color:rgba(255,255,255,0.8);line-height:1.6;">
-                      ${greeting},
+                      ${effectiveGreeting},
                    </p>
-                    <p style="margin:0 0 24px;font-size:16px;color:rgba(255,255,255,0.8);line-height:1.6;">
-                      You have been invited to view the BreakPilot ComplAI investor pitch deck.
-                      Click the button below to access the interactive presentation.
+                    <p style="margin:0 0 24px;font-size:15px;color:rgba(255,255,255,0.7);line-height:1.7;">
+                      ${effectiveMessage}
                    </p>
-                    <table cellpadding="0" cellspacing="0" style="margin:0 0 24px;">
+                  </td>
+                </tr>
+
+                <!-- Magic Link Explanation -->
                <tr>
-                        <td style="background:linear-gradient(135deg,#6366f1,#8b5cf6);border-radius:8px;padding:14px 32px;">
+                  <td style="padding:0 40px 20px;">
+                    <div style="background:rgba(99,102,241,0.08);border:1px solid rgba(99,102,241,0.15);border-radius:8px;padding:16px;">
+                      <p style="margin:0 0 4px;font-size:11px;font-weight:600;color:rgba(99,102,241,0.8);text-transform:uppercase;letter-spacing:0.5px;">
+                        Ihr persoenlicher Zugangslink
+                      </p>
+                      <p style="margin:0;font-size:13px;color:rgba(255,255,255,0.5);line-height:1.5;">
+                        Der untenstehende Link ist einmalig und verfaellt nach ${ttl} Stunden. Er gewaehrt Ihnen exklusiven Zugang zu unserem interaktiven Pitch Deck — inklusive KI-Assistent fuer Ihre Fragen.
+                      </p>
+                    </div>
+                  </td>
+                </tr>
+
+                <!-- Button -->
+                <tr>
+                  <td style="padding:0 40px 16px;" align="center">
+                    <table cellpadding="0" cellspacing="0">
+                      <tr>
+                        <td style="background:linear-gradient(135deg,#6366f1,#8b5cf6);border-radius:8px;padding:14px 40px;">
                          <a href="${magicLinkUrl}" style="color:#ffffff;font-size:16px;font-weight:600;text-decoration:none;display:inline-block;">
-                            View Pitch Deck
+                            Pitch Deck oeffnen
                          </a>
                        </td>
                      </tr>
                    </table>
-                    <p style="margin:0 0 8px;font-size:13px;color:rgba(255,255,255,0.4);line-height:1.5;">
-                      This link expires in ${process.env.MAGIC_LINK_TTL_HOURS || '72'} hours and can only be used once.
-                    </p>
-                    <p style="margin:0;font-size:13px;color:rgba(255,255,255,0.3);line-height:1.5;word-break:break-all;">
-                      ${magicLinkUrl}
-                    </p>
                  </td>
                </tr>
+
+                <!-- Raw link -->
                <tr>
-                  <td style="padding:20px 40px 40px;border-top:1px solid rgba(255,255,255,0.05);">
-                    <p style="margin:0;font-size:12px;color:rgba(255,255,255,0.25);line-height:1.5;">
-                      If you did not expect this email, you can safely ignore it.
-                      This is an AI-first company — we don't do PDFs.
+                  <td style="padding:0 40px 24px;">
+                    <p style="margin:0;font-size:11px;color:rgba(255,255,255,0.25);line-height:1.5;word-break:break-all;">
+                      Falls der Button nicht funktioniert: ${magicLinkUrl}
                    </p>
                  </td>
                </tr>
+
+                <!-- Closing -->
+                <tr>
+                  <td style="padding:0 40px 24px;">
+                    <p style="margin:0;font-size:15px;color:rgba(255,255,255,0.7);line-height:1.7;">
+                      ${closingHtml}
+                    </p>
+                  </td>
+                </tr>
+
+                <!-- Legal Footer DE -->
+                <tr>
+                  <td style="padding:20px 40px 12px;border-top:1px solid rgba(255,255,255,0.05);">
+                    <p style="margin:0 0 8px;font-size:10px;font-weight:600;color:rgba(255,255,255,0.3);text-transform:uppercase;letter-spacing:0.5px;">
+                      Vertraulichkeit &amp; Haftungsausschluss
+                    </p>
+                    <p style="margin:0 0 6px;font-size:10px;color:rgba(255,255,255,0.18);line-height:1.5;">
+                      Dieses Pitch Deck ist vertraulich und wurde ausschliesslich fuer den namentlich eingeladenen Empfaenger erstellt. Durch das Oeffnen des Links erklaert sich der Empfaenger einverstanden: (a) Der Inhalt ist vertraulich zu behandeln und darf nicht an Dritte weitergegeben, kopiert oder zugaenglich gemacht werden. Ausgenommen sind Berater (Rechtsanwaelte, Steuerberater), die berufsrechtlich zur Verschwiegenheit verpflichtet sind. (b) Die Informationen duerfen ausschliesslich zur Bewertung einer moeglichen Beteiligung verwendet werden. (c) Diese Vertraulichkeitsverpflichtung gilt fuer drei (3) Jahre ab Uebermittlung, unabhaengig davon, ob eine Beteiligung zustande kommt.
+                    </p>
+                    <p style="margin:0 0 12px;font-size:10px;color:rgba(255,255,255,0.18);line-height:1.5;">
+                      Dieses Dokument stellt weder ein Angebot zum Verkauf noch eine Aufforderung zur Abgabe eines Angebots zum Erwerb von Wertpapieren dar. Es handelt sich nicht um einen Wertpapierprospekt. Alle Finanzangaben sind Planzahlen und stellen keine Garantie fuer kuenftige Ergebnisse dar. Eine Beteiligung an einem jungen Unternehmen ist mit erheblichen Risiken verbunden, einschliesslich des Risikos eines Totalverlusts. Es gilt deutsches Recht. Gerichtsstand ist Konstanz, Deutschland.
+                    </p>
+                  </td>
+                </tr>
+
+                <!-- Legal Footer EN -->
+                <tr>
+                  <td style="padding:0 40px 40px;">
+                    <p style="margin:0 0 8px;font-size:10px;font-weight:600;color:rgba(255,255,255,0.2);text-transform:uppercase;letter-spacing:0.5px;">
+                      Confidentiality &amp; Disclaimer
+                    </p>
+                    <p style="margin:0 0 6px;font-size:10px;color:rgba(255,255,255,0.13);line-height:1.5;">
+                      This pitch deck is confidential and has been prepared exclusively for the personally invited recipient. By opening this link, the recipient agrees: (a) The content must be treated confidentially and may not be disclosed, copied or made accessible to third parties. Excluded are advisors (lawyers, tax advisors) professionally bound to secrecy. (b) The information may only be used for evaluating a possible participation. (c) This confidentiality obligation applies for three (3) years from transmission, regardless of whether a participation materializes.
+                    </p>
+                    <p style="margin:0;font-size:10px;color:rgba(255,255,255,0.13);line-height:1.5;">
+                      This document constitutes neither an offer to sell nor a solicitation of an offer to acquire securities. It is not a securities prospectus. All financial figures are projections and do not constitute a guarantee of future results. An investment in a young company involves significant risks, including the risk of total loss. German law applies. Place of jurisdiction is Konstanz, Germany.
+                    </p>
+                  </td>
+                </tr>
+
              </table>
            </td>
          </tr>
@@ -0,0 +1,89 @@
+import { FMResult } from '../types'
+
+export interface AnnualKPI {
+  year: number
+  mrr: number
+  arr: number
+  customers: number
+  arpu: number
+  employees: number
+  revenuePerEmployee: number
+  personnelCosts: number
+  totalRevenue: number
+  totalCosts: number
+  ebit: number
+  ebitMargin: number
+  taxes: number
+  netIncome: number
+  serverCostPerCustomer: number
+  grossMargin: number
+  burnRate: number
+  runway: number | null
+  cashBalance: number
+}
+
+const TAX_RATE = 0.30 // ~30% Körperschaftsteuer + Gewerbesteuer + Soli
+
+/**
+ * Aggregates 60 monthly FMResult entries into 5 annual KPI rows (2026–2030).
+ * All values are derived — nothing is hardcoded.
+ */
+export function computeAnnualKPIs(results: FMResult[]): AnnualKPI[] {
+  if (!results || results.length === 0) return []
+
+  const years = [2026, 2027, 2028, 2029, 2030]
+
+  return years.map(year => {
+    const yearResults = results.filter(r => r.year === year)
+    if (yearResults.length === 0) {
+      return emptyKPI(year)
+    }
+
+    const dec = yearResults[yearResults.length - 1] // December snapshot
+    const totalRevenue = yearResults.reduce((s, r) => s + r.revenue_eur, 0)
+    const personnelCosts = yearResults.reduce((s, r) => s + r.personnel_eur, 0)
+    const totalCogs = yearResults.reduce((s, r) => s + r.cogs_eur, 0)
+    const totalInfra = yearResults.reduce((s, r) => s + r.infra_eur, 0)
+    const totalMarketing = yearResults.reduce((s, r) => s + r.marketing_eur, 0)
+    const totalCosts = yearResults.reduce((s, r) => s + r.total_costs_eur, 0)
+
+    const ebit = totalRevenue - totalCosts
+    const ebitMargin = totalRevenue > 0 ? (ebit / totalRevenue) * 100 : 0
+    const taxes = ebit > 0 ? Math.round(ebit * TAX_RATE) : 0
+    const netIncome = ebit - taxes
+    const serverCost = dec.total_customers > 0
+      ? Math.round((totalInfra / 12) / dec.total_customers)
+      : 0
+
+    return {
+      year,
+      mrr: Math.round(dec.mrr_eur),
+      arr: Math.round(dec.arr_eur),
+      customers: Math.round(dec.total_customers),
+      arpu: dec.total_customers > 0 ? Math.round(dec.mrr_eur / dec.total_customers) : 0,
+      employees: Math.round(dec.employees_count),
+      revenuePerEmployee: dec.employees_count > 0 ? Math.round(totalRevenue / dec.employees_count) : 0,
+      personnelCosts: Math.round(personnelCosts),
+      totalRevenue: Math.round(totalRevenue),
+      totalCosts: Math.round(totalCosts),
+      ebit: Math.round(ebit),
+      ebitMargin: Math.round(ebitMargin),
+      taxes,
+      netIncome: Math.round(netIncome),
+      serverCostPerCustomer: serverCost,
+      grossMargin: Math.round(dec.gross_margin_pct),
+      burnRate: Math.round(dec.burn_rate_eur),
+      runway: dec.runway_months > 999 ? null : Math.round(dec.runway_months),
+      cashBalance: Math.round(dec.cash_balance_eur),
+    }
+  })
+}
+
+function emptyKPI(year: number): AnnualKPI {
+  return {
+    year, mrr: 0, arr: 0, customers: 0, arpu: 0, employees: 0,
+    revenuePerEmployee: 0, personnelCosts: 0, totalRevenue: 0, totalCosts: 0,
+    ebit: 0, ebitMargin: 0, taxes: 0, netIncome: 0,
+    serverCostPerCustomer: 0, grossMargin: 0, burnRate: 0, runway: null, cashBalance: 0,
+  }
+}
@@ -3,7 +3,7 @@
 import { useState, useEffect, useCallback, useRef } from 'react'
 import { FMScenario, FMResult, FMComputeResponse, InvestorSnapshot } from '../types'

-export function useFinancialModel(investorId?: string | null) {
+export function useFinancialModel(investorId?: string | null, preferredScenarioId?: string | null) {
  const [scenarios, setScenarios] = useState<FMScenario[]>([])
  const [activeScenarioId, setActiveScenarioId] = useState<string | null>(null)
  const [compareMode, setCompareMode] = useState(false)
@@ -51,7 +51,9 @@ export function useFinancialModel(investorId?: string | null) {
          }

          setScenarios(data)
-          const defaultScenario = data.find(s => s.is_default) || data[0]
+          // Use preferred scenario if available, otherwise default
+          const preferred = preferredScenarioId ? data.find(s => s.id === preferredScenarioId) : null
+          const defaultScenario = preferred || data.find(s => s.is_default) || data[0]
          if (defaultScenario) {
            setActiveScenarioId(defaultScenario.id)
          }
@@ -13,12 +13,13 @@ const translations = {
      'Cover',
      'Das Problem',
      'Die Lösung',
+      'USP',
      'Regulatorische Landschaft',
      'Modularer Baukasten',
      'So funktioniert\'s',
      'Markt',
      'Geschäftsmodell',
-      'Traction',
+      'Meilensteine',
      'Wettbewerb',
      'Team',
      'Finanzen',
@@ -36,6 +37,7 @@ const translations = {
      'Anhang: Strategie',
      'Anhang: Finanzplan',
      'Glossar',
+      'Rechtlicher Hinweis',
    ],
    executiveSummary: {
      title: 'Executive Summary',
@@ -43,12 +45,12 @@ const translations = {
      problem: 'Das Problem',
      problemText: 'Unternehmen – insbesondere im Maschinenbau – stehen vor einem strategischen Dilemma: Um wettbewerbsfähig zu bleiben, müssen sie KI einsetzen. Gleichzeitig können oder wollen sie keine US-basierten KI-Anbieter in ihre sensibelsten Systeme integrieren. Wer auf US-SaaS verzichtet, verliert den Anschluss an die KI-Transformation. Wer sie nutzt, riskiert den Abfluss kritischer Daten und regulatorische Unsicherheit. Parallel dazu werden über 30.000 Unternehmen in Deutschland durch neue EU-Regulierungen wie AI Act, Data Act, CRA und NIS2 massiv belastet – unabhängig von ihrer Größe oder digitalen Reife. Das Ergebnis: Entscheidungsblockade statt Innovation.',
      solution: 'Unsere Lösung',
-      solutionText: 'Breakpilot ersetzt punktuelle Audits durch kontinuierliche, automatisierte Compliance und Security. Bei jeder Code-Änderung werden SAST, DAST, SBOM und Pentests automatisch ausgeführt. VVT, TOMs, DSFA, Löschfristen und CE-Risikobeurteilungen werden fortlaufend generiert. Audit-Abweichungen End-to-End: Rollen, Fristen, Tickets, Nachweise, Eskalation bis zur GF. Nahtlose Integration in bestehende Workflows (z.\u00a0B. Jira). BSI-Cloud DE oder OVH FR. Ergebnis: kontinuierliche Compliance statt punktueller Prüfungen.',
+      solutionText: 'Breakpilot ersetzt punktuelle Audits durch kontinuierliche, automatisierte Compliance und Security. Bei jeder Code-Änderung werden SAST, DAST, SBOM und Pentests automatisch ausgeführt. VVT, TOMs, DSFA, Löschfristen und CE-Risikobeurteilungen werden fortlaufend generiert. Audit-Abweichungen End-to-End: Rollen, Fristen, Tickets, Nachweise, Eskalation bis zur GF. Nahtlose Integration in bestehende Workflows über den Issue-Tracker deiner Wahl. BSI-Cloud DE. Ergebnis: kontinuierliche Compliance statt punktueller Prüfungen.',
      roi: 'Kundenersparnis',
      roiText: 'Kunden zahlen ca. 50.000 EUR/Jahr und sparen: 30.000 EUR Pentests, 20.000 EUR CE-Beurteilungen, Auditmanager-Kosten und Strafrisiko. ROI ab Tag 1.',
      market: 'Markt',
      businessModel: 'Geschäftsmodell',
-      businessModelText: 'Kunden zahlen ~50.000 EUR/Jahr und sparen 50.000+ EUR (Pentests, CE-Beurteilungen, Auditmanager). ROI ab Tag 1. BSI-Cloud DE oder OVH FR.',
+      businessModelText: 'Kunden zahlen ~50.000 EUR/Jahr und sparen 50.000+ EUR (Pentests, CE-Beurteilungen, Auditmanager). ROI ab Tag 1. BSI-Cloud DE.',
      keyMetrics: 'Kennzahlen',
      documents: 'Originaldokumente',
      controls: 'Prüfaspekte',
@@ -63,31 +65,31 @@ const translations = {
      uspText: 'Einzige Plattform mit kontinuierlicher Code-Security, automatischer Compliance-Dokumentation und CE-Software-Risikobeurteilung — auf deutscher oder französischer Cloud.',
    },
    cover: {
-      tagline: 'Compliance & Code-Security für den Maschinenbau',
+      tagline: 'Compliance & Code-Security',
      subtitle: 'Pre-Seed  ·  Q4 2026',
      cta: 'Pitch starten',
    },
    problem: {
      title: 'Das Problem',
-      subtitle: 'Maschinenbauer wollen KI nutzen — aber nicht um den Preis ihrer Datensouveränität',
+      subtitle: 'Deutsche und europäische Unternehmen wollen KI nutzen — aber nicht um den Preis ihrer Datensouveränität',
      cards: [
        {
          title: 'KI-Dilemma',
          stat: 'Abgehängt',
-          desc: 'Maschinenbauer wollen KI nutzen, aber keinen Microsoft Copilot oder Claude auf ihr Herzstück lassen. Angst vor Datenmissbrauch durch US-Konzerne ist real. Wer US-SaaS meidet, bleibt von der KI-Revolution abgeschnitten.',
+          desc: 'Produzierende Unternehmen brauchen KI, um wettbewerbsfähig zu bleiben. Aber Microsoft Copilot, ChatGPT oder Claude an den eigenen Quellcode und die Konstruktionsdaten zu lassen, kommt für die meisten nicht in Frage. Wer auf US-KI verzichtet, verliert den Anschluss. Wer sie nutzt, riskiert seine Datensouveränität.',
        },
        {
-          title: 'Patriots Act',
+          title: 'Patriot Act + FISA 702',
          stat: 'Kein Schutz',
-          desc: 'Die Alternative: Alles zu AWS, Google oder Microsoft schieben. Aber selbst europäische Server der US-Player können über den Patriots Act abgesaugt werden. Deutsche KMU sitzen in der Falle.',
+          desc: 'Selbst wer EU-Server bei AWS, Google oder Microsoft bucht, ist nicht geschützt. US-Gesetze wie FISA 702 und der Cloud Act gelten extraterritorial — US-Behörden können auf Daten zugreifen, egal wo der Server steht. Das Schrems-II-Urteil des EuGH hat das bestätigt.',
        },
        {
          title: 'Regulierungs-Tsunami',
-          stat: '50.000+ EUR/Jahr',
-          desc: 'AI Act, NIS2, CRA, DSGVO, Maschinenverordnung — 5+ Gesetze gleichzeitig. Pentests und CE-Zertifizierungen kosten 50.000+ EUR/Jahr, prüfen aber nur einmal. KMU mit 10-500 MA haben weder Personal noch Budget.',
+          stat: 'Nicht tragbar',
+          desc: 'Seit 2024 greifen AI Act, NIS2 und Cyber Resilience Act — zusätzlich zu DSGVO, Data Act, Maschinenverordnung und Lieferkettengesetz. Europäische Unternehmen tragen damit Compliance-Kosten, die US- und Asien-Konkurrenten nicht haben. Gleichzeitig steigen Kosten durch Rohstoffengpässe und geopolitische Krisen. KMU können das nicht mehr stemmen.',
        },
      ],
-      quote: 'Maschinenbauer brauchen eine KI-Lösung, die in Deutschland läuft, ihren Code schützt und Compliance automatisiert — ohne ihre Daten an US-Konzerne zu geben.',
+      quote: 'Produzierende Unternehmen brauchen eine KI-Lösung, die in Europa läuft, ihren Code schützt und Compliance automatisiert — ohne ihre Daten an US-Konzerne zu geben.',
    },
    solution: {
      title: 'Die Lösung',
@@ -95,7 +97,7 @@ const translations = {
      pillars: [
        {
          title: 'Kontinuierliche Code-Security',
-          desc: 'SAST, DAST, SBOM und Pentesting bei jeder Code-Änderung — nicht einmal im Jahr. Findings direkt als Jira-Tickets mit Implementierungsvorschlägen. 30.000+ EUR/Jahr Pentest-Kosten gespart.',
+          desc: 'SAST, DAST, SBOM und Pentesting bei jeder Code-Änderung — nicht einmal im Jahr. Findings direkt als Tickets im Issue-Tracker deiner Wahl, mit Implementierungsvorschlägen. 15.000+ EUR pro Jahr und Anwendung an Pentest-Kosten gespart.',
          icon: 'scan',
        },
        {
@@ -105,14 +107,14 @@ const translations = {
        },
        {
          title: 'Deutsche Cloud, volle Integration',
-          desc: 'BSI-zertifizierte Cloud in DE oder OVH in FR. Jitsi (Video), Matrix (Chat), KI-Aufgabenerstellung aus Audio. Keine US-SaaS im Source Code. Optional Mac Mini für maximale Privacy.',
+          desc: 'BSI-zertifizierte Cloud in Deutschland. Live-Support über Jitsi (Video) und Matrix (Chat). Keine US-SaaS im Source Code. Optional Mac Mini/Studio für maximale Privacy.',
          icon: 'server',
        },
      ],
    },
    regulatoryLandscape: {
      title: 'Regulatorische Landschaft',
-      subtitle: '110 Gesetze & Regularien, 10 Branchen — eine Plattform',
+      subtitle: '320 Dokumente im RAG — 10 Industriesektoren — eine Plattform',
      documents: 'Originaldokumente',
      controls: 'Extrahierte Controls',
      regulations: 'Regularien',
@@ -148,7 +150,7 @@ const translations = {
      pricingTitle: 'Pricing nach Unternehmensgröße',
      pricingSubtitle: 'Mitarbeiterbasiert — validiert am Markt',
      cloud: 'Cloud-Lösung (Standard)',
-      cloudDesc: 'BSI-Cloud DE oder OVH FR. Für alle Unternehmensgrößen.',
+      cloudDesc: 'BSI-Cloud DE. Für alle Unternehmensgrößen.',
      privacy: 'Privacy-Hardware (optional)',
      privacyDesc: 'Mac Mini / Studio für Kleinstunternehmen (<10 MA) mit absolutem Privacy-Bedarf.',
    },
@@ -158,7 +160,7 @@ const translations = {
      steps: [
        {
          title: 'Cloud-Vertrag abschließen',
-          desc: 'BSI-zertifizierte Cloud in Deutschland oder OVH in Frankreich. Fixe oder flexible Kosten. Für Kleinstunternehmen optional: Mac Mini vorkonfiguriert.',
+          desc: 'BSI-zertifizierte Cloud in Deutschland. Fixe oder flexible Kosten.',
        },
        {
          title: 'Code-Repos verbinden',
@@ -176,13 +178,13 @@ const translations = {
    },
    market: {
      title: 'Marktchance',
-      subtitle: 'Der Maschinenbau braucht Compliance & Code-Security',
+      subtitle: 'Compliance & Code-Security für produzierende Unternehmen',
      tam: 'TAM',
      sam: 'SAM',
      som: 'SOM',
      tamLabel: 'Total Addressable Market',
      samLabel: 'Serviceable Addressable Market',
-      somLabel: 'Serviceable Obtainable Market',
+      somLabel: 'Serviceable Obtainable Market (nur Maschinen- und Anlagenbauer als Kernmarkt betrachtet)',
      source: 'Quelle',
      growth: 'Wachstum p.a.',
    },
@@ -204,8 +206,8 @@ const translations = {
      savingsTotal: 'Ersparnis',
    },
    traction: {
-      title: 'Traction & Meilensteine',
-      subtitle: 'Unser bisheriger Fortschritt',
+      title: 'Meilensteine',
+      subtitle: 'Was wir bereits erreicht haben — und was als Nächstes kommt',
      completed: 'Abgeschlossen',
      inProgress: 'In Arbeit',
      planned: 'Geplant',
@@ -308,12 +310,13 @@ const translations = {
      'Cover',
      'The Problem',
      'The Solution',
+      'USP',
      'Regulatory Landscape',
      'Modular Toolkit',
      'How It Works',
      'Market',
      'Business Model',
-      'Traction',
+      'Milestones',
      'Competition',
      'Team',
      'Financials',
@@ -331,6 +334,7 @@ const translations = {
      'Appendix: Strategy',
      'Appendix: Financial Plan',
      'Glossary',
+      'Legal Notice',
    ],
    executiveSummary: {
      title: 'Executive Summary',
@@ -338,12 +342,12 @@ const translations = {
      problem: 'The Problem',
      problemText: 'Many companies, especially in manufacturing, want to use AI — but refuse to let American AI providers access their core IP. Those avoiding US SaaS are cut off from the AI revolution. Those using these providers accept that data may be processed in the US. Meanwhile, new EU regulations (AI Act, Data Act, CRA, NIS2 etc.) affect over 30,000 companies in Germany alone — regardless of size.',
      solution: 'Our Solution',
-      solutionText: 'Continuous code security instead of annual spot checks: SAST, DAST, SBOM, pentesting on every change. RoPA, TOMs, DPIA, retention policies, CE risk assessment automatically. Audit deviations end-to-end: roles, deadlines, tickets, evidence, escalation to management. Jira integration. Academy. BSI cloud DE or OVH FR.',
+      solutionText: 'Continuous code security instead of annual spot checks: SAST, DAST, SBOM, pentesting on every change. RoPA, TOMs, DPIA, retention policies, CE risk assessment automatically. Audit deviations end-to-end: roles, deadlines, tickets, evidence, escalation to management. Issue tracker of your choice. Academy. BSI cloud DE.',
      roi: 'Customer Savings',
      roiText: 'Customers pay ~EUR 50,000/year and save: EUR 30,000 pentests, EUR 20,000 CE assessments, audit manager costs and penalty risk. ROI from day 1.',
      market: 'Market',
      businessModel: 'Business Model',
-      businessModelText: 'Customers pay ~EUR 50,000/year and save EUR 50,000+ (pentests, CE assessments, audit managers). ROI from day 1. BSI cloud DE or OVH FR.',
+      businessModelText: 'Customers pay ~EUR 50,000/year and save EUR 50,000+ (pentests, CE assessments, audit managers). ROI from day 1. BSI cloud DE.',
      keyMetrics: 'Key Metrics',
      documents: 'Original Documents',
      controls: 'Audit Aspects',
@@ -358,31 +362,31 @@ const translations = {
      uspText: 'Only platform with continuous code security, automatic compliance documentation and CE software risk assessment — on German or French cloud.',
    },
    cover: {
-      tagline: 'Compliance & Code Security for Machine Manufacturers',
+      tagline: 'Compliance & Code Security',
      subtitle: 'Pre-Seed  ·  Q4 2026',
      cta: 'Start Pitch',
    },
    problem: {
      title: 'The Problem',
-      subtitle: 'Machine manufacturers want AI — but not at the cost of their data sovereignty',
+      subtitle: 'German and European companies want AI — but not at the cost of their data sovereignty',
      cards: [
        {
          title: 'AI Dilemma',
          stat: 'Left Behind',
-          desc: 'Machine manufacturers want to use AI but refuse Microsoft Copilot or Claude on their core IP. Fear of data misuse by US corporations is real. Those avoiding US SaaS are cut off from the AI revolution.',
+          desc: 'Manufacturing companies need AI to stay competitive. But letting Microsoft Copilot, ChatGPT or Claude access their source code and engineering data is out of the question for most. Those avoiding US AI fall behind. Those using it risk their data sovereignty.',
        },
        {
-          title: 'Patriot Act',
+          title: 'Patriot Act + FISA 702',
          stat: 'No Protection',
-          desc: 'The alternative: push everything to AWS, Google or Microsoft. But even European servers of US players can be accessed via the Patriot Act. German SMEs are trapped.',
+          desc: 'Even booking EU servers at AWS, Google or Microsoft offers no protection. US laws like FISA 702 and the Cloud Act apply extraterritorially — US authorities can access data regardless of server location. The Schrems II ruling by the CJEU confirmed this.',
        },
        {
          title: 'Regulation Tsunami',
-          stat: 'EUR 50,000+/yr',
-          desc: 'AI Act, NIS2, CRA, GDPR, Machinery Regulation — 5+ laws simultaneously. Pentests and CE certifications cost EUR 50,000+/year but only check once. SMEs with 10-500 employees lack staff and budget.',
+          stat: 'Unsustainable',
+          desc: 'Since 2024, the AI Act, NIS2 and Cyber Resilience Act apply — on top of GDPR, Data Act, Machinery Regulation and Supply Chain Act. European companies bear compliance costs that US and Asian competitors do not face. At the same time, costs rise from raw material shortages and geopolitical crises. SMEs can no longer handle this alone.',
        },
      ],
-      quote: 'Machine manufacturers need an AI solution that runs in Germany, protects their code and automates compliance — without giving their data to US corporations.',
+      quote: 'Manufacturing companies need an AI solution that runs in Europe, protects their code and automates compliance — without giving their data to US corporations.',
    },
    solution: {
      title: 'The Solution',
@@ -390,7 +394,7 @@ const translations = {
      pillars: [
        {
          title: 'Continuous Code Security',
-          desc: 'SAST, DAST, SBOM and pentesting on every code change — not once a year. Findings as Jira tickets with implementation suggestions. EUR 30,000+/year pentest costs saved.',
+          desc: 'SAST, DAST, SBOM and pentesting on every code change — not once a year. Findings as tickets in the issue tracker of your choice, with implementation suggestions. EUR 15,000+ per year per application in pentest costs saved.',
          icon: 'scan',
        },
        {
@@ -400,14 +404,14 @@ const translations = {
        },
        {
          title: 'German Cloud, Full Integration',
-          desc: 'BSI-certified cloud in DE or OVH in FR. Jitsi (video), Matrix (chat), AI task creation from audio. No US SaaS in source code. Optional Mac Mini for maximum privacy.',
+          desc: 'BSI-certified cloud in Germany. Live support via Jitsi (video) and Matrix (chat). No US SaaS in source code. Optional Mac Mini/Studio for maximum privacy.',
          icon: 'server',
        },
      ],
    },
    regulatoryLandscape: {
      title: 'Regulatory Landscape',
-      subtitle: '110 laws & regulations, 10 industries — one platform',
+      subtitle: '320 documents in RAG — 10 industry sectors — one platform',
      documents: 'Original Documents',
      controls: 'Extracted Controls',
      regulations: 'Regulations',
@@ -443,7 +447,7 @@ const translations = {
      pricingTitle: 'Pricing by Company Size',
      pricingSubtitle: 'Employee-based — market validated',
      cloud: 'Cloud Solution (Standard)',
-      cloudDesc: 'BSI cloud DE or OVH FR. For all company sizes.',
+      cloudDesc: 'BSI cloud DE. For all company sizes.',
      privacy: 'Privacy Hardware (optional)',
      privacyDesc: 'Mac Mini / Studio for micro businesses (<10 employees) with absolute privacy needs.',
    },
@@ -453,7 +457,7 @@ const translations = {
      steps: [
        {
          title: 'Sign Cloud Contract',
-          desc: 'BSI-certified cloud in Germany or OVH in France. Fixed or flexible costs. For micro businesses optionally: pre-configured Mac Mini.',
+          desc: 'BSI-certified cloud in Germany. Fixed or flexible costs.',
        },
        {
          title: 'Connect Code Repos',
@@ -471,13 +475,13 @@ const translations = {
    },
    market: {
      title: 'Market Opportunity',
-      subtitle: 'Machine manufacturing needs compliance & code security',
+      subtitle: 'Compliance & code security for manufacturing companies',
      tam: 'TAM',
      sam: 'SAM',
      som: 'SOM',
      tamLabel: 'Total Addressable Market',
      samLabel: 'Serviceable Addressable Market',
-      somLabel: 'Serviceable Obtainable Market',
+      somLabel: 'Serviceable Obtainable Market (machine & plant manufacturers as core market only)',
      source: 'Source',
      growth: 'Growth p.a.',
    },
@@ -499,8 +503,8 @@ const translations = {
      savingsTotal: 'Total Savings',
    },
    traction: {
-      title: 'Traction & Milestones',
-      subtitle: 'Our progress so far',
+      title: 'Milestones',
+      subtitle: 'What we have achieved — and what comes next',
      completed: 'Completed',
      inProgress: 'In Progress',
      planned: 'Planned',
@@ -17,8 +17,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['module', 'modules', 'funktionen', 'features', 'umfang', 'scope', 'wieviele', 'how many'],
    question_de: 'Welche Module hat die Plattform?',
    question_en: 'What modules does the platform have?',
-    answer_de: '65+ Compliance-Module in zwei Saeulen: Unternehmens-Compliance — alle Datenkategorien, Verarbeitungen, Dienstleister und Auftragsverarbeiter erfassen, automatische Dokumentenerstellung (AGB, DSE, Cookie Banner, Nutzungsbedingungen), DSR-Prozess, Dokumentenversionierung, Rollenverwaltung, Academy und Schulungen, Audit und Nachweismanagement. Code/CE-Seite — Repo-Scanning (SAST + DAST), Pentesting, CE Software Risk Assessment (IACE), automatische SBOM-Generierung, Jira/Atlassian-Integration mit konkreten Code-Änderungsvorschlaegen.',
-    answer_en: 'modular compliance platform in two pillars: Company-side compliance — capture all data categories, processes, providers and processors, auto-generate legal documents (Terms of Service, Privacy Policy, Cookie Banner, Terms of Use), DSR process, document versioning, role management, academy and training, audit and evidence management. Code/CE side — repo scanning (SAST + DAST), pentesting, CE Software Risk Assessment (IACE), automatic SBOM generation, Jira/Atlassian integration with specific code change suggestions.',
+    answer_de: '65+ Compliance-Module in zwei Saeulen: Unternehmens-Compliance — alle Datenkategorien, Verarbeitungen, Dienstleister und Auftragsverarbeiter erfassen, automatische Dokumentenerstellung (AGB, DSE, Cookie Banner, Nutzungsbedingungen), DSR-Prozess, Dokumentenversionierung, Rollenverwaltung, Academy und Schulungen, Audit und Nachweismanagement. Code/CE-Seite — Repo-Scanning (SAST + DAST), Pentesting, CE Software Risk Assessment (IACE), automatische SBOM-Generierung, Integration in den Issue-Tracker deiner Wahl mit konkreten Code-Änderungsvorschlaegen.',
+    answer_en: 'modular compliance platform in two pillars: Company-side compliance — capture all data categories, processes, providers and processors, auto-generate legal documents (Terms of Service, Privacy Policy, Cookie Banner, Terms of Use), DSR process, document versioning, role management, academy and training, audit and evidence management. Code/CE side — repo scanning (SAST + DAST), pentesting, CE Software Risk Assessment (IACE), automatic SBOM generation, integration with the issue tracker of your choice with specific code change suggestions.',
    goto_slide: 'solution',
    priority: 8,
  },
@@ -37,8 +37,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['code', 'ce', 'scanning', 'sast', 'dast', 'sbom', 'iace', 'firmware', 'repo', 'repository', 'devsecops'],
    question_de: 'Wie funktioniert die Code- und CE-Compliance?',
    question_en: 'How does code and CE compliance work?',
-    answer_de: 'Die Code/CE-Seite umfasst vollständiges Repo-Scanning mit SAST und DAST, automatisiertes Pentesting sowie CE Software Risk Assessment (IACE) — auch für Elektronik-Produkte. Gefundene Schwachstellen werden direkt als Jira/Atlassian-Tickets mit konkreten Code-Änderungsvorschlaegen erstellt. Die KI implementiert Fixes automatisch. Zusaetzlich wird eine vollständige SBOM (Software Bill of Materials) generiert.',
-    answer_en: 'The code/CE side includes full repo scanning with SAST and DAST, automated pentesting, and CE Software Risk Assessment (IACE) — also for electronics products. Findings are directly created as Jira/Atlassian tickets with specific code change suggestions. The AI implements fixes automatically. Additionally, a complete SBOM (Software Bill of Materials) is generated.',
+    answer_de: 'Die Code/CE-Seite umfasst vollständiges Repo-Scanning mit SAST und DAST, automatisiertes Pentesting sowie CE Software Risk Assessment (IACE) — auch für Elektronik-Produkte. Gefundene Schwachstellen werden direkt als Tickets im Issue-Tracker deiner Wahl mit konkreten Code-Änderungsvorschlaegen erstellt. Die KI implementiert Fixes automatisch. Zusaetzlich wird eine vollständige SBOM (Software Bill of Materials) generiert.',
+    answer_en: 'The code/CE side includes full repo scanning with SAST and DAST, automated pentesting, and CE Software Risk Assessment (IACE) — also for electronics products. Findings are directly created as tickets in the issue tracker of your choice with specific code change suggestions. The AI implements fixes automatically. Additionally, a complete SBOM (Software Bill of Materials) is generated.',
    goto_slide: 'how-it-works',
    priority: 8,
  },
@@ -58,8 +58,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['llm', 'modell', 'model', 'ki', 'ai', 'kuenstliche intelligenz', 'artificial intelligence', 'welches', 'which', '1000b'],
    question_de: 'Welches KI-Modell nutzt ihr?',
    question_en: 'Which AI model do you use?',
-    answer_de: 'Unser Haupt-LLM hat 1000 Milliarden Parameter und läuft ausschliesslich bei BSI-zertifizierten Hostern in Deutschland und Frankreich — SysEleven, OVH und Hetzner. Keine amerikanischen Anbieter, keine Daten verlassen die Server. Jeder Kunde bekommt einen isolierten Namespace. Für die Mac Mini/Studio Variante setzen wir kleinere Modelle ein, die lokale Dokumentenverarbeitung und RAG-Abfragen uebernehmen.',
-    answer_en: 'Our main LLM has 1,000 billion parameters and runs exclusively at BSI-certified hosters in Germany and France — SysEleven, OVH and Hetzner. No American providers, no data leaves the servers. Each customer gets an isolated namespace. For the Mac Mini/Studio variant, we use smaller models for local document processing and RAG queries.',
+    answer_de: 'Unser Haupt-LLM hat 1000 Milliarden Parameter und läuft ausschliesslich bei BSI-zertifizierten Hostern in Deutschland und Frankreich — SysEleven und Hetzner. Keine amerikanischen Anbieter, keine Daten verlassen die Server. Jeder Kunde bekommt einen isolierten Namespace. Für die Mac Mini/Studio Variante setzen wir kleinere Modelle ein, die lokale Dokumentenverarbeitung und RAG-Abfragen uebernehmen.',
+    answer_en: 'Our main LLM has 1,000 billion parameters and runs exclusively at BSI-certified hosters in Germany and France — SysEleven and Hetzner. No American providers, no data leaves the servers. Each customer gets an isolated namespace. For the Mac Mini/Studio variant, we use smaller models for local document processing and RAG queries.',
    goto_slide: 'product',
    priority: 8,
  },
@@ -68,8 +68,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['hosting', 'europa', 'europe', 'eu', 'deutschland', 'germany', 'frankreich', 'france', 'bsi', 'syseleven', 'ovh', 'hetzner', 'souveraenitaet', 'sovereignty', 'american', 'us', 'usa'],
    question_de: 'Wo werden die Daten gehostet?',
    question_en: 'Where is the data hosted?',
-    answer_de: 'Ausschliesslich in Deutschland und Frankreich bei BSI-zertifizierten Anbietern: SysEleven, OVH und Hetzner. Keine amerikanischen Cloud-Provider, kein AWS, kein Azure, kein GCP. Die Daten verlassen niemals die europäischen Server. Jeder Kunde erhaelt einen vollständig isolierten Namespace — es gibt keine geteilte Datenverarbeitung zwischen Mandanten.',
-    answer_en: 'Exclusively in Germany and France at BSI-certified providers: SysEleven, OVH and Hetzner. No American cloud providers, no AWS, no Azure, no GCP. Data never leaves the European servers. Each customer receives a fully isolated namespace — there is no shared data processing between tenants.',
+    answer_de: 'Ausschliesslich in Deutschland und Frankreich bei BSI-zertifizierten Anbietern: SysEleven und Hetzner. Keine amerikanischen Cloud-Provider, kein AWS, kein Azure, kein GCP. Die Daten verlassen niemals die europäischen Server. Jeder Kunde erhaelt einen vollständig isolierten Namespace — es gibt keine geteilte Datenverarbeitung zwischen Mandanten.',
+    answer_en: 'Exclusively in Germany and France at BSI-certified providers: SysEleven and Hetzner. No American cloud providers, no AWS, no Azure, no GCP. Data never leaves the European servers. Each customer receives a fully isolated namespace — there is no shared data processing between tenants.',
    goto_slide: 'annex-architecture',
    priority: 9,
  },
@@ -78,8 +78,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['rag', 'rechtstexte', 'legal texts', 'wissensbasis', 'knowledge base', 'vektordatenbank', 'vector', 'gesetze', 'laws'],
    question_de: 'Wie funktioniert die Wissensbasis?',
    question_en: 'How does the knowledge base work?',
-    answer_de: 'Unsere RAG-Engine (Retrieval Augmented Generation) umfasst 25.000+ indexierte Originaldokumente und über 25.000 extrahierte Controls — DSGVO, AI Act, CRA, NIS2, Maschinenverordnung und 110 Gesetze und Regularien für 10 Branchen. Bei jeder Compliance-Analyse werden die relevanten Paragraphen und Controls automatisch herangezogen. KI-Agenten arbeiten als spezialisierte Services und liefern rechtlich fundierte Antworten mit Quellennachweis.',
-    answer_en: 'Our RAG engine (Retrieval Augmented Generation) includes 25.000+ indexed original documents and over 25,000 extracted controls — GDPR, AI Act, CRA, NIS2, Machinery Regulation and 110 laws and regulations across 10 industries. For every compliance analysis, the relevant paragraphs and controls are automatically retrieved. AI agents operate as specialized services and deliver legally grounded answers with source references.',
+    answer_de: 'Unsere RAG-Engine (Retrieval Augmented Generation) umfasst über 25 Tausend indexierte Originaldokumente und über 25.000 extrahierte Controls — DSGVO, AI Act, CRA, NIS2, Maschinenverordnung und 110 Gesetze und Regularien für 10 Branchen. Bei jeder Compliance-Analyse werden die relevanten Paragraphen und Controls automatisch herangezogen. KI-Agenten arbeiten als spezialisierte Services und liefern rechtlich fundierte Antworten mit Quellennachweis.',
+    answer_en: 'Our RAG engine (Retrieval Augmented Generation) includes over 25,000 indexed original documents and over 25,000 extracted controls — GDPR, AI Act, CRA, NIS2, Machinery Regulation and 110 laws and regulations across 10 industries. For every compliance analysis, the relevant paragraphs and controls are automatically retrieved. AI agents operate as specialized services and deliver legally grounded answers with source references.',
    goto_slide: 'product',
    priority: 7,
  },
@@ -103,12 +103,12 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    priority: 8,
  },
  {
-    id: 'tech-jira-integration',
-    keywords: ['jira', 'atlassian', 'integration', 'ticket', 'tickets', 'issue', 'issues', 'fix', 'fixes', 'code change'],
-    question_de: 'Wie funktioniert die Jira/Atlassian-Integration?',
-    question_en: 'How does the Jira/Atlassian integration work?',
-    answer_de: 'Wenn das Code-Scanning (SAST/DAST) oder Pentesting Schwachstellen findet, erstellt die Plattform automatisch Jira-Tickets mit exakten Code-Änderungsvorschlaegen — welche Datei, welche Zeile, welcher Fix. Die KI kann den Fix auch direkt implementieren. So schliesst sich der Kreis von Finding zu Fix vollständig automatisiert.',
-    answer_en: 'When code scanning (SAST/DAST) or pentesting finds vulnerabilities, the platform automatically creates Jira tickets with exact code change suggestions — which file, which line, which fix. The AI can also implement the fix directly. This closes the loop from finding to fix fully automated.',
+    id: 'tech-issue-tracker-integration',
+    keywords: ['jira', 'atlassian', 'linear', 'issue tracker', 'integration', 'ticket', 'tickets', 'issue', 'issues', 'fix', 'fixes', 'code change'],
+    question_de: 'Wie funktioniert die Issue-Tracker-Integration?',
+    question_en: 'How does the issue tracker integration work?',
+    answer_de: 'Wenn das Code-Scanning (SAST/DAST) oder Pentesting Schwachstellen findet, erstellt die Plattform automatisch Tickets im Issue-Tracker deiner Wahl — Jira, GitLab, Linear, Gitea — mit exakten Code-Änderungsvorschlaegen, welche Datei, welche Zeile, welcher Fix. Die KI kann den Fix auch direkt implementieren. So schliesst sich der Kreis von Finding zu Fix vollständig automatisiert.',
+    answer_en: 'When code scanning (SAST/DAST) or pentesting finds vulnerabilities, the platform automatically creates tickets in the issue tracker of your choice — Jira, GitLab, Linear, Gitea — with exact code change suggestions: which file, which line, which fix. The AI can also implement the fix directly. This closes the loop from finding to fix fully automated.',
    goto_slide: 'how-it-works',
    priority: 7,
  },
@@ -137,8 +137,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['meeting', 'recorder', 'aufzeichnung', 'recording', 'nvidia', 'transkription', 'transcription', 'protokoll', 'minutes', 'tasks', 'aufgaben'],
    question_de: 'Wie funktioniert der Meeting-Recorder?',
    question_en: 'How does the meeting recorder work?',
-    answer_de: 'Unser NVIDIA-basierter Meeting-Recorder zeichnet Besprechungen auf, transkribiert sie automatisch und extrahiert Aufgaben und Beschluesse. Diese werden direkt als Jira-Tasks angelegt — inklusive Zuweisung, Deadline und Kontext aus dem Meeting. So geht nichts mehr verloren.',
-    answer_en: 'Our NVIDIA-based meeting recorder records meetings, transcribes them automatically and extracts tasks and decisions. These are directly created as Jira tasks — including assignment, deadline and context from the meeting. Nothing gets lost.',
+    answer_de: 'Unser NVIDIA-basierter Meeting-Recorder zeichnet Besprechungen auf, transkribiert sie automatisch und extrahiert Aufgaben und Beschluesse. Diese werden direkt als Tasks im Issue-Tracker deiner Wahl angelegt — inklusive Zuweisung, Deadline und Kontext aus dem Meeting. So geht nichts mehr verloren.',
+    answer_en: 'Our NVIDIA-based meeting recorder records meetings, transcribes them automatically and extracts tasks and decisions. These are directly created as tasks in the issue tracker of your choice — including assignment, deadline and context from the meeting. Nothing gets lost.',
    priority: 6,
  },
  {
@@ -210,8 +210,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['proliance', 'dataguard', 'heydata', 'vergleich', 'comparison', 'versus'],
    question_de: 'Warum können Proliance und DataGuard das nicht?',
    question_en: 'Why can\'t Proliance and DataGuard do this?',
-    answer_de: 'Proliance, DataGuard und heyData fokussieren auf organisatorische DSGVO-Compliance — Verarbeitungsverzeichnisse, Datenschutzerklaerungen, Schulungen. Keiner bietet Code-Scanning, CE-Risikobewertung, Pentesting oder automatische Jira-Integration mit Code-Fixes. Sie machen das Unternehmen teilweise compliant, aber nicht die Produkte. Und keiner hostet die KI ausschliesslich in Europa.',
-    answer_en: 'Proliance, DataGuard and heyData focus on organizational GDPR compliance — records of processing, privacy policies, training. None offer code scanning, CE risk assessment, pentesting or automatic Jira integration with code fixes. They make the company partially compliant, but not the products. And none host the AI exclusively in Europe.',
+    answer_de: 'Proliance, DataGuard und heyData fokussieren auf organisatorische DSGVO-Compliance — Verarbeitungsverzeichnisse, Datenschutzerklaerungen, Schulungen. Keiner bietet Code-Scanning, CE-Risikobewertung, Pentesting oder automatische Issue-Tracker-Integration mit Code-Fixes. Sie machen das Unternehmen teilweise compliant, aber nicht die Produkte. Und keiner hostet die KI ausschliesslich in Europa.',
+    answer_en: 'Proliance, DataGuard and heyData focus on organizational GDPR compliance — records of processing, privacy policies, training. None offer code scanning, CE risk assessment, pentesting or automatic issue tracker integration with code fixes. They make the company partially compliant, but not the products. And none host the AI exclusively in Europe.',
    goto_slide: 'competition',
    priority: 8,
  },
@@ -232,8 +232,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['cloud', 'mini', 'studio', 'unterschied', 'difference', 'vergleich', 'comparison', 'tier', 'tiers', 'varianten', 'variants'],
    question_de: 'Cloud oder Hardware?',
    question_en: 'Cloud or hardware?',
-    answer_de: 'Cloud ist der Standard: BSI-zertifiziert in Deutschland oder OVH in Frankreich. Fixe oder flexible Kosten, modulare Module, Jira-Integration, Matrix/Jitsi, Compliance-LLM. Für Kleinstunternehmen unter 10 Mitarbeitern mit absolutem Privacy-Bedarf bieten wir optional einen vorkonfigurierten Mac Mini mit kleineren lokalen LLMs.',
-    answer_en: 'Cloud is the standard: BSI-certified in Germany or OVH in France. Fixed or flexible costs, modular modules, Jira integration, Matrix/Jitsi, compliance LLM. For micro businesses under 10 employees with absolute privacy needs, we optionally offer a pre-configured Mac Mini with smaller local LLMs.',
+    answer_de: 'Cloud ist der Standard: BSI-zertifiziert in Deutschland oder Frankreich. Fixe oder flexible Kosten, modulare Module, Integration in den Issue-Tracker deiner Wahl, Matrix/Jitsi, Compliance-LLM. Für Kleinstunternehmen unter 10 Mitarbeitern mit absolutem Privacy-Bedarf bieten wir optional einen vorkonfigurierten Mac Mini oder Mac Studio mit kleineren lokalen LLMs.',
+    answer_en: 'Cloud is the standard: BSI-certified in Germany or France. Fixed or flexible costs, modular modules, integration with the issue tracker of your choice, Matrix/Jitsi, compliance LLM. For micro businesses under 10 employees with absolute privacy needs, we optionally offer a pre-configured Mac Mini or Mac Studio with smaller local LLMs.',
    goto_slide: 'product',
    priority: 8,
  },
@@ -252,8 +252,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['unit economics', 'marge', 'margin', 'ltv', 'cac', 'amortisation', 'amortization'],
    question_de: 'Wie sind die Unit Economics?',
    question_en: 'What are the unit economics?',
-    answer_de: 'Bruttomarge über 80% beim Cloud-Produkt — keine Hardware-Kosten. Die AI-First Architektur haelt die operativen Kosten pro Kunde extrem niedrig. Europaeisches Hosting bei SysEleven/OVH/Hetzner ist deutlich günstiger als AWS/Azure. LTV/CAC verbessert sich durch die Plattform-Stickiness: modulare Plattform schaffen natürlichen Lock-in.',
-    answer_en: 'Gross margin above 80% on the cloud product — no hardware costs. The AI-first architecture keeps operational costs per customer extremely low. European hosting at SysEleven/OVH/Hetzner is significantly cheaper than AWS/Azure. LTV/CAC improves through platform stickiness: all modules create natural lock-in.',
+    answer_de: 'Bruttomarge über 80% beim Cloud-Produkt — keine Hardware-Kosten. Die AI-First Architektur haelt die operativen Kosten pro Kunde extrem niedrig. Europaeisches Hosting bei SysEleven und Hetzner ist deutlich günstiger als AWS/Azure. LTV/CAC verbessert sich durch die Plattform-Stickiness: modulare Plattform schaffen natürlichen Lock-in.',
+    answer_en: 'Gross margin above 80% on the cloud product — no hardware costs. The AI-first architecture keeps operational costs per customer extremely low. European hosting at SysEleven and Hetzner is significantly cheaper than AWS/Azure. LTV/CAC improves through platform stickiness: all modules create natural lock-in.',
    goto_slide: 'business-model',
    priority: 7,
  },
@@ -296,8 +296,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['use of funds', 'wofuer', 'what for', 'verwendung', 'allocation', 'mittelverwendung'],
    question_de: 'Wofür wird das Kapital verwendet?',
    question_en: 'What will the capital be used for?',
-    answer_de: 'Vier Bereiche: 1) Cloud-Infrastruktur — Skalierung der europäischen Server-Kapazitaet bei SysEleven/OVH/Hetzner. 2) Engineering — weitere Module und Integrationen. 3) Vertrieb — Pilotkunden bei Maschinenbauern, CE-Zertifizierern und produzierenden Unternehmen. 4) Reserve — regulatorische Anforderungen und Working Capital.',
-    answer_en: 'Four areas: 1) Cloud infrastructure — scaling European server capacity at SysEleven/OVH/Hetzner. 2) Engineering — additional modules and integrations. 3) Sales — pilot customers among machine builders, CE certifiers and producing companies. 4) Reserve — regulatory requirements and working capital.',
+    answer_de: 'Vier Bereiche: 1) Cloud-Infrastruktur — Skalierung der europäischen Server-Kapazitaet bei SysEleven/Hetzner. 2) Engineering — weitere Module und Integrationen. 3) Vertrieb — Pilotkunden bei Maschinenbauern, CE-Zertifizierern und produzierenden Unternehmen. 4) Reserve — regulatorische Anforderungen und Working Capital.',
+    answer_en: 'Four areas: 1) Cloud infrastructure — scaling European server capacity at SysEleven/Hetzner. 2) Engineering — additional modules and integrations. 3) Sales — pilot customers among machine builders, CE certifiers and producing companies. 4) Reserve — regulatory requirements and working capital.',
    goto_slide: 'the-ask',
    priority: 8,
  },
@@ -328,8 +328,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['cra', 'cyber resilience', 'cyber resilience act', 'firmware', 'produktsicherheit', 'product security'],
    question_de: 'Was ist der Cyber Resilience Act?',
    question_en: 'What is the Cyber Resilience Act?',
-    answer_de: 'Der CRA verpflichtet Hersteller, Software in ihren Produkten abzusichern — über den gesamten Lebenszyklus. Für produzierende Unternehmen mit Firmware, embedded Software und Elektronik bedeutet das: Vulnerability Management, SBOM, Incident Reporting. Unsere Plattform automatisiert all das — vom Repo-Scan bis zum Jira-Ticket mit Code-Fix.',
-    answer_en: 'The CRA obligates manufacturers to secure software in their products — throughout the entire lifecycle. For producing companies with firmware, embedded software and electronics this means: vulnerability management, SBOM, incident reporting. Our platform automates all of this — from repo scan to Jira ticket with code fix.',
+    answer_de: 'Der CRA verpflichtet Hersteller, Software in ihren Produkten abzusichern — über den gesamten Lebenszyklus. Für produzierende Unternehmen mit Firmware, embedded Software und Elektronik bedeutet das: Vulnerability Management, SBOM, Incident Reporting. Unsere Plattform automatisiert all das — vom Repo-Scan bis zum Ticket im Issue-Tracker deiner Wahl mit Code-Fix.',
+    answer_en: 'The CRA obligates manufacturers to secure software in their products — throughout the entire lifecycle. For producing companies with firmware, embedded software and electronics this means: vulnerability management, SBOM, incident reporting. Our platform automates all of this — from repo scan to ticket in your issue tracker with code fix.',
    goto_slide: 'annex-regulatory',
    priority: 7,
  },
@@ -384,8 +384,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['pentesting', 'penetrationstest', 'penetration test', 'security testing', 'pentests'],
    question_de: 'Wie funktioniert das Pentesting?',
    question_en: 'How does pentesting work?',
-    answer_de: 'Pentesting ist fester Bestandteil unserer Code/CE-Saule. Automatisierte Penetrationstests laufen gegen die Kunden-Anwendungen und -Infrastruktur. Gefundene Schwachstellen werden automatisch als Jira-Tickets mit konkreten Code-Änderungsvorschlaegen erstellt — die KI kann die Fixes direkt implementieren. So wird der gesamte Zyklus von Finding bis Fix automatisiert.',
-    answer_en: 'Pentesting is a core part of our code/CE pillar. Automated penetration tests run against customer applications and infrastructure. Found vulnerabilities are automatically created as Jira tickets with specific code change suggestions — the AI can implement fixes directly. This automates the entire cycle from finding to fix.',
+    answer_de: 'Pentesting ist fester Bestandteil unserer Code/CE-Saule. Automatisierte Penetrationstests laufen gegen die Kunden-Anwendungen und -Infrastruktur. Gefundene Schwachstellen werden automatisch als Tickets im Issue-Tracker deiner Wahl mit konkreten Code-Änderungsvorschlaegen erstellt — die KI kann die Fixes direkt implementieren. So wird der gesamte Zyklus von Finding bis Fix automatisiert.',
+    answer_en: 'Pentesting is a core part of our code/CE pillar. Automated penetration tests run against customer applications and infrastructure. Found vulnerabilities are automatically created as tickets in the issue tracker of your choice with specific code change suggestions — the AI can implement fixes directly. This automates the entire cycle from finding to fix.',
    goto_slide: 'how-it-works',
    priority: 7,
  },
@@ -396,8 +396,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['demo', 'test', 'testen', 'try', 'ausprobieren', 'live', 'showcase'],
    question_de: 'Kann ich eine Demo sehen?',
    question_en: 'Can I see a demo?',
-    answer_de: 'Sehr gerne! Wir zeigen Ihnen die Cloud-Plattform live — inklusive Code-Scanning, Compliance-Module, KI-Analyse, Jira-Integration und den Meeting-Recorder. Ein Cloud-Demo-Zugang kann sofort bereitgestellt werden. Kontaktieren Sie uns für einen Termin.',
-    answer_en: 'Absolutely! We will show you the cloud platform live — including code scanning, compliance modules, AI analysis, Jira integration and the meeting recorder. A cloud demo access can be provisioned immediately. Contact us for an appointment.',
+    answer_de: 'Sehr gerne! Wir zeigen Ihnen die Cloud-Plattform live — inklusive Code-Scanning, Compliance-Module, KI-Analyse, Issue-Tracker-Integration und den Meeting-Recorder. Ein Cloud-Demo-Zugang kann sofort bereitgestellt werden. Kontaktieren Sie uns für einen Termin.',
+    answer_en: 'Absolutely! We will show you the cloud platform live — including code scanning, compliance modules, AI analysis, issue tracker integration and the meeting recorder. A cloud demo access can be provisioned immediately. Contact us for an appointment.',
    priority: 6,
  },
  {
@@ -462,8 +462,8 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    keywords: ['bewertung', 'valuation', 'cap table', 'anteile', 'shares', 'equity', 'invest', 'pre-money', 'post-money', 'wie viel prozent', 'how much percent', 'verwässerung', 'dilution'],
    question_de: 'Wie ist die Bewertung und wie sieht der Cap Table aus?',
    question_en: 'What is the valuation and cap table?',
-    answer_de: 'Wir gehen mit einer Pre-Money-Bewertung von 4 Millionen Euro in die Pre-Seed-Runde. Bei einem Investment von 975.000 Euro ergibt sich eine Post-Money-Bewertung von knapp 5 Millionen Euro. Der Investor erhält dafür etwa 19,6 Prozent der Anteile. Die beiden Gründer halten zusammen 75 Prozent, wobei ein ESOP-Pool von 5,4 Prozent für Schlüsselmitarbeiter vorgesehen ist, die in der frühen Phase unter Marktgehalt einsteigen. Besonders attraktiv für Business Angels: Über das INVEST-Programm des BAFA erhalten Investoren 20 Prozent ihres Investments als staatlichen Zuschuss zurück — das sind bei 975.000 Euro Investment ganze 195.000 Euro nicht rückzahlbarer Zuschuss. Die einzige Bedingung ist eine Haltefrist von drei Jahren.',
-    answer_en: 'We enter the pre-seed round with a pre-money valuation of 4 million euros. With an investment of 975,000 euros, this results in a post-money valuation of just under 5 million euros. The investor receives approximately 19.6 percent of the shares. Both founders hold 75 percent together, with a 5.4 percent ESOP pool reserved for key employees joining in the early phase below market salary. Particularly attractive for business angels: through the BAFA INVEST program, investors receive 20 percent of their investment back as a government grant — that is 195,000 euros non-repayable on a 975,000 euro investment. The only condition is a three-year holding period.',
+    answer_de: 'Wir gehen mit einer Pre-Money-Bewertung von 4 Millionen Euro in die Pre-Seed-Runde. Bei einem Investment von 975.000 Euro ergibt sich eine Post-Money-Bewertung von knapp 5 Millionen Euro. Der Investor erhält dafür etwa 19,6 Prozent der Anteile. Die beiden Gründer halten zusammen 75 Prozent, wobei ein ESOP-Pool von 5,4 Prozent für Schlüsselmitarbeiter vorgesehen ist, die in der frühen Phase unter Marktgehalt einsteigen. Besonders attraktiv für Business Angels: Über das INVEST-Programm des BAFA erhalten Investoren bis zu 15 Prozent ihres Investments als steuerfreien Erwerbszuschuss zurück (max. 50.000 Euro pro Einzelinvestment) sowie zusätzlich 25 Prozent Exit-Zuschuss auf Veräußerungsgewinne. Die Bedingungen sind eine Haltefrist von drei Jahren und der Investor muss eine natürliche Person sein. Das Programm ist bis 31.12.2026 verlängert.',
+    answer_en: 'We enter the pre-seed round with a pre-money valuation of 4 million euros. With an investment of 975,000 euros, this results in a post-money valuation of just under 5 million euros. The investor receives approximately 19.6 percent of the shares. Both founders hold 75 percent together, with a 5.4 percent ESOP pool reserved for key employees joining in the early phase below market salary. Particularly attractive for business angels: through the BAFA INVEST program, investors receive up to 15 percent of their investment as a tax-free acquisition grant (max. EUR 50,000 per single investment) plus an additional 25 percent exit grant on capital gains. Requirements are a three-year minimum holding period and the investor must be a natural person. The program has been extended until 31.12.2026.',
    goto_slide: 'cap-table',
    priority: 10,
  },
@@ -478,6 +478,28 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    priority: 9,
  },

+  // === WANDELDARLEHEN & FÖRDER-KOMBINATION ===
+  {
+    id: 'invest-wandeldarlehen-preseed',
+    keywords: ['wandeldarlehen', 'convertible', 'darlehen', 'loan', 'pre-seed', 'l-bank', 'lbank', 'bw', 'baden-württemberg', 'conversion', 'wandlung', 'umwandlung'],
+    question_de: 'Wie funktioniert das Wandeldarlehen mit Pre-Seed BW?',
+    question_en: 'How does the convertible loan work with Pre-Seed BW?',
+    answer_de: 'Unser Wandeldarlehen ist über das Pre-Seed-Programm von Start-up BW / L-Bank strukturiert. Der private Investor beteiligt sich mit mindestens 20 Prozent der Gesamtsumme (ab 40.000 Euro), die L-Bank stellt die restlichen bis zu 80 Prozent als Zuwendung mit Wandlungsvorbehalt bereit. Bei einer Gesamtfinanzierung von 200.000 Euro bedeutet das: 40.000 Euro vom Investor und 160.000 Euro von der L-Bank. Optional ist auch eine doppelte Tranche mit 400.000 Euro Gesamtfinanzierung möglich (80.000 Euro Investor, 320.000 Euro L-Bank). Das Wandeldarlehen hat keine sofortige Bewertung — bei der nächsten qualifizierenden Finanzierungsrunde wandelt es automatisch in Anteile, typischerweise mit einem Discount für den Frühphasen-Investor. Der Vorteil für den Investor: weniger Kapitaleinsatz bei gleichzeitig starkem Hebel durch die staatliche Co-Finanzierung, und keine sofortige Verwässerung der Gründeranteile.',
+    answer_en: 'Our convertible loan is structured through the Pre-Seed BW / L-Bank program. The private investor contributes at least 20 percent of the total amount (from EUR 40,000), while L-Bank provides the remaining up to 80 percent as a grant with conversion option. For a total funding of EUR 200,000, this means EUR 40,000 from the investor and EUR 160,000 from L-Bank. Optionally, a double tranche of EUR 400,000 total is possible (EUR 80,000 investor, EUR 320,000 L-Bank). The convertible loan has no immediate valuation — at the next qualifying funding round, it automatically converts to equity, typically with a discount for the early-stage investor. The advantage for the investor: less capital deployed with strong leverage through government co-financing, and no immediate dilution of founder shares.',
+    goto_slide: 'the-ask',
+    priority: 10,
+  },
+  {
+    id: 'invest-bafa-preseed-kombination',
+    keywords: ['bafa', 'invest', 'kombination', 'combination', 'kompatibel', 'compatible', 'förderung', 'funding', 'zuschuss', 'grant', 'kombinierbar', 'combinable', 'förderfähig', 'eligible'],
+    question_de: 'Kann man BAFA INVEST und Pre-Seed BW kombinieren?',
+    question_en: 'Can BAFA INVEST and Pre-Seed BW be combined?',
+    answer_de: 'Grundsätzlich ja, aber nur unter klaren strukturellen Bedingungen. Beide Programme haben unterschiedliche Anforderungen an das Finanzierungsinstrument: BAFA INVEST fördert den privaten Investor mit bis zu 15 Prozent Erwerbszuschuss, bevorzugt aber Eigenkapital oder eigenkapitalähnliche Instrumente. Die L-Bank Pre-Seed verlangt explizit ein Wandeldarlehen. Das bedeutet: Nicht jedes Standard-Wandeldarlehen ist automatisch BAFA-INVEST-förderfähig. Damit die Kombination funktioniert, muss das Wandeldarlehen BAFA-konform ausgestaltet sein — also klare Conversion-Regeln haben und wirtschaftlich wie Equity wirken. Zusätzliche BAFA-Voraussetzungen: der Investor muss eine natürliche Person sein, darf kein Bestandsgesellschafter sein, das Mindestinvestment beträgt 10.000 Euro, die Mindesthaltedauer ist 3 Jahre, und das Unternehmen muss vor dem Investment BAFA-zertifiziert sein. Wir empfehlen, die konkrete Kombinierbarkeit für den jeweiligen Fall mit dem BAFA und dem L-Bank-Betreuungspartner abzustimmen, bevor das Termsheet finalisiert wird. Richtig aufgesetzt, profitiert der Investor von bis zu 15 Prozent Erwerbszuschuss plus 25 Prozent Exit-Zuschuss — zusätzlich zum Hebel durch die L-Bank-Co-Finanzierung.',
+    answer_en: 'In principle yes, but only under clear structural conditions. Both programs have different requirements for the financial instrument: BAFA INVEST supports the private investor with up to 15 percent acquisition grant but prefers equity or equity-like instruments. L-Bank Pre-Seed explicitly requires a convertible loan. This means: not every standard convertible loan is automatically eligible for BAFA INVEST. For the combination to work, the convertible loan must be structured in a BAFA-compliant way — with clear conversion rules and economic characteristics similar to equity. Additional BAFA requirements: the investor must be a natural person, must not be an existing shareholder, minimum investment is EUR 10,000, minimum holding period is 3 years, and the company must be BAFA-certified before the investment. We recommend coordinating the specific combinability with BAFA and the L-Bank supervising partner before finalizing the term sheet. Properly structured, the investor benefits from up to 15 percent acquisition grant plus 25 percent exit grant — on top of the leverage from L-Bank co-financing.',
+    goto_slide: 'the-ask',
+    priority: 10,
+  },
+
  // === TEAM & PERSONALAUFBAU ===
  {
    id: 'team-structure',
@@ -530,15 +552,189 @@ export const PRESENTER_FAQ: FAQEntry[] = [
    priority: 7,
  },

+  // === FISA 702 / DRITTLANDTRANSFER / EU-SOUVERAENITAET ===
+  {
+    id: 'fisa-702-what',
+    keywords: ['fisa', 'fisa 702', 'surveillance', 'ueberwachung', 'us-zugriff', 'us zugriff', 'nsa', 'prism', 'upstream', 'foreign intelligence'],
+    question_de: 'Was ist FISA 702 und warum ist das relevant?',
+    question_en: 'What is FISA 702 and why does it matter?',
+    answer_de: 'FISA 702 ist ein US-Ueberwachungsgesetz, das US-Behoerden erlaubt, gezielt Daten von Nicht-US-Personen im Ausland zu ueberwachen — ohne individuellen richterlichen Beschluss. Es gibt zwei Hauptprogramme: PRISM, bei dem US-Unternehmen wie Microsoft, Google und Amazon Daten an Behoerden herausgeben muessen, und Upstream, bei dem direkt auf Internet-Infrastruktur zugegriffen wird. Das betrifft jeden EU-Nutzer eines US-Dienstes. Genau deshalb wurde das Privacy Shield durch das Schrems-II-Urteil des EuGH gekippt. Fuer BreakPilot ist das hochrelevant: Jedes Unternehmen, das US-Cloud oder US-KI nutzt, hat ein strukturelles FISA-702-Risiko. Unsere EU-only Architektur eliminiert dieses Risiko vollstaendig.',
+    answer_en: 'FISA 702 is a US surveillance law that allows US authorities to target data of non-US persons abroad — without individual court orders. There are two main programs: PRISM, where US companies like Microsoft, Google and Amazon must hand over data to authorities, and Upstream, which directly taps internet infrastructure. This affects every EU user of a US service. This is exactly why the EU-US Privacy Shield was invalidated by the Schrems II ruling. For BreakPilot this is highly relevant: every company using US cloud or US AI has a structural FISA 702 risk. Our EU-only architecture eliminates this risk entirely.',
+    goto_slide: 'annex-regulatory',
+    priority: 9,
+  },
+  {
+    id: 'fisa-eu-cloud-myth',
+    keywords: ['eu cloud', 'eu-cloud', 'eu region', 'serverstandort', 'aws eu', 'azure eu', 'google eu', 'rechenzentrum', 'data center', 'frankfurt', 'ireland'],
+    question_de: 'Schuetzt eine EU-Cloud-Region bei US-Anbietern vor FISA 702?',
+    question_en: 'Does an EU cloud region at US providers protect against FISA 702?',
+    answer_de: 'Nein. Das ist einer der groessten Irrtuemer im Markt. Wenn der Cloud-Anbieter ein US-Unternehmen ist — also AWS, Microsoft Azure oder Google Cloud — dann unterliegt er US-Recht, egal wo der Server steht. FISA 702 und der Cloud Act gelten extraterritorial. Das bedeutet: Ein Server in Frankfurt bei AWS ist rechtlich genauso exponiert wie einer in Virginia. Unternehmen zahlen mehr fuer die EU-Region und wiegen sich in falscher Sicherheit. BreakPilot setzt deshalb konsequent auf EU-Anbieter ohne US-Muttergesellschaft — SysEleven und Hetzner, beide BSI-konform und ohne FISA-Exposition.',
+    answer_en: 'No. This is one of the biggest misconceptions in the market. If the cloud provider is a US company — AWS, Microsoft Azure or Google Cloud — it is subject to US law regardless of where the server is located. FISA 702 and the Cloud Act apply extraterritorially. A server in Frankfurt at AWS is legally just as exposed as one in Virginia. Companies pay more for the EU region and create a false sense of security. BreakPilot therefore exclusively uses EU providers without US parent companies — SysEleven and Hetzner, both BSI-compliant and without FISA exposure.',
+    goto_slide: 'annex-architecture',
+    priority: 9,
+  },
+  {
+    id: 'fisa-dsfa-contradiction',
+    keywords: ['dsfa', 'dpia', 'risikoakzeptanz', 'risk acceptance', 'restrisiko', 'residual risk', 'widerspruch', 'contradiction', 'schoenreden', 'fake compliance'],
+    question_de: 'Warum reicht eine DSFA alleine nicht aus, um US-Cloud-Risiken zu bewaeltigen?',
+    question_en: 'Why is a DPIA alone not enough to manage US cloud risks?',
+    answer_de: 'Das ist ein zentraler Widerspruch im aktuellen Compliance-Markt. Unternehmen erstellen eine Datenschutz-Folgenabschaetzung, dokumentieren das FISA-702-Risiko, treffen Massnahmen wie Verschluesselung und EU-Region — und akzeptieren dann das Restrisiko. Faktisch sagen sie damit: Wir wissen, dass US-Behoerden zugreifen koennten, und nehmen das in Kauf. Das ist kein Sicherheitsnachweis, sondern ein Rechtfertigungsinstrument. Die DSGVO erlaubt das ueber den risikobasierten Ansatz, aber es bleibt eine bewusste Risikoakzeptanz fuer ein technisch nicht loesbares Problem. BreakPilot geht einen fundamental anderen Weg: Wir eliminieren das Restrisiko strukturell, statt es zu dokumentieren. Kein US-Anbieter, keine FISA-Exposition, kein Restrisiko. Das ist der Unterschied zwischen Compliance simulieren und Compliance loesen.',
+    answer_en: 'This is a central contradiction in the current compliance market. Companies create a Data Protection Impact Assessment, document the FISA 702 risk, implement measures like encryption and EU region — and then accept the residual risk. In effect they are saying: we know US authorities could access the data, and we accept that. This is not a security proof but a justification instrument. GDPR allows this through the risk-based approach, but it remains a deliberate risk acceptance for a technically unsolvable problem. BreakPilot takes a fundamentally different approach: we structurally eliminate the residual risk instead of documenting it. No US provider, no FISA exposure, no residual risk. That is the difference between simulating compliance and solving compliance.',
+    goto_slide: 'annex-regulatory',
+    priority: 8,
+  },
+  {
+    id: 'fisa-market-opportunity',
+    keywords: ['marktchance', 'market opportunity', 'warum eu', 'why eu', 'eu-first', 'souveraenitaet', 'sovereignty', 'datensouveraenitaet', 'digital sovereignty', 'schrems', 'privacy shield'],
+    question_de: 'Warum ist FISA 702 eine Marktchance fuer BreakPilot?',
+    question_en: 'Why is FISA 702 a market opportunity for BreakPilot?',
+    answer_de: 'FISA 702 ist der zentrale Grund, warum EU-US-Datentransfers rechtlich schwierig sind, warum AI-Compliance ein riesiger Markt ist und warum unser EU-first-Ansatz strategischen Vorteil hat. Das Schrems-II-Urteil hat gezeigt, dass politische Loesungen wie Privacy Shield scheitern. Das neue EU-US Data Privacy Framework wird von Experten als naechstes Schrems-III angesehen. Jedes Mal wenn ein solches Abkommen kippt, stehen tausende Unternehmen vor dem Problem, ihre US-Dienste nicht mehr rechtskonform nutzen zu koennen. BreakPilot ist davon nicht betroffen — unsere Architektur ist strukturell unabhaengig von US-Recht. Das ist kein Nice-to-have, sondern konkrete Risikovermeidung fuer unsere Kunden.',
+    answer_en: 'FISA 702 is the central reason why EU-US data transfers are legally difficult, why AI compliance is a huge market, and why our EU-first approach has strategic advantage. The Schrems II ruling showed that political solutions like Privacy Shield fail. The new EU-US Data Privacy Framework is seen by experts as the next Schrems III. Every time such an agreement falls, thousands of companies face the problem of no longer being able to use their US services in compliance. BreakPilot is not affected — our architecture is structurally independent of US law. This is not a nice-to-have but concrete risk avoidance for our customers.',
+    goto_slide: 'market',
+    priority: 8,
+  },
+  {
+    id: 'fisa-breakpilot-architecture',
+    keywords: ['architektur', 'architecture', 'eu-only', 'kein us', 'no us', 'syseleven', 'hetzner', 'bsi', 'hosting', 'wo gehostet', 'where hosted'],
+    question_de: 'Wie schuetzt sich BreakPilot konkret gegen FISA 702?',
+    question_en: 'How does BreakPilot specifically protect against FISA 702?',
+    answer_de: 'Unsere gesamte Infrastruktur laeuft auf EU-Anbietern ohne US-Muttergesellschaft. Wir nutzen SysEleven und Hetzner — beide BSI-konform und in Deutschland. Unsere LLMs laufen lokal oder auf BSI-zertifizierten EU-Servern. Keine personenbezogenen Daten verlassen jemals die EU. Wir setzen keine US-KI-Dienste wie OpenAI, Anthropic Cloud oder Google AI ein. Isolierte Namespaces pro Kunde stellen sicher, dass Daten strikt getrennt sind. Die Schluesselhoheit liegt vollstaendig beim Kunden. Damit ist FISA 702 fuer unsere Kunden schlicht nicht anwendbar — es gibt keinen US-Anbieter in der Kette, der zur Herausgabe verpflichtet werden koennte.',
+    answer_en: 'Our entire infrastructure runs on EU providers without US parent companies. We use SysEleven and Hetzner — both BSI-compliant and located in Germany. Our LLMs run locally or on BSI-certified EU servers. No personal data ever leaves the EU. We do not use US AI services like OpenAI, Anthropic Cloud or Google AI. Isolated namespaces per customer ensure strict data separation. Key management is entirely under customer control. This makes FISA 702 simply inapplicable for our customers — there is no US provider in the chain that could be compelled to hand over data.',
+    goto_slide: 'annex-architecture',
+    priority: 9,
+  },
+
  // === MODULE ===
  {
    id: 'modules-overview',
    keywords: ['module', 'modules', 'baukasten', 'toolkit', '12 module', 'welche module', 'which modules', 'funktionen', 'features', 'leistungen'],
    question_de: 'Welche 12 Module bietet ihr an?',
    question_en: 'Which 12 modules do you offer?',
-    answer_de: 'Unsere Plattform besteht aus zwölf Modulen, die Kunden einzeln oder als Gesamtpaket nutzen können. Den Kern bildet das Code-Security-Modul mit SAST, DAST, SBOM-Analysen und kontinuierlichem Pentesting bei jeder Code-Änderung. Dazu kommt die CE-Software-Risikobeurteilung, die Hersteller für die CE-Kennzeichnung ihrer Produkte brauchen. Für die laufende Compliance-Dokumentation erstellen wir automatisch Verarbeitungsverzeichnisse, technisch-organisatorische Maßnahmen, Datenschutz-Folgenabschätzungen und Löschfristen. Der Audit Manager verwaltet Haupt- und Nebenabweichungen nach Audits vollständig End-to-End mit Stichtagen, Tickets und Eskalation. Darüber hinaus bieten wir Module für Betroffenenrechte, Einwilligungsmanagement, Notfallpläne bei Datenschutzvorfällen und einen Cookie-Generator. Das Compliance LLM ist ein eigenes Sprachmodell für Text und Audio, das sicher in der EU gehostet wird. Die Academy bietet Online-Schulungen für Geschäftsführung und Mitarbeiter. Abgerundet wird das Ganze durch die Integration in bestehende Kundenprozesse wie Jira und eine sichere Kommunikationslösung mit Chat, Video und einem KI-Assistenten für automatische Besprechungsnotizen.',
-    answer_en: 'Our platform consists of twelve modules that customers can use individually or as a complete package. The core is the code security module with SAST, DAST, SBOM analysis and continuous pentesting on every code change. Then there is the CE software risk assessment that manufacturers need for CE marking their products. For ongoing compliance documentation, we automatically generate records of processing activities, technical and organizational measures, data protection impact assessments and retention schedules. The audit manager handles major and minor deviations after audits completely end-to-end with deadlines, tickets and escalation. Beyond that, we offer modules for data subject rights, consent management, incident response for data breaches and a cookie generator. The compliance LLM is a dedicated language model for text and audio, securely hosted in the EU. The academy provides online training for management and employees. Everything is rounded off by integration into existing customer processes like Jira and a secure communication solution with chat, video and an AI assistant for automatic meeting notes.',
+    answer_de: 'Unsere Plattform besteht aus zwölf Modulen, die Kunden einzeln oder als Gesamtpaket nutzen können. Den Kern bildet das Code-Security-Modul mit SAST, DAST, SBOM-Analysen und kontinuierlichem Pentesting bei jeder Code-Änderung. Dazu kommt die CE-Software-Risikobeurteilung, die Hersteller für die CE-Kennzeichnung ihrer Produkte brauchen. Für die laufende Compliance-Dokumentation erstellen wir automatisch Verarbeitungsverzeichnisse, technisch-organisatorische Maßnahmen, Datenschutz-Folgenabschätzungen und Löschfristen. Der Audit Manager verwaltet Haupt- und Nebenabweichungen nach Audits vollständig End-to-End mit Stichtagen, Tickets und Eskalation. Darüber hinaus bieten wir Module für Betroffenenrechte, Einwilligungsmanagement, Notfallpläne bei Datenschutzvorfällen und einen Cookie-Generator. Das Compliance LLM ist ein eigenes Sprachmodell für Text und Audio, das sicher in der EU gehostet wird. Die Academy bietet Online-Schulungen für Geschäftsführung und Mitarbeiter. Abgerundet wird das Ganze durch die Integration in bestehende Kundenprozesse wie Jira, GitLab, Linear oder Gitea und eine sichere Kommunikationslösung mit Chat, Video und einem KI-Assistenten für automatische Besprechungsnotizen.',
+    answer_en: 'Our platform consists of twelve modules that customers can use individually or as a complete package. The core is the code security module with SAST, DAST, SBOM analysis and continuous pentesting on every code change. Then there is the CE software risk assessment that manufacturers need for CE marking their products. For ongoing compliance documentation, we automatically generate records of processing activities, technical and organizational measures, data protection impact assessments and retention schedules. The audit manager handles major and minor deviations after audits completely end-to-end with deadlines, tickets and escalation. Beyond that, we offer modules for data subject rights, consent management, incident response for data breaches and a cookie generator. The compliance LLM is a dedicated language model for text and audio, securely hosted in the EU. The academy provides online training for management and employees. Everything is rounded off by integration into existing customer processes like Jira, GitLab, Linear or Gitea and a secure communication solution with chat, video and an AI assistant for automatic meeting notes.',
    goto_slide: 'product',
    priority: 9,
  },
+
+  // === TECHNOLOGIE-GLOSSAR (fuer Investor-Verstaendnis) ===
+  {
+    id: 'tech-bge-m3',
+    keywords: ['bge-m3', 'bge', 'embedding', 'embeddings', 'vektorisierung', 'vectorization', 'sentence transformer'],
+    question_de: 'Was ist BGE-M3?',
+    question_en: 'What is BGE-M3?',
+    answer_de: 'BGE-M3 ist ein State-of-the-Art Embedding-Modell, entwickelt vom Beijing Academy of Artificial Intelligence. M3 steht fuer Multi-Lingual, Multi-Functionality und Multi-Granularity. Wir nutzen es, um Gesetzestexte, Normen und Compliance-Dokumente in hochdimensionale Vektoren umzuwandeln. Der Vorteil: BGE-M3 versteht ueber 100 Sprachen gleichzeitig — perfekt fuer EU-Regularien, die in verschiedenen Sprachen vorliegen. Es unterstuetzt Dense Retrieval, Sparse Retrieval und Multi-Vector Retrieval in einem Modell, was unsere Hybrid Search ermoeglicht. Das Modell laeuft lokal auf unserer EU-Infrastruktur — keine Daten verlassen den europaeischen Raum.',
+    answer_en: 'BGE-M3 is a state-of-the-art embedding model developed by the Beijing Academy of Artificial Intelligence. M3 stands for Multi-Lingual, Multi-Functionality and Multi-Granularity. We use it to convert legal texts, standards and compliance documents into high-dimensional vectors. The advantage: BGE-M3 understands over 100 languages simultaneously — perfect for EU regulations that exist in different languages. It supports dense retrieval, sparse retrieval and multi-vector retrieval in a single model, enabling our hybrid search. The model runs locally on our EU infrastructure — no data leaves the European space.',
+    goto_slide: 'annex-aipipeline',
+    priority: 7,
+  },
+  {
+    id: 'tech-rag',
+    keywords: ['rag', 'retrieval', 'augmented', 'generation', 'wissensbasis', 'knowledge base', 'wie funktioniert ki', 'how does ai work'],
+    question_de: 'Was ist RAG und wie nutzt ihr es?',
+    question_en: 'What is RAG and how do you use it?',
+    answer_de: 'RAG steht fuer Retrieval Augmented Generation — ein Verfahren, bei dem das KI-Modell nicht aus seinem Training antwortet, sondern zuerst in unserer Wissensbasis nach relevanten Dokumenten sucht und diese als Kontext nutzt. Das ist entscheidend fuer Compliance: Wir wollen keine halluzinierten Antworten, sondern praezise Aussagen mit Quellenangabe. Unsere RAG-Pipeline indexiert ueber 380 Regularien und Normen in sechs Qdrant-Collections. Bei einer Anfrage werden die relevantesten Textpassagen per Hybrid Search gefunden, durch einen Cross-Encoder re-rankt und dann dem LLM als Kontext uebergeben. Das Ergebnis: jede Antwort ist quellenbasiert und nachpruefbar.',
+    answer_en: 'RAG stands for Retrieval Augmented Generation — a method where the AI model does not answer from its training but first searches our knowledge base for relevant documents and uses them as context. This is critical for compliance: we want no hallucinated answers but precise statements with source references. Our RAG pipeline indexes over 380 regulations and standards in six Qdrant collections. For a query, the most relevant text passages are found via hybrid search, re-ranked by a cross-encoder and then provided to the LLM as context. The result: every answer is source-based and verifiable.',
+    goto_slide: 'annex-aipipeline',
+    priority: 8,
+  },
+  {
+    id: 'tech-qdrant',
+    keywords: ['qdrant', 'vektordatenbank', 'vector database', 'vector db', 'collections', 'similarity search'],
+    question_de: 'Was ist Qdrant?',
+    question_en: 'What is Qdrant?',
+    answer_de: 'Qdrant ist eine hochperformante Open-Source-Vektordatenbank, die wir fuer unsere semantische Suche nutzen. Sie speichert die Embedding-Vektoren unserer ueber 380 indexierten Regularien und ermoeglicht Similarity Search in Millisekunden. Wir betreiben sechs separate Qdrant-Collections — getrennt nach Rechtsgebiet und Dokumenttyp — fuer praezise und schnelle Ergebnisse. Qdrant laeuft auf unserer eigenen Hetzner-Infrastruktur in Deutschland, ist MIT-lizenziert und benoetigt keine Cloud-Anbindung an US-Provider.',
+    answer_en: 'Qdrant is a high-performance open-source vector database that we use for our semantic search. It stores the embedding vectors of our over 380 indexed regulations and enables similarity search in milliseconds. We operate six separate Qdrant collections — separated by legal domain and document type — for precise and fast results. Qdrant runs on our own Hetzner infrastructure in Germany, is MIT-licensed and requires no cloud connection to US providers.',
+    goto_slide: 'annex-aipipeline',
+    priority: 7,
+  },
+  {
+    id: 'tech-cross-encoder',
+    keywords: ['cross-encoder', 'cross encoder', 're-ranking', 'reranking', 'rerank', 'relevanz'],
+    question_de: 'Was ist ein Cross-Encoder?',
+    question_en: 'What is a cross-encoder?',
+    answer_de: 'Ein Cross-Encoder ist ein KI-Modell, das die Relevanz zwischen einer Suchanfrage und einem Dokument praezise bewertet. In unserer Pipeline nutzen wir ihn als zweite Stufe: Zuerst findet die schnelle Hybrid Search die Top-Kandidaten, dann bewertet der Cross-Encoder jedes Ergebnis einzeln und sortiert sie nach tatsaechlicher Relevanz. Das verbessert die Qualitaet unserer Compliance-Antworten erheblich — besonders bei juristisch komplexen Fragestellungen, wo Wortaehnlichkeit allein nicht ausreicht.',
+    answer_en: 'A cross-encoder is an AI model that precisely evaluates the relevance between a search query and a document. In our pipeline we use it as a second stage: first, the fast hybrid search finds the top candidates, then the cross-encoder evaluates each result individually and sorts them by actual relevance. This significantly improves the quality of our compliance answers — especially for legally complex questions where word similarity alone is not sufficient.',
+    goto_slide: 'annex-aipipeline',
+    priority: 6,
+  },
+  {
+    id: 'tech-sast-dast',
+    keywords: ['sast', 'dast', 'static analysis', 'dynamic analysis', 'code scanning', 'code analyse', 'statische analyse', 'dynamische analyse', 'penetrationstest', 'pentest'],
+    question_de: 'Was sind SAST und DAST?',
+    question_en: 'What are SAST and DAST?',
+    answer_de: 'SAST steht fuer Static Application Security Testing — dabei wird der Quellcode analysiert, ohne ihn auszufuehren. Man findet Schwachstellen wie SQL-Injection, Cross-Site-Scripting oder unsichere Kryptografie direkt im Code. DAST steht fuer Dynamic Application Security Testing — dabei wird die laufende Anwendung von aussen getestet, aehnlich wie ein echter Angreifer. Wir fuehren beides kontinuierlich bei jeder Code-Aenderung durch, nicht nur einmal im Jahr wie bei klassischen Pentests. Das spart dem Kunden etwa 13.000 Euro jaehrlich an externen Pentest-Kosten allein im KMU-Bereich.',
+    answer_en: 'SAST stands for Static Application Security Testing — it analyzes source code without executing it. You find vulnerabilities like SQL injection, cross-site scripting or insecure cryptography directly in the code. DAST stands for Dynamic Application Security Testing — it tests the running application from the outside, similar to a real attacker. We run both continuously on every code change, not just once a year like traditional pentests. This saves customers about EUR 13,000 annually in external pentest costs for SMEs alone.',
+    goto_slide: 'solution',
+    priority: 8,
+  },
+  {
+    id: 'tech-sbom',
+    keywords: ['sbom', 'software bill of materials', 'stueckliste', 'abhaengigkeiten', 'dependencies', 'supply chain', 'lieferkette'],
+    question_de: 'Was ist eine SBOM?',
+    question_en: 'What is an SBOM?',
+    answer_de: 'SBOM steht fuer Software Bill of Materials — eine vollstaendige Stueckliste aller Software-Komponenten, Bibliotheken und Abhaengigkeiten in einem Produkt. Mit dem Cyber Resilience Act wird die SBOM fuer alle Produkte mit digitalen Elementen in der EU zur Pflicht. Unsere Plattform generiert SBOMs automatisch bei jeder Code-Aenderung, ueberwacht bekannte Schwachstellen in Abhaengigkeiten und alarmiert sofort, wenn eine neue CVE veroeffentlicht wird. Das ist fuer produzierende Unternehmen besonders relevant, weil sie ihre Software-Lieferkette lueckenlos dokumentieren muessen.',
+    answer_en: 'SBOM stands for Software Bill of Materials — a complete inventory of all software components, libraries and dependencies in a product. With the Cyber Resilience Act, SBOMs become mandatory for all products with digital elements in the EU. Our platform generates SBOMs automatically on every code change, monitors known vulnerabilities in dependencies and alerts immediately when a new CVE is published. This is particularly relevant for manufacturing companies because they must document their software supply chain without gaps.',
+    goto_slide: 'annex-engineering',
+    priority: 8,
+  },
+  {
+    id: 'tech-bsi',
+    keywords: ['bsi', 'bundesamt', 'sicherheit', 'informationstechnik', 'zertifizierung', 'certification', 'c5', 'cloud security'],
+    question_de: 'Was bedeutet BSI-zertifiziert?',
+    question_en: 'What does BSI-certified mean?',
+    answer_de: 'BSI steht fuer das Bundesamt fuer Sicherheit in der Informationstechnik — die deutsche Bundesbehoerde fuer Cybersicherheit. Eine BSI-Zertifizierung, insbesondere der C5-Standard (Cloud Computing Compliance Criteria Catalogue), bestaetigt, dass ein Cloud-Anbieter hoechste Sicherheitsstandards einhalt. Unsere Infrastruktur laeuft auf SysEleven, einem BSI-C5-zertifizierten deutschen Cloud-Provider. Das bedeutet: Ihre Daten werden nach den strengsten europaeischen Sicherheitsstandards geschuetzt — ohne Zugriff durch US-Behoerden.',
+    answer_en: 'BSI stands for the Federal Office for Information Security — the German federal authority for cybersecurity. A BSI certification, particularly the C5 standard (Cloud Computing Compliance Criteria Catalogue), confirms that a cloud provider maintains the highest security standards. Our infrastructure runs on SysEleven, a BSI C5-certified German cloud provider. This means: your data is protected according to the strictest European security standards — without access by US authorities.',
+    goto_slide: 'annex-architecture',
+    priority: 8,
+  },
+  {
+    id: 'tech-cloud-providers',
+    keywords: ['syseleven', 'hetzner', 'cloud', 'hosting', 'infrastruktur', 'infrastructure', 'server', 'rechenzentrum', 'data center', 'wo laufen', 'where hosted'],
+    question_de: 'Auf welcher Infrastruktur laeuft die Plattform?',
+    question_en: 'What infrastructure does the platform run on?',
+    answer_de: 'Unsere Plattform laeuft zu 100 Prozent auf europaeischer Cloud-Infrastruktur — ohne einen einzigen US-Anbieter. Fuer LLM-Inferenz und KI-Workloads nutzen wir SysEleven, einen BSI-C5-zertifizierten deutschen Cloud-Provider mit GPU-Kapazitaet. Fuer Datenbanken, Vektorspeicher und Anwendungslogik setzen wir auf Hetzner — ebenfalls deutsch, ISO 27001-zertifiziert und deutlich kostenguenstiger als AWS oder Azure. Das CI/CD laeuft ueber Gitea Actions mit automatischem Deploy via Coolify auf Hetzner. Diese Kombination gibt uns einen strukturellen Kostenvorteil bei voller EU-Datensouveraenitaet.',
+    answer_en: 'Our platform runs 100 percent on European cloud infrastructure — without a single US provider. For LLM inference and AI workloads we use SysEleven, a BSI C5-certified German cloud provider with GPU capacity. For databases, vector storage and application logic we rely on Hetzner — also German, ISO 27001-certified and significantly more cost-effective than AWS or Azure. CI/CD runs via Gitea Actions with automatic deploy via Coolify on Hetzner. This combination gives us a structural cost advantage with full EU data sovereignty.',
+    goto_slide: 'annex-architecture',
+    priority: 8,
+  },
+  {
+    id: 'tech-controls',
+    keywords: ['controls', 'pruefaspekte', 'audit aspects', 'pruefpunkte', 'checkpoints', '25000', 'control extraction'],
+    question_de: 'Was sind Controls bzw. Pruefaspekte?',
+    question_en: 'What are controls or audit aspects?',
+    answer_de: 'Controls sind konkrete, pruefbare Anforderungen, die aus Gesetzen und Normen abgeleitet werden. Zum Beispiel wird aus DSGVO Artikel 32 (Sicherheit der Verarbeitung) eine Reihe konkreter Controls wie Verschluesselungspflicht, Zugriffskontrolle und regelmaessige Sicherheitstests. Wir haben ueber 25.000 solcher Controls aus ueber 380 Regularien und Normen extrahiert. Jeder Control hat eine eindeutige ID, ist einer Regulierung zugeordnet und kann automatisch gegen den Ist-Zustand eines Unternehmens geprueft werden. Das ist das Herzstueck unserer Compliance-Automatisierung.',
+    answer_en: 'Controls are concrete, verifiable requirements derived from laws and standards. For example, GDPR Article 32 (Security of Processing) generates a series of concrete controls like encryption requirements, access control and regular security testing. We have extracted over 25,000 such controls from over 380 regulations and standards. Each control has a unique ID, is mapped to a regulation and can be automatically checked against a company current state. This is the heart of our compliance automation.',
+    goto_slide: 'annex-regulatory',
+    priority: 8,
+  },
+  {
+    id: 'tech-hybrid-search',
+    keywords: ['hybrid search', 'hybrid suche', 'dense', 'sparse', 'bm25', 'semantic search', 'semantische suche', 'volltextsuche'],
+    question_de: 'Was ist Hybrid Search?',
+    question_en: 'What is hybrid search?',
+    answer_de: 'Hybrid Search kombiniert zwei Suchverfahren: Dense Retrieval (semantische Aehnlichkeit ueber Vektoren) und Sparse Retrieval (klassische Schlagwortsuche aehnlich Google). Warum beide? Juristische Texte enthalten oft spezifische Begriffe wie Artikelnummern oder Normenbezeichnungen, die semantische Suche allein nicht praezise findet. Umgekehrt versteht die semantische Suche den Kontext besser als reine Schlagwortsuche. Durch die Kombination beider Verfahren mit anschliessendem Cross-Encoder Re-Ranking erreichen wir die hoechste Praezision bei Compliance-Anfragen.',
+    answer_en: 'Hybrid search combines two search methods: dense retrieval (semantic similarity via vectors) and sparse retrieval (classic keyword search similar to Google). Why both? Legal texts often contain specific terms like article numbers or standard designations that semantic search alone cannot find precisely. Conversely, semantic search understands context better than pure keyword search. By combining both methods with subsequent cross-encoder re-ranking, we achieve the highest precision for compliance queries.',
+    goto_slide: 'annex-aipipeline',
+    priority: 7,
+  },
+  {
+    id: 'tech-policy-engine',
+    keywords: ['policy engine', 'deterministic', 'deterministisch', 'regeln', 'rules', 'eskalation', 'escalation', 'e0', 'e1', 'e2', 'e3'],
+    question_de: 'Was ist die deterministische Policy Engine?',
+    question_en: 'What is the deterministic policy engine?',
+    answer_de: 'Unsere Policy Engine ist das Gegenstueck zum LLM — sie arbeitet rein regelbasiert und deterministisch. 45 vordefinierte Regeln pruefen Compliance-Ergebnisse auf Vollstaendigkeit, Konsistenz und Dringlichkeit. Das LLM liefert die Analyse, aber die Policy Engine entscheidet, was passiert: Eskalationsstufe E0 bedeutet informativ, E1 erfordert Massnahmen, E2 hat Fristen und E3 geht an die Geschaeftsfuehrung. So stellen wir sicher, dass keine KI-Halluzination zu einer falschen Compliance-Entscheidung fuehrt.',
+    answer_en: 'Our policy engine is the counterpart to the LLM — it works purely rule-based and deterministically. 45 predefined rules check compliance results for completeness, consistency and urgency. The LLM delivers the analysis, but the policy engine decides what happens: escalation level E0 is informational, E1 requires action, E2 has deadlines and E3 goes to management. This ensures no AI hallucination leads to a wrong compliance decision.',
+    goto_slide: 'annex-aipipeline',
+    priority: 7,
+  },
+  {
+    id: 'tech-vvt-toms',
+    keywords: ['vvt', 'toms', 'dsfa', 'verarbeitungsverzeichnis', 'technisch organisatorische massnahmen', 'datenschutz-folgenabschaetzung', 'ropa', 'dpia', 'loeschfristen', 'retention'],
+    question_de: 'Was sind VVT, TOMs und DSFA?',
+    question_en: 'What are RoPA, TOMs and DPIA?',
+    answer_de: 'Das sind drei zentrale DSGVO-Dokumente, die jedes Unternehmen fuehren muss. VVT ist das Verarbeitungsverzeichnis (Record of Processing Activities) — eine Liste aller Datenverarbeitungstaetigkeiten mit Zweck, Rechtsgrundlage und Empfaengern. TOMs sind Technisch-Organisatorische Massnahmen — konkrete Sicherheitsmassnahmen wie Verschluesselung, Zugriffskontrolle oder Pseudonymisierung. DSFA ist die Datenschutz-Folgenabschaetzung (Data Protection Impact Assessment) — eine vertiefte Risikoanalyse fuer besonders sensible Verarbeitungen. Unsere Plattform generiert alle drei Dokumente automatisch und haelt sie bei Aenderungen aktuell.',
+    answer_en: 'These are three central GDPR documents that every company must maintain. RoPA is the Record of Processing Activities — a list of all data processing activities with purpose, legal basis and recipients. TOMs are Technical and Organizational Measures — concrete security measures like encryption, access control or pseudonymization. DPIA is the Data Protection Impact Assessment — an in-depth risk analysis for particularly sensitive processing. Our platform generates all three documents automatically and keeps them current when changes occur.',
+    goto_slide: 'solution',
+    priority: 8,
+  },
 ]
@@ -7,18 +7,18 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    duration: 45,
    paragraphs: [
      {
-        text_de: 'Willkommen bei BreakPilot COMPLAI — die Cloud-SDK-Plattform für vollständige Compliance: von der DSGVO über den AI Act bis zur CE-Kennzeichnung.',
-        text_en: 'Welcome to BreakPilot COMPLAI — the cloud SDK platform for complete compliance: from GDPR to the AI Act to CE certification.',
+        text_de: 'Willkommen bei BreakPilot COMPLAI — der Compliance-Plattform, die produzierende Unternehmen endlich von der Regulierungslast befreit. Von der Datenschutz-Grundverordnung über den AI Act bis zur C. E. Kennzeichnung — alles aus einer Hand.',
+        text_en: 'Welcome to BreakPilot COMPLAI — the compliance platform that finally frees manufacturing companies from the regulatory burden. From GDPR to the AI Act to CE certification — all from a single source.',
        pause_after: 1500,
      },
      {
-        text_de: 'Ich bin Ihr KI-Präsentator und führe Sie durch unser Pitch Deck. Die Präsentation dauert etwa 15 Minuten.',
-        text_en: 'I am your AI presenter and will guide you through our pitch deck. The presentation takes about 15 minutes.',
+        text_de: 'Ich bin Ihr KI-Präsentator und führe Sie durch unser Pitch Deck. Die Präsentation dauert etwa 15 Minuten — und ich verspreche Ihnen: Es lohnt sich.',
+        text_en: 'I am your AI presenter and will guide you through our pitch deck. The presentation takes about 15 minutes — and I promise: it will be worth it.',
        pause_after: 1500,
      },
      {
-        text_de: 'Sie können jederzeit Fragen stellen — nutzen Sie einfach den Chat. Ich pausiere automatisch und antworte sofort.',
-        text_en: 'You can ask questions at any time — just use the chat. I will pause automatically and respond immediately.',
+        text_de: 'Sie können jederzeit Fragen stellen — nutzen Sie einfach den Chat. Ich pausiere automatisch und antworte sofort. Das ist übrigens schon ein Vorgeschmack auf unsere Technologie.',
+        text_en: 'You can ask questions at any time — just use the chat. I will pause automatically and respond immediately. By the way, this is already a taste of our technology.',
        pause_after: 1000,
      },
    ],
@@ -32,13 +32,13 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    duration: 30,
    paragraphs: [
      {
-        text_de: 'Bevor wir ins Detail gehen, hier das Wichtigste auf einen Blick: BreakPilot COMPLAI bietet Full Compliance GPT, CE-Software-Risikobeurteilung und DevSecOps aus einer Hand — speziell für den Maschinenbau.',
-        text_en: 'Before we dive into details, here is the key summary: BreakPilot COMPLAI offers full compliance GPT, CE software risk assessment and DevSecOps from a single platform — specifically for machine manufacturing.',
+        text_de: 'Bevor wir ins Detail gehen, hier das Wichtigste auf einen Blick: BreakPilot COMPLAI ist die einzige Plattform, die organisatorische Compliance, Produkt-Compliance und Code-Security vereint — speziell für den produzierenden Mittelstand.',
+        text_en: 'Before we dive into details, here is the key summary: BreakPilot COMPLAI is the only platform that combines organizational compliance, product compliance and code security — specifically for the manufacturing mid-market.',
        pause_after: 1500,
      },
      {
-        text_de: '12 Module: Code Security, CE-Software-Risikobeurteilung, Compliance-Dokumente, Audit Manager, DSR, Consent, Notfallpläne, Cookie-Generator, Compliance LLM, Academy, Integration und sichere Kommunikation. 110 Gesetze und Regularien, 25.000 Prüfaspekte. Sie können den Onepager als PDF herunterladen.',
-        text_en: '12 modules: code security, CE software risk assessment, compliance documents, audit manager, DSR, consent, incident response, cookie generator, compliance LLM, academy, integration and secure communication. 110 laws and regulations, 25,000 audit aspects. You can download the one-pager as PDF.',
+        text_de: 'Über 380 Regularien und Normen in unserer KI-Wissensbasis. Über 25.000 extrahierte Prüfaspekte. 65 Compliance-Module. Und das Beste: Ihre Kunden sparen ab Tag eins mehr als sie zahlen. Den Onepager können Sie als PDF herunterladen.',
+        text_en: 'Over 380 regulations and standards in our AI knowledge base. Over 25,000 extracted audit aspects. 65 compliance modules. And the best part: your customers save more than they pay from day one. You can download the one-pager as PDF.',
        pause_after: 1000,
      },
    ],
@@ -52,8 +52,8 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    duration: 20,
    paragraphs: [
      {
-        text_de: 'BreakPilot COMPLAI — 12 Module, 110 Gesetze, 10 Branchen, eine Plattform. Kontinuierliche Compliance und Code-Security. Gründung Juli/August 2026.',
-        text_en: 'BreakPilot COMPLAI — 12 modules, 110 laws, 10 industries, one platform. Continuous compliance and code security. Founding July/August 2026.',
+        text_de: 'BreakPilot COMPLAI — über 380 Regularien, 10 Branchen, eine Plattform. Kontinuierliche Compliance und Code-Security. Gründung August 2026. Wir bauen die Zukunft der industriellen Compliance.',
+        text_en: 'BreakPilot COMPLAI — over 380 regulations, 10 industries, one platform. Continuous compliance and code security. Founding August 2026. We are building the future of industrial compliance.',
        pause_after: 1500,
      },
    ],
@@ -61,54 +61,74 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'Let us first look at the problem.',
  },

-  // 2 — problem (60s)
+  // 3 — problem (60s)
  {
    slideId: 'problem',
    duration: 60,
    paragraphs: [
      {
-        text_de: 'Maschinenbauer — oft KMU mit 10 bis 500 Mitarbeitern — wollen KI nutzen. Aber sie weigern sich, Microsoft Copilot oder Claude auf ihr Herzstück loszulassen. Die Angst vor Datenmissbrauch durch US-Konzerne ist real und berechtigt.',
-        text_en: 'Machine manufacturers — often SMEs with 10 to 500 employees — want to use AI. But they refuse to let Microsoft Copilot or Claude touch their core IP. The fear of data misuse by US corporations is real and justified.',
+        text_de: 'Stellen Sie sich vor: Ein Maschinenbauer mit 100 Mitarbeitern will KI in seinen Produktionsprozess integrieren. Aber er traut sich nicht. Die Angst vor Datenmissbrauch durch US-Konzerne ist real — und berechtigt. Der Patriots Act macht europäische Daten auf US-Servern angreifbar.',
+        text_en: 'Imagine: A machine builder with 100 employees wants to integrate AI into their production process. But they do not dare. The fear of data misuse by US corporations is real — and justified. The Patriot Act makes European data on US servers vulnerable.',
        pause_after: 2000,
      },
      {
-        text_de: 'Wer US-SaaS meidet, bleibt von der KI-Revolution abgeschnitten. Wer alles zu AWS oder Google schiebt, akzeptiert, dass selbst europäische Server über den Patriots Act abgesaugt werden können. Deutsche KMU sitzen in der Falle.',
-        text_en: 'Those avoiding US SaaS are cut off from the AI revolution. Those pushing everything to AWS or Google accept that even European servers can be accessed via the Patriot Act. German SMEs are trapped.',
+        text_de: 'Das Ergebnis ist ein Dilemma: Wer US Software-as-a-Service meidet, bleibt von der KI-Revolution abgeschnitten. Wer es nutzt, riskiert seine Kundendaten und Geschäftsgeheimnisse. Deutsche Mittelständler sitzen in der Falle — und das in einer Zeit, in der fünf neue EU-Gesetze gleichzeitig auf sie einprasseln.',
+        text_en: 'The result is a dilemma: those avoiding US SaaS are cut off from the AI revolution. Those using it risk their customer data and trade secrets. German mid-market companies are trapped — at a time when five new EU laws are hitting them simultaneously.',
        pause_after: 2500,
      },
      {
-        text_de: 'Gleichzeitig überrollen fünf EU-Gesetze diese Unternehmen: AI Act, NIS2, CRA, DSGVO und die Maschinenverordnung. Pentests und CE-Zertifizierungen kosten 50.000 Euro im Jahr — aber prüfen nur einmal. Nichts läuft kontinuierlich.',
-        text_en: 'Meanwhile, five EU laws are overwhelming these companies: AI Act, NIS2, CRA, GDPR and the Machinery Regulation. Pentests and CE certifications cost EUR 50,000 per year — but only check once. Nothing runs continuously.',
+        text_de: 'AI Act, NIS 2 Richtlinie, Cyber Resilience Act, Datenschutz-Grundverordnung, Maschinenverordnung — jedes einzelne Gesetz erfordert Expertise, die kein kleine und mittlere Unternehmen intern vorhalt. Externe Pentests und C. E. Zertifizierungen kosten 55.000 Euro und mehr im Jahr — und prüfen nur einmal. Am nächsten Tag kann alles wieder veraltet sein.',
+        text_en: 'AI Act, NIS2, CRA, GDPR, Machinery Regulation — each law requires expertise that no SME maintains internally. External pentests and CE certifications cost EUR 55,000 or more per year — and only check once. The next day everything could be outdated again.',
        pause_after: 1500,
      },
    ],
-    transition_hint_de: 'Und genau dafür haben wir eine Lösung.',
-    transition_hint_en: 'And that is exactly what we have a solution for.',
+    transition_hint_de: 'Und genau dieses Problem lösen wir.',
+    transition_hint_en: 'And that is exactly the problem we solve.',
  },

-  // 3 — solution (70s)
+  // 4 — solution (70s)
  {
    slideId: 'solution',
    duration: 70,
    paragraphs: [
      {
-        text_de: 'Unsere Lösung: Kontinuierliche Software-Compliance statt jährlicher Stichproben. SAST, DAST, SBOM und Pentesting bei jeder Code-Änderung. Findings landen direkt als Jira-Tickets mit konkreten Implementierungsvorschlägen.',
-        text_en: 'Our solution: Continuous software compliance instead of annual spot checks. SAST, DAST, SBOM and pentesting on every code change. Findings land directly as Jira tickets with concrete implementation suggestions.',
+        text_de: 'Unsere Lösung macht Schluss mit dem jährlichen Compliance-Zirkus. Statt einmal im Jahr einen teuren Berater zu buchen, läuft bei uns alles kontinuierlich: S. A. S. T., D. A. S. T., Software Bill of Materials und Pentesting bei jeder Code-Änderung. Automatisch. Rund um die Uhr.',
+        text_en: 'Our solution ends the annual compliance circus. Instead of booking an expensive consultant once a year, everything runs continuously with us: SAST, DAST, SBOM and pentesting on every code change. Automatically. Around the clock.',
        pause_after: 2000,
      },
      {
-        text_de: 'VVT, TOMs, DSFA, Löschfristen und CE-Risikobeurteilung werden automatisch generiert. Und nach dem Audit? Haupt- und Nebenabweichungen werden End-to-End abgearbeitet: Rollen zuweisen, Stichtage setzen, Tickets erstellen, Nachweise einfordern. Die Geschäftsführung bekommt Eskalationsberichte — kein Mitarbeiter muss mehr hinterherlaufen.',
-        text_en: 'RoPA, TOMs, DPIA, retention policies and CE risk assessment are generated automatically. And after the audit? Major and minor deviations are handled end-to-end: assign roles, set deadlines, create tickets, collect evidence. Management gets escalation reports — no employee needs to chase anyone.',
+        text_de: 'Aber das ist erst der Anfang. Verarbeitungsverzeichnis, technisch-organisatorische Maßnahmen, Datenschutz-Folgenabschätzung, Löschfristen, C. E. Risikobeurteilung — alles wird automatisch generiert und aktuell gehalten. Nach dem Audit werden Abweichungen End-to-End abgearbeitet: Rollen zuweisen, Stichtage setzen, Tickets erstellen, Nachweise einfordern. Kein Mitarbeiter muss mehr hinterherlaufen — die Plattform eskaliert automatisch bis zur Geschäftsführung.',
+        text_en: 'But that is just the beginning. RoPA, TOMs, DPIA, retention policies, CE risk assessment — everything is generated automatically and kept up to date. After the audit, deviations are handled end-to-end: assign roles, set deadlines, create tickets, collect evidence. No employee needs to chase anyone — the platform automatically escalates to management.',
        pause_after: 2500,
      },
      {
-        text_de: 'Die Plattform läuft auf einer BSI-zertifizierten Cloud in Deutschland oder OVH in Frankreich. Jitsi für Video, Matrix für Chat, KI-Aufgabenerstellung aus Audiomitschnitten direkt in Kundensysteme. Keine US-SaaS im Source Code.',
-        text_en: 'The platform runs on a BSI-certified cloud in Germany or OVH in France. Jitsi for video, Matrix for chat, AI task creation from audio recordings directly into customer systems. No US SaaS in source code.',
-        pause_after: 2500,
+        text_de: 'Und das Wichtigste für datensensible Unternehmen: Die Plattform läuft auf einer Bundesamt für Sicherheit in der Informationstechnik-zertifizierten Cloud in Deutschland. Kein US Software-as-a-Service im gesamten Source Code. Kommunikation über Jitsi und Matrix — vollständig souverän.',
+        text_en: 'And the most important thing for data-sensitive companies: The platform runs on a BSI-certified cloud in Germany. No US SaaS in the entire source code. Communication via Jitsi and Matrix — completely sovereign.',
+        pause_after: 2000,
      },
      {
-        text_de: 'Das Ergebnis: Ein Kunde zahlt etwa 50.000 Euro im Jahr und spart 30.000 Euro für Pentests, 20.000 Euro für CE-Beurteilungen, kann Auditmanager entlasten und reagiert auf Kundenanfragen in Echtzeit.',
-        text_en: 'The result: A customer pays about EUR 50,000 per year and saves EUR 30,000 on pentests, EUR 20,000 on CE assessments, can relieve audit managers and responds to customer inquiries in real time.',
+        text_de: 'Das Ergebnis für den Kunden: Ab Tag eins spart er mehr als er zahlt. Ein kleine und mittlere Unternehmen mit 25 Mitarbeitern spart 55.000 Euro im Jahr — bei Kosten von nur 15.000 Euro. Das ist ein Return on Investment von 3,7x.',
+        text_en: 'The result for the customer: From day one they save more than they pay. An SME with 25 employees saves EUR 55,000 per year — at a cost of only EUR 15,000. That is a 3.7x ROI.',
+        pause_after: 1500,
+      },
+    ],
+    transition_hint_de: 'Schauen wir uns die regulatorische Landschaft genauer an.',
+    transition_hint_en: 'Let us look at the regulatory landscape more closely.',
+  },
+
+  // — usp (40s)
+  {
+    slideId: 'usp',
+    duration: 40,
+    paragraphs: [
+      {
+        text_de: 'Was macht uns wirklich einzigartig? Drei Dinge, die kein Wettbewerber kombiniert: Erstens — wir vereinen organisatorische Compliance, Produkt-Compliance und Code-Security auf einer einzigen Plattform. Kein Medienbruch, keine Insellösungen.',
+        text_en: 'What makes us truly unique? Three things no competitor combines: First — we unify organizational compliance, product compliance and code security on a single platform. No media breaks, no isolated solutions.',
+        pause_after: 2000,
+      },
+      {
+        text_de: 'Zweitens — 100 Prozent EU-Infrastruktur. Bundesamt für Sicherheit in der Informationstechnik-zertifiziert, kein US Software-as-a-Service im Stack. Drittens — KI-gestützte Automatisierung mit über 380 Regularien und 25.000 Controls. Nicht als Spielerei, sondern als leistungsfähige Engine, die Compliance-Arbeit automatisiert.',
+        text_en: 'Second — 100 percent EU infrastructure. BSI-certified, no US SaaS in the stack. Third — AI-powered automation with over 380 regulations and 25,000 controls. Not as a gimmick, but as a productive engine that handles compliance work every day.',
        pause_after: 1500,
      },
    ],
@@ -122,38 +142,38 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    duration: 35,
    paragraphs: [
      {
-        text_de: 'Diese Matrix zeigt, warum eine universelle Lösung nötig ist: Jede Branche hat eine einzigartige Kombination von Regularien. 110 Gesetze und Regularien über 10 Branchen — alle in unserem RAG-System indexiert.',
-        text_en: 'This matrix shows why a universal solution is needed: Each industry has a unique combination of regulations. 110 laws and regulations across 10 industries — all indexed in our RAG system.',
+        text_de: 'Diese Matrix zeigt, warum eine universelle Lösung nötig ist: Jede Branche hat eine einzigartige Kombination von Regularien. Über 380 Gesetze, Verordnungen und Normen über 10 Branchen — alle in unserem RAG-System indexiert und mit KI durchsuchbar.',
+        text_en: 'This matrix shows why a universal solution is needed: Each industry has a unique combination of regulations. Over 380 laws, ordinances and standards across 10 industries — all indexed in our RAG system and searchable with AI.',
        pause_after: 2000,
      },
      {
-        text_de: 'Über 25.000 Prüfaspekte bilden die Grundlage für automatisierte Compliance-Analyse und Risikobewertung. Daraus werden Pflichten pro Branche und Regulierung abgeleitet.',
-        text_en: 'Over 25,000 audit aspects form the foundation for automated compliance analysis and risk assessment. Obligations per industry and regulation are derived from these.',
+        text_de: 'Über 25.000 extrahierte Prüfaspekte bilden das Fundament für automatisierte Compliance-Analyse. Daraus leiten wir konkrete Pflichten pro Branche ab — kein Unternehmen muss mehr selbst recherchieren, was für sie gilt.',
+        text_en: 'Over 25,000 extracted audit aspects form the foundation for automated compliance analysis. From these we derive concrete obligations per industry — no company needs to research what applies to them anymore.',
        pause_after: 1500,
      },
    ],
-    transition_hint_de: 'Nun zu unseren Produkten.',
-    transition_hint_en: 'Now to our products.',
+    transition_hint_de: 'Nun zu unserem Produkt.',
+    transition_hint_en: 'Now to our product.',
  },

-  // — product (65s)
+  // 6 — product (65s)
  {
    slideId: 'product',
    duration: 65,
    paragraphs: [
      {
-        text_de: 'Unsere Plattform ist modular aufgebaut. 12 Module im Baukasten: Code Security, CE-Software-Risikobeurteilung, Compliance-Dokumente, Audit Manager, DSR, Consent, Notfallpläne, Cookie-Generator, LLM, Academy, Integration und sichere Kommunikation.',
-        text_en: 'Our platform is modular. 12 modules in the toolkit: code security, CE software risk assessment, compliance documents, audit manager, DSR, consent, incident response, cookie generator, LLM, academy, integration and secure communication.',
+        text_de: 'Unsere Plattform ist modular aufgebaut — wie ein Baukasten, den jedes Unternehmen nach Bedarf zusammenstellt. Code Security, C. E. Software-Risikobeurteilung, Compliance-Dokumente, Audit Manager, DSR, Consent, Notfallpläne, Cookie-Generator, Compliance LLM, Academy, Integration und sichere Kommunikation.',
+        text_en: 'Our platform is modular — like a toolkit that every company assembles as needed. Code security, CE software risk assessment, compliance documents, audit manager, DSR, consent, incident response, cookie generator, compliance LLM, academy, integration and secure communication.',
        pause_after: 2500,
      },
      {
-        text_de: 'Das Pricing ist mitarbeiterbasiert und am Markt validiert. Unternehmen mit über 250 Mitarbeitern zahlen etwa 25.000 bis 50.000 Euro im Jahr. Dafür sparen sie 50.000 Euro und mehr — für Pentests, CE-Beurteilungen und Auditmanager.',
-        text_en: 'Pricing is employee-based and market-validated. Companies with over 250 employees pay about EUR 25,000 to 50,000 per year. In return, they save EUR 50,000 or more — on pentests, CE assessments and audit managers.',
+        text_de: 'Das Pricing ist einfach und fair: mitarbeiterbasiert. Startups ab 3.600 Euro im Jahr. kleine und mittlere Unternehmen und Mittelstand von 15.000 bis 40.000 Euro. Enterprise ab 50.000 Euro. Und jeder Kunde spart ein Vielfaches davon.',
+        text_en: 'Pricing is simple and fair: employee-based. Startups from EUR 3,600 per year. SMEs and mid-market from EUR 15,000 to 40,000. Enterprise from EUR 50,000. And every customer saves multiples of that.',
        pause_after: 2500,
      },
      {
-        text_de: 'Die Plattform läuft standardmäßig in der Cloud — BSI-zertifiziert in Deutschland oder OVH in Frankreich. Für Kleinstunternehmen unter 10 Mitarbeitern bieten wir optional einen vorkonfigurierten Mac Mini für absolute Privacy.',
-        text_en: 'The platform runs by default in the cloud — BSI-certified in Germany or OVH in France. For micro businesses under 10 employees, we optionally offer a pre-configured Mac Mini for absolute privacy.',
+        text_de: 'Standardmässig läuft alles in unserer Bundesamt für Sicherheit in der Informationstechnik-zertifizierten Cloud. Für Kleinstunternehmen, die absolute Datensouveränität wollen, bieten wir optional einen vorkonfigurierten Mac Mini — das ist einzigartig am Markt.',
+        text_en: 'By default everything runs in our BSI-certified cloud. For micro businesses wanting absolute data sovereignty, we optionally offer a pre-configured Mac Mini — that is unique in the market.',
        pause_after: 2000,
      },
    ],
@@ -161,59 +181,59 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'How does this work in practice?',
  },

-  // 5 — how-it-works (50s)
+  // 7 — how-it-works (50s)
  {
    slideId: 'how-it-works',
    duration: 50,
    paragraphs: [
      {
-        text_de: 'Schritt eins: Cloud-Vertrag abschließen. BSI-Cloud in Deutschland oder OVH in Frankreich — fixe oder flexible Kosten, keine US-Anbieter.',
-        text_en: 'Step one: sign a cloud contract. BSI cloud in Germany or OVH in France — fixed or flexible costs, no US providers.',
+        text_de: 'In vier einfachen Schritten zur vollständigen Compliance. Schritt eins: Cloud-Vertrag abschliessen. Bundesamt für Sicherheit in der Informationstechnik-Cloud in Deutschland — fixe oder flexible Kosten, volle Transparenz.',
+        text_en: 'Complete compliance in four simple steps. Step one: sign a cloud contract. BSI cloud in Germany — fixed or flexible costs, full transparency.',
        pause_after: 1500,
      },
      {
-        text_de: 'Schritt zwei: Code-Repositories verbinden. Die KI scannt sofort auf Schwachstellen und Compliance-Lücken — bei jeder Änderung, nicht einmal im Jahr.',
-        text_en: 'Step two: connect code repositories. The AI immediately scans for vulnerabilities and compliance gaps — on every change, not once a year.',
+        text_de: 'Schritt zwei: Code-Repositories verbinden. Ab diesem Moment scannt die KI bei jeder Änderung auf Schwachstellen und Compliance-Lücken — nicht einmal im Jahr, sondern bei jedem einzelnen Commit.',
+        text_en: 'Step two: connect code repositories. From this moment the AI scans for vulnerabilities and compliance gaps on every change — not once a year, but on every single commit.',
        pause_after: 2000,
      },
      {
-        text_de: 'Schritt drei: Compliance und Security laufen automatisch. VVT, TOMs, DSFA, CE-Dokumentation werden kontinuierlich erstellt und aktualisiert.',
-        text_en: 'Step three: compliance and security run automatically. RoPA, TOMs, DPIA, CE documentation are continuously created and updated.',
+        text_de: 'Schritt drei: Compliance und Security laufen vollautomatisch. Alle Dokumente werden kontinuierlich erstellt und aktualisiert. Der Audit Manager bereitet alles vor — auf Knopfdruck.',
+        text_en: 'Step three: compliance and security run fully automatically. All documents are continuously created and updated. The audit manager prepares everything — at the push of a button.',
        pause_after: 2000,
      },
      {
-        text_de: 'Schritt vier: Audit vorbereiten. Alle Nachweise auf Knopfdruck. Nach dem Audit werden Abweichungen automatisch nachverfolgt — mit Stichtagen, Tickets und Eskalation an die Geschäftsführung.',
-        text_en: 'Step four: prepare for audit. All evidence at the push of a button. Post-audit, deviations are automatically tracked — with deadlines, tickets and escalation to management.',
+        text_de: 'Schritt vier: Nach dem Audit werden Abweichungen automatisch nachverfolgt. Mit Stichtagen, Tickets und Eskalation. Das spart nicht nur Geld — es spart Nerven.',
+        text_en: 'Step four: after the audit, deviations are automatically tracked. With deadlines, tickets and escalation. This saves not just money — it saves nerves.',
        pause_after: 1500,
      },
    ],
-    transition_hint_de: 'Jetzt zur Marktchance.',
-    transition_hint_en: 'Now to the market opportunity.',
+    transition_hint_de: 'Jetzt zur Marktchance — und die ist gigantisch.',
+    transition_hint_en: 'Now to the market opportunity — and it is massive.',
  },

-  // 6 — market (60s)
+  // 8 — market (60s)
  {
    slideId: 'market',
    duration: 60,
    paragraphs: [
      {
-        text_de: 'Der Markt für integrierte Compliance- und Code-Security-Plattformen ist enorm — und weitgehend unbesetzt.',
-        text_en: 'The market for integrated compliance and code security platforms is enormous — and largely unoccupied.',
+        text_de: 'Der Markt für integrierte Compliance- und Code-Security-Plattformen ist riesig — und weitgehend unbesetzt. Das ist eine einmalige Chance.',
+        text_en: 'The market for integrated compliance and code security platforms is enormous — and largely unoccupied. This is a once-in-a-generation opportunity.',
        pause_after: 1500,
      },
      {
-        text_de: 'Unser Total Addressable Market liegt bei 8,7 Milliarden Euro. Der globale RegTech-Markt wächst mit 23 Prozent pro Jahr, getrieben durch AI Act, CRA und verschärfte DSGVO-Durchsetzung.',
-        text_en: 'Our Total Addressable Market is EUR 8.7 billion. The global RegTech market grows at 23 percent per year, driven by the AI Act, CRA and stricter GDPR enforcement.',
+        text_de: 'Der Total Addressable Market liegt bei 8,7 Milliarden Euro. Der globale RegTech-Markt wächst mit 23 Prozent pro Jahr — getrieben durch AI Act, Cyber Resilience Act und verschärfte Datenschutz-Grundverordnung-Durchsetzung. Jedes neue Gesetz vergrößert unseren Markt.',
+        text_en: 'The Total Addressable Market is EUR 8.7 billion. The global RegTech market grows at 23 percent per year — driven by the AI Act, CRA and stricter GDPR enforcement. Every new law enlarges our market.',
        pause_after: 2000,
      },
      {
-        text_de: 'Der Serviceable Addressable Market in DACH: 1,2 Milliarden Euro. Unsere Zielgruppen: Maschinen- und Anlagenbauer, CE-Zertifizierer und alle produzierenden Unternehmen, die Elektronik und Software entwickeln.',
-        text_en: 'The Serviceable Addressable Market in DACH: EUR 1.2 billion. Our target groups: machine and plant manufacturers, CE certifiers and all manufacturing companies developing electronics and software.',
+        text_de: 'Unser Serviceable Addressable Market in DACH: 1,2 Milliarden Euro. Maschinen- und Anlagenbauer, C. E. Zertifizierer und alle produzierenden Unternehmen, die Software entwickeln.',
+        text_en: 'Our Serviceable Addressable Market in DACH: EUR 1.2 billion. Machine and plant manufacturers, CE certifiers and all manufacturing companies developing software.',
        pause_after: 2000,
      },
      {
-        text_de: 'Unser Serviceable Obtainable Market: 24 Millionen Euro. Über 1.200 Kunden bis 2030 — Maschinen- und Anlagenbauer, Automobilindustrie und Zulieferer, die genau unsere Kombination aus Code-Security und Compliance brauchen.',
-        text_en: 'Our Serviceable Obtainable Market: EUR 24 million. Over 1,200 customers by 2030 — machine manufacturers, automotive industry and suppliers who need exactly our combination of code security and compliance.',
+        text_de: 'Und das Schöne daran: Je mehr Regulierung kommt, desto grösser wird unser Markt. Wir profitieren von dem Problem, das wir lösen.',
+        text_en: 'And the beautiful thing: the more regulation comes, the larger our market grows. We profit from the problem we solve.',
        pause_after: 1500,
      },
    ],
@@ -221,24 +241,24 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'How do we make money?',
  },

-  // 7 — business-model (50s)
+  // 9 — business-model (50s)
  {
    slideId: 'business-model',
    duration: 50,
    paragraphs: [
      {
-        text_de: 'Unser Geschäftsmodell basiert auf einem einfachen Savings-Argument: Kunden zahlen 25.000 bis 50.000 Euro im Jahr — und sparen mehr als sie zahlen.',
-        text_en: 'Our business model is based on a simple savings argument: customers pay EUR 25,000 to 50,000 per year — and save more than they pay.',
+        text_de: 'Unser Geschäftsmodell hat einen eingebauten Überzeugungsmechanismus: Kunden sparen mehr als sie zahlen. Das ist kein Marketing-Versprechen — das sind nachrechenbare Zahlen.',
+        text_en: 'Our business model has a built-in convincing mechanism: customers save more than they pay. This is not a marketing promise — these are verifiable numbers.',
        pause_after: 2000,
      },
      {
-        text_de: '30.000 Euro für Pentests gespart, 20.000 Euro für CE-Software-Risikobeurteilungen gespart, einen Auditmanager entlastet oder gar nicht erst eingestellt. Dazu Strafvermeidung und Echtzeit-Reaktion auf Kundenanfragen zu Software-Sicherheit.',
-        text_en: 'EUR 30,000 saved on pentests, EUR 20,000 saved on CE software risk assessments, an audit manager relieved or never hired. Plus penalty avoidance and real-time response to customer inquiries about software security.',
+        text_de: 'Ein kleine und mittlere Unternehmen mit 25 Mitarbeitern spart 55.000 Euro im Jahr: 13.000 Euro für Pentests, 9.000 Euro für C. E. Risikobeurteilungen, 15.000 Euro durch produktivere Compliance-Arbeitszeit, 9.000 Euro bei der Audit-Vorbereitung. Das ergibt einen Return on Investment von 3,7x.',
+        text_en: 'An SME with 25 employees saves EUR 55,000 per year: EUR 13,000 on pentests, EUR 9,000 on CE risk assessments, EUR 15,000 through more productive compliance work time, EUR 9,000 on audit preparation. That is a 3.7x ROI.',
        pause_after: 2500,
      },
      {
-        text_de: 'Die Unit Economics: Bruttomarge über 80 Prozent. Cloud-native auf SysEleven, OVH und Hetzner — deutlich günstiger als AWS oder Azure. Mitarbeiterbasiertes Pricing, modular wählbar.',
-        text_en: 'The unit economics: gross margin above 80 percent. Cloud-native on SysEleven, OVH and Hetzner — significantly cheaper than AWS or Azure. Employee-based pricing, modular choice.',
+        text_de: 'Die Unit Economics sind überzeugend: Bruttomarge über 80 Prozent dank Cloud-nativer Architektur auf europäischen Providern. SysEleven und Hetzner kosten einen Bruchteil von AWS — und die Daten bleiben in der EU.',
+        text_en: 'The unit economics are compelling: gross margin above 80 percent thanks to cloud-native architecture on European providers. SysEleven and Hetzner cost a fraction of AWS — and the data stays in the EU.',
        pause_after: 1500,
      },
    ],
@@ -246,29 +266,29 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'What have we achieved so far?',
  },

-  // 8 — traction (50s)
+  // 10 — traction (50s)
  {
    slideId: 'traction',
    duration: 50,
    paragraphs: [
      {
-        text_de: 'Unsere bisherige Traction — und das als Bootstrapped-Startup.',
-        text_en: 'Our traction so far — and all of this as a bootstrapped startup.',
+        text_de: 'Und jetzt wird es spannend: Was wir bisher geschafft haben — komplett bootstrapped, ohne einen Cent externes Kapital.',
+        text_en: 'And now it gets exciting: what we have achieved so far — completely bootstrapped, without a single cent of external capital.',
        pause_after: 1500,
      },
      {
-        text_de: '500.000 Zeilen Code. 45 Container in Produktion. Über 65 Compliance-Module implementiert. 25.000+ Originaldokumente in der RAG-Datenbank. Die komplette Plattform ist funktionsfähig und deployed.',
-        text_en: '500,000 lines of code. 45 containers in production. Over 65 compliance modules implemented. 25.000+ original documents in the RAG database. The complete platform is functional and deployed.',
+        text_de: 'Über 500.000 Zeilen Code. 45 Container im Einsatz. 65 Compliance-Module implementiert. Über 380 Regularien in der RAG-Datenbank indexiert mit über 25.000 extrahierten Controls. Die Plattform befindet sich aktuell im Prototyp-Stadium und wird mit freiwilligen Testkunden validiert.',
+        text_en: 'Over 500,000 lines of code. 45 containers deployed. 65 compliance modules implemented. Over 380 regulations indexed in the RAG database with over 25,000 extracted controls. The platform is currently in prototype stage and being validated with voluntary test customers.',
        pause_after: 2000,
      },
      {
-        text_de: 'Wir entlasten Kunden konkret in: Audit Management, Evidence Management, automatischem Pentesting, automatischer SBOM-Generierung, vollständigen DSGVO-Prozessen und Schulungsprogrammen.',
-        text_en: 'We concretely relieve customers in: audit management, evidence management, automated pentesting, automatic SBOM generation, complete GDPR processes and training programs.',
+        text_de: 'Audit Management, Evidence Management, automatisiertes Pentesting, Software Bill of Materials-Generierung, vollständige Datenschutz-Grundverordnung-Prozesse, Schulungsprogramme — alles gebaut, alles läuft.',
+        text_en: 'Audit management, evidence management, automated pentesting, SBOM generation, complete GDPR processes, training programs — all built, all running.',
        pause_after: 2000,
      },
      {
-        text_de: 'Die Plattform ist bereit für die ersten zahlenden Kunden.',
-        text_en: 'The platform is ready for its first paying customers.',
+        text_de: 'Der Prototyp läuft, die Testkunden geben uns wertvolles Feedback. Ab August 2026 gehen wir mit der Gründung in den produktiven Betrieb. Was uns jetzt fehlt, ist nicht Technologie — sondern Go-to-Market-Kapital.',
+        text_en: 'The prototype is running, test customers are giving us valuable feedback. From August 2026 we go live with the company founding. What we lack now is not technology — but go-to-market capital.',
        pause_after: 1000,
      },
    ],
@@ -276,49 +296,49 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'How do we compare to the competition?',
  },

-  // 9 — competition (60s)
+  // 11 — competition (60s)
  {
    slideId: 'competition',
    duration: 60,
    paragraphs: [
      {
-        text_de: 'Kein Wettbewerber kombiniert organisatorische Compliance mit Produkt- und Code-Compliance auf einer Plattform.',
-        text_en: 'No competitor combines organizational compliance with product and code compliance on a single platform.',
+        text_de: 'Hier wird es richtig interessant: Kein einziger Wettbewerber kombiniert organisatorische Compliance mit Produkt- und Code-Compliance auf einer Plattform. Wir stehen allein.',
+        text_en: 'Here it gets really interesting: not a single competitor combines organizational compliance with product and code compliance on a single platform. We stand alone.',
        pause_after: 2000,
      },
      {
-        text_de: 'Proliance, DataGuard und heyData bieten DSGVO-Compliance — aber keiner scannt Code, keiner macht Penetrationstests, keiner generiert SBOMs, keiner bietet CE-Risikoanalysen.',
-        text_en: 'Proliance, DataGuard and heyData offer GDPR compliance — but none scan code, none run penetration tests, none generate SBOMs, none offer CE risk assessments.',
+        text_de: 'Proliance, DataGuard und heyData — alle machen Datenschutz-Grundverordnung. Aber keiner scannt Code, keiner macht Pentests, keiner generiert Software Bill of Materialss, keiner bietet CE-Risikoanalysen. Das ist wie ein Autohaus, das nur die Karosserie verkauft, aber keinen Motor einbaut.',
+        text_en: 'Proliance, DataGuard and heyData — all do GDPR. But none scan code, none run pentests, none generate SBOMs, none offer CE risk assessments. It is like a car dealership selling only the body but installing no engine.',
        pause_after: 2500,
      },
      {
-        text_de: 'Vanta und Drata kommen aus den USA mit SOC2-Fokus. Sie nutzen amerikanische Cloud-Provider, verstehen weder CRA noch die spezifischen Anforderungen des europäischen Maschinenbaus — und ihre Daten liegen außerhalb der EU.',
-        text_en: 'Vanta and Drata come from the US with a SOC2 focus. They use American cloud providers, understand neither CRA nor the specific requirements of European machine manufacturing — and their data resides outside the EU.',
+        text_de: 'Vanta und Drata? Kommen aus den USA mit SOC2-Fokus. Sie verstehen weder den Cyber Resilience Act noch die Maschinenverordnung — und ihre Daten liegen ausserhalb der EU. Für den europäischen Maschinenbau sind sie schlicht keine Option.',
+        text_en: 'Vanta and Drata? They come from the US with a SOC2 focus. They understand neither the CRA nor the Machinery Regulation — and their data resides outside the EU. For European machine manufacturing they are simply not an option.',
        pause_after: 2500,
      },
      {
-        text_de: 'Unser entscheidender Vorteil: Nicht nur organisatorische Compliance, sondern auch Produkt- und Code-Compliance. Reine EU-Hosting-Infrastruktur. Volle Integration von Compliance über Code bis Prozesse.',
-        text_en: 'Our decisive advantage: Not just organizational compliance, but also product and code compliance. Pure EU hosting infrastructure. Full integration from compliance to code to processes.',
+        text_de: 'Unser Wettbewerbsvorteil ist nicht kopierbar: die Kombination aus EU-Hosting, Code-Security und Industriecompliance auf einer Plattform. Dafür braucht man Jahre Aufbauarbeit — und genau die haben wir bereits investiert.',
+        text_en: 'Our competitive advantage cannot be copied: the combination of EU hosting, code security and industrial compliance on a single platform. That requires years of groundwork — and that is exactly what we have already invested.',
        pause_after: 1500,
      },
    ],
-    transition_hint_de: 'Lernen Sie unser Team kennen.',
-    transition_hint_en: 'Meet our team.',
+    transition_hint_de: 'Lernen Sie die Menschen hinter BreakPilot kennen.',
+    transition_hint_en: 'Meet the people behind BreakPilot.',
  },

-  // 10 — team (30s)
+  // 12 — team (30s)
  {
    slideId: 'team',
    duration: 30,
    paragraphs: [
      {
-        text_de: 'Unser Gründerteam vereint tiefe Domain-Expertise in Compliance, Software-Architektur und KI-Infrastruktur.',
-        text_en: 'Our founding team combines deep domain expertise in compliance, software architecture and AI infrastructure.',
+        text_de: 'Unser Gründerteam vereint tiefe Domain-Expertise in Compliance, Software-Architektur und KI-Infrastruktur. Wir haben nicht nur die Vision — wir haben die Plattform gebaut.',
+        text_en: 'Our founding team combines deep domain expertise in compliance, software architecture and AI infrastructure. We do not just have the vision — we built the platform.',
        pause_after: 2000,
      },
      {
-        text_de: '500.000 Zeilen Code — von uns geschrieben. Wir kennen jeden Aspekt der Plattform und die Schmerzen der Branche aus erster Hand.',
-        text_en: '500,000 lines of code — written by us. We know every aspect of the platform and the pain points of the industry firsthand.',
+        text_de: 'Über 500.000 Zeilen Code — von uns persönlich geschrieben. Wir kennen jeden Aspekt der Plattform und die Schmerzen der Branche aus erster Hand. Das ist kein Pitch aus dem Elfenbeinturm — das ist gelebte Erfahrung.',
+        text_en: 'Over 500,000 lines of code — written by us personally. We know every aspect of the platform and the pain points of the industry firsthand. This is not a pitch from an ivory tower — this is lived experience.',
        pause_after: 1500,
      },
    ],
@@ -326,49 +346,49 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'Let us look at the financial projections.',
  },

-  // 11 — financials (45s)
+  // 13 — financials (45s)
  {
    slideId: 'financials',
    duration: 45,
    paragraphs: [
      {
-        text_de: 'Unsere Finanzprognose basiert auf einer AI-First Kostenstruktur. 10x Kunden bedeutet nicht 10x Personal — die KI-Agenten skalieren mit.',
-        text_en: 'Our financial projection is based on an AI-first cost structure. 10x customers does not mean 10x headcount — the AI agents scale with us.',
+        text_de: 'Unsere Finanzprognose basiert auf einem entscheidenden Vorteil: einer AI-First Kostenstruktur. Zehnmal so viele Kunden bedeutet nicht zehnmal so viel Personal — unsere KI-Agenten skalieren mit. Das macht uns fundamental anders als traditionelle Beratungshäuser.',
+        text_en: 'Our financial projection is based on a decisive advantage: an AI-first cost structure. Ten times the customers does not mean ten times the headcount — our AI agents scale with us. That makes us fundamentally different from traditional consulting firms.',
        pause_after: 2000,
      },
      {
-        text_de: 'Von 36.000 Euro Umsatz in 2026 auf 8,4 Millionen Euro in 2030. Das Team wächst dabei nur von 2 auf 18 Personen. 380 Kunden bei 5,5 Millionen Euro ARR.',
-        text_en: 'From EUR 36,000 revenue in 2026 to EUR 8.4 million in 2030. The team grows from just 2 to 18 people. 380 customers at EUR 5.5 million ARR.',
+        text_de: 'Die Zahlen zeigen organisches, nachhaltiges Wachstum. Infrastrukturkosten bleiben niedrig dank europäischer Provider — SysEleven und Hetzner kosten einen Bruchteil von AWS. Und der Break-Even kommt schneller als bei vergleichbaren Software-as-a-Service-Unternehmen.',
+        text_en: 'The numbers show organic, sustainable growth. Infrastructure costs remain low thanks to European providers — SysEleven and Hetzner cost a fraction of AWS. And break-even comes faster than comparable SaaS companies.',
        pause_after: 2000,
      },
      {
-        text_de: 'Infrastrukturkosten bleiben niedrig dank europäischer Provider. SysEleven, OVH und Hetzner kosten einen Bruchteil von AWS. Break-Even erreichen wir voraussichtlich Ende 2028.',
-        text_en: 'Infrastructure costs remain low thanks to European providers. SysEleven, OVH and Hetzner cost a fraction of AWS. We expect to reach break-even by end of 2028.',
-        pause_after: 2000,
+        text_de: 'Alle Zahlen, die Sie hier sehen, kommen direkt aus unserem detaillierten Finanzplan — nichts ist erfunden, alles ist berechenbar und nachvollziehbar.',
+        text_en: 'All numbers you see here come directly from our detailed financial plan — nothing is invented, everything is calculable and traceable.',
+        pause_after: 1500,
      },
    ],
    transition_hint_de: 'Und damit kommen wir zum Ask.',
    transition_hint_en: 'And that brings us to the ask.',
  },

-  // 12 — the-ask (45s)
+  // 14 — the-ask (45s)
  {
    slideId: 'the-ask',
    duration: 45,
    paragraphs: [
      {
-        text_de: 'Wir suchen eine Pre-Seed Finanzierung für den Go-to-Market.',
-        text_en: 'We are seeking pre-seed funding for go-to-market.',
+        text_de: 'Wir suchen eine Pre-Seed-Finanzierung über ein Wandeldarlehen — und das aus gutem Grund: Dieses Instrument gibt beiden Seiten maximale Flexibilität.',
+        text_en: 'We are seeking pre-seed funding via a convertible loan — and for good reason: this instrument gives both sides maximum flexibility.',
        pause_after: 1500,
      },
      {
-        text_de: 'Das Investment fließt in vier Bereiche: Engineering für die Enterprise-Features und Skalierung der Cloud-Infrastruktur. Vertrieb für die ersten Pilotkunden im Maschinen- und Anlagenbau. Hardware-Bestand für das Kleinunternehmen-Segment. Und eine Reserve für regulatorische Anforderungen.',
-        text_en: 'The investment flows into four areas: Engineering for enterprise features and cloud infrastructure scaling. Sales for the first pilot customers in machine and plant manufacturing. Hardware inventory for the small business segment. And a reserve for regulatory requirements.',
+        text_de: 'Das Investment fliesst in vier Bereiche: Vertrieb und Marketing für die ersten Pilotkunden. Engineering für Enterprise-Features. Service und Kunden-Workshops. Und eine kluge Reserve für regulatorische Anforderungen.',
+        text_en: 'The investment flows into four areas: Sales and marketing for the first pilot customers. Engineering for enterprise features. Service and customer workshops. And a smart reserve for regulatory requirements.',
        pause_after: 2500,
      },
      {
-        text_de: 'Mit diesem Kapital erreichen wir die ersten 20 zahlenden Kunden und beweisen Product-Market-Fit — bei Maschinen- und Anlagenbauern, CE-Zertifizierern und produzierenden Unternehmen.',
-        text_en: 'With this capital we reach our first 20 paying customers and prove product-market fit — with machine and plant manufacturers, CE certifiers and manufacturing companies.',
+        text_de: 'Besonders attraktiv für Sie als Investor: Über das BAFA INVEST-Programm erhalten Sie bis zu 15 Prozent Ihres Investments als steuerfreien Zuschuss zurück — plus 25 Prozent Exit-Zuschuss auf Ihre Gewinne. Und die staatliche Co-Finanzierung durch die L-Bank Pre-Seed reduziert Ihr Risiko erheblich.',
+        text_en: 'Particularly attractive for you as an investor: Through the BAFA INVEST program you receive up to 15 percent of your investment back as a tax-free grant — plus 25 percent exit grant on your gains. And government co-financing through L-Bank Pre-Seed significantly reduces your risk.',
        pause_after: 1500,
      },
    ],
@@ -376,19 +396,59 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'Have questions? Our AI agent is ready.',
  },

-  // 13 — ai-qa (30s)
+  // — cap-table (35s)
+  {
+    slideId: 'cap-table',
+    duration: 35,
+    paragraphs: [
+      {
+        text_de: 'Hier sehen Sie die geplante Anteilsstruktur. Wir haben bewusst einen ESOP-Pool für Schlüsselmitarbeiter eingeplant — denn in der Frühphase gewinnt man die besten Köpfe nicht über Gehalt, sondern über Beteiligung.',
+        text_en: 'Here you see the planned equity structure. We deliberately planned an ESOP pool for key employees — because in the early phase you attract the best talent not through salary, but through equity.',
+        pause_after: 2000,
+      },
+      {
+        text_de: 'Die Bewertung ist konservativ angesetzt. Wir wollen Investoren einen fairen Einstieg bieten — mit entsprechendem Upside-Potenzial bei Wachstum.',
+        text_en: 'The valuation is conservatively set. We want to offer investors a fair entry — with corresponding upside potential as we grow.',
+        pause_after: 1500,
+      },
+    ],
+    transition_hint_de: 'Schauen wir uns die Kundenersparnis im Detail an.',
+    transition_hint_en: 'Let us look at customer savings in detail.',
+  },
+
+  // — customer-savings (45s)
+  {
+    slideId: 'customer-savings',
+    duration: 45,
+    paragraphs: [
+      {
+        text_de: 'Diese Folie ist entscheidend: Hier sehen Sie Zeile für Zeile, was Kunden heute ohne uns bezahlen — und was sie mit BreakPilot sparen. Jede Anwendung braucht einen eigenen Pentest. Jedes Produkt eine eigene CE-Beurteilung. Diese Kosten skalieren linear — unsere Plattform nicht.',
+        text_en: 'This slide is crucial: Here you see line by line what customers pay today without us — and what they save with BreakPilot. Each application needs its own pentest. Each product its own CE assessment. These costs scale linearly — our platform does not.',
+        pause_after: 2500,
+      },
+      {
+        text_de: 'Ein kleine und mittlere Unternehmen spart 55.000 Euro pro Jahr bei 15.000 Euro Kosten. Ein mittelständischer Betrieb spart 193.000 Euro. Und ein Konzern sogar 780.000 Euro. Das sind keine Schätzungen — das sind nachrechenbare Positionen.',
+        text_en: 'An SME saves EUR 55,000 per year at EUR 15,000 cost. A mid-sized company saves EUR 193,000. And an enterprise even EUR 780,000. These are not estimates — these are verifiable line items.',
+        pause_after: 2000,
+      },
+    ],
+    transition_hint_de: 'Jetzt können Sie uns Ihre Fragen stellen.',
+    transition_hint_en: 'Now you can ask us your questions.',
+  },
+
+  // — ai-qa (30s)
  {
    slideId: 'ai-qa',
    duration: 30,
    paragraphs: [
      {
-        text_de: 'Auf dieser Slide können Sie direkt mit unserem KI-Agent interagieren. Stellen Sie Ihre Investorenfragen — der Agent antwortet mit Echtdaten aus unserer Plattform.',
-        text_en: 'On this slide you can interact directly with our AI agent. Ask your investor questions — the agent responds with real data from our platform.',
+        text_de: 'Jetzt können Sie uns löchern! Auf dieser Folie interagieren Sie direkt mit unserem KI-Agenten. Fragen Sie alles, was Sie als Investor wissen müssen — der Agent antwortet mit Echtdaten aus unserer Plattform.',
+        text_en: 'Now you can grill us! On this slide you interact directly with our AI agent. Ask everything you need to know as an investor — the agent responds with real data from our platform.',
        pause_after: 2000,
      },
      {
-        text_de: 'Nutzen Sie den Chat rechts unten oder die vorgeschlagenen Fragen.',
-        text_en: 'Use the chat in the bottom right or the suggested questions.',
+        text_de: 'Nutzen Sie den Chat rechts unten oder klicken Sie auf eine der vorgeschlagenen Fragen. Der Agent kennt unsere Zahlen, unsere Strategie und unsere Technologie im Detail.',
+        text_en: 'Use the chat in the bottom right or click on one of the suggested questions. The agent knows our numbers, our strategy and our technology in detail.',
        pause_after: 1500,
      },
    ],
@@ -396,131 +456,192 @@ export const PRESENTER_SCRIPT: SlideScript[] = [
    transition_hint_en: 'You will find further details in the appendix.',
  },

-  // 14 — annex-assumptions (35s)
+  // 16 — annex-assumptions (35s)
  {
    slideId: 'annex-assumptions',
    duration: 35,
    paragraphs: [
      {
-        text_de: 'Im Anhang: Unsere Annahmen und Sensitivitätsanalyse. Drei Szenarien — konservativ, base case und optimistisch — für robuste Planung.',
-        text_en: 'In the appendix: Our assumptions and sensitivity analysis. Three scenarios — conservative, base case and optimistic — for robust planning.',
+        text_de: 'Im Anhang: Unsere Annahmen und Sensitivitätsanalyse. Drei Szenarien — konservativ, Basisplan und optimistisch — für robuste Planung. Alle Werte werden aus dem Finanzplan berechnet.',
+        text_en: 'In the appendix: Our assumptions and sensitivity analysis. Three scenarios — conservative, base plan and optimistic — for robust planning. All valüs are computed from the financial plan.',
        pause_after: 2000,
      },
      {
-        text_de: 'Alle Finanzprognosen basieren auf validierten Marktdaten und berücksichtigen die Kostenvorteile europäischer Cloud-Infrastruktur gegenüber US-Anbietern.',
-        text_en: 'All financial projections are based on validated market data and account for the cost advantages of European cloud infrastructure over US providers.',
+        text_de: 'Alle Prognosen basieren auf validierten Marktdaten. Die Kostenvorteile europäischer Cloud-Infrastruktur gegenüber US-Anbietern sind dabei bereits eingepreist.',
+        text_en: 'All projections are based on validated market data. The cost advantages of European cloud infrastructure over US providers are already factored in.',
        pause_after: 1500,
      },
    ],
  },

-  // 15 — annex-architecture (40s)
+  // 17 — annex-architecture (40s)
  {
    slideId: 'annex-architecture',
    duration: 40,
    paragraphs: [
      {
-        text_de: 'Die technische Architektur: Cloud-SDK-Plattform mit BSI-zertifizierter Infrastruktur in Deutschland und Frankreich. 1000-Milliarden-Parameter LLM, isolierte Kunden-Namespaces, kein Datentransfer außerhalb der EU.',
-        text_en: 'The technical architecture: Cloud SDK platform with BSI-certified infrastructure in Germany and France. 1000-billion-parameter LLM, isolated customer namespaces, no data transfer outside the EU.',
+        text_de: 'Die technische Architektur: Cloud-SDK-Plattform mit Bundesamt für Sicherheit in der Informationstechnik-zertifizierter Infrastruktur in Deutschland. Isolierte Kunden-Namespaces, kein Datentransfer ausserhalb der EU. Die Architektur ist Enterprise-ready und horizontal skalierbar.',
+        text_en: 'The technical architecture: Cloud SDK platform with BSI-certified infrastructure in Germany. Isolated customer namespaces, no data transfer outside the EU. The architecture is enterprise-ready and horizontally scalable.',
        pause_after: 2000,
      },
      {
-        text_de: 'Für Kleinunternehmen ergänzend: lokale Hardware mit kleineren LLMs für Dokumentenverarbeitung und Prozessautomatisierung. BreakPilot hat nur Wartungszugriff — keine Einsicht in Kundendaten.',
-        text_en: 'For small companies additionally: local hardware with smaller LLMs for document processing and process automation. BreakPilot only has maintenance access — no visibility into customer data.',
+        text_de: 'Für Kleinunternehmen ergänzend: lokale Hardware mit optimierten LLMs für Dokumentenverarbeitung. BreakPilot hat nur Wartungszugriff — keine Einsicht in Kundendaten. Absolute Datensouveränität.',
+        text_en: 'For small companies additionally: local hardware with optimized LLMs for document processing. BreakPilot only has maintenance access — no visibility into customer data. Absolute data sovereignty.',
        pause_after: 1500,
      },
    ],
  },

-  // 16 — annex-gtm (40s)
+  // 18 — annex-gtm (40s)
  {
    slideId: 'annex-gtm',
    duration: 40,
    paragraphs: [
      {
-        text_de: 'Unsere Go-to-Market Strategie: Drei Zielgruppen — Maschinen- und Anlagenbauer, CE-Zertifizierer und alle produzierenden Unternehmen, die Elektronik und Software entwickeln.',
-        text_en: 'Our go-to-market strategy: Three target groups — machine and plant manufacturers, CE certifiers and all manufacturing companies developing electronics and software.',
+        text_de: 'Unsere Go-to-Market Strategie ist präzise und kosteneffizient: Drei Zielgruppen — Maschinen- und Anlagenbauer, C. E. Zertifizierer und produzierende Unternehmen mit Software-Anteil.',
+        text_en: 'Our go-to-market strategy is precise and cost-efficient: Three target groups — machine and plant manufacturers, CE certifiers and manufacturing companies with a software component.',
        pause_after: 2000,
      },
      {
-        text_de: 'Wir starten mit VDMA-Mitgliedern, skalieren über Partnerschaften mit Systemhäusern und erschließen dann den breiteren produzierenden Mittelstand.',
-        text_en: 'We start with VDMA members, scale through partnerships with system integrators and then tap into the broader manufacturing mid-market.',
+        text_de: 'Wir starten mit VDMA-Mitgliedern, skalieren über Channel-Partnerschaften mit Systemhäusern wie Bechtle und CANCOM und erschliessen dann den breiteren produzierenden Mittelstand. Land and Expand — ein typischer Einstieg führt zu drei bis fünf weiteren Modulen innerhalb von 12 Monaten.',
+        text_en: 'We start with VDMA members, scale through channel partnerships with system integrators like Bechtle and CANCOM and then tap into the broader manufacturing mid-market. Land and expand — a typical entry leads to three to five additional modules within 12 months.',
        pause_after: 1500,
      },
    ],
  },

-  // 17 — annex-regulatory (40s)
+  // 19 — annex-regulatory (40s)
  {
    slideId: 'annex-regulatory',
    duration: 40,
    paragraphs: [
      {
-        text_de: 'Die EU-Regulierungslandschaft für produzierende Unternehmen: DSGVO, AI Act, Cyber Resilience Act, NIS2 und CE-Kennzeichnung. Alle Regularien zusammen erzeugen massiven Compliance-Druck.',
-        text_en: 'The EU regulatory landscape for manufacturing companies: GDPR, AI Act, Cyber Resilience Act, NIS2 and CE certification. All regulations together create massive compliance pressure.',
+        text_de: 'Die EU-Regulierungslandschaft für produzierende Unternehmen wird immer komplexer: Datenschutz-Grundverordnung, AI Act, Cyber Resilience Act, NIS 2 Richtlinie und C. E. Kennzeichnung. Jedes einzelne Gesetz erzeugt enormen Compliance-Druck — zusammen sind sie für kleine und mittlere Unternehmen kaum noch beherrschbar.',
+        text_en: 'The EU regulatory landscape for manufacturing companies is becoming increasingly complex: GDPR, AI Act, CRA, NIS2 and CE certification. Each law creates enormous compliance pressure — together they are almost unmanageable for SMEs.',
        pause_after: 2000,
      },
      {
-        text_de: 'Unsere RAG-Datenbank enthält 25.000+ Originaldokumente und über 25.000 extrahierte Controls. Die KI kennt jede Verordnung, jede Richtlinie, jedes Gesetz — und kann auf jede Compliance-Frage sofort antworten.',
-        text_en: 'Our RAG database contains 25.000+ original documents and over 25,000 extracted controls. The AI knows every regulation, every directive, every law — and can answer every compliance question immediately.',
+        text_de: 'Unsere RAG-Datenbank enthält über 380 vollständig indexierte Regularien und Normen mit über 25.000 extrahierten Controls. Die KI kann auf jede Compliance-Frage sofort antworten — präzise und mit Quellenangabe.',
+        text_en: 'Our RAG database contains over 380 fully indexed regulations and standards with over 25,000 extracted controls. The AI can answer every compliance question immediately — precisely and with source reference.',
        pause_after: 1500,
      },
    ],
  },

-  // 18 — annex-engineering (40s)
+  // 20 — annex-engineering (40s)
  {
    slideId: 'annex-engineering',
    duration: 40,
    paragraphs: [
      {
-        text_de: 'Engineering Deep Dive: 481.000 Zeilen Code, 10 Container, 48 Compliance-Module. Tech-Stack: Go, Python, TypeScript mit Next.js. CI/CD über Gitea Actions, automatisches Deploy via Coolify auf Hetzner.',
-        text_en: 'Engineering deep dive: 481,000 lines of code, 10 containers, 48 compliance modules. Tech stack: Go, Python, TypeScript with Next.js. CI/CD via Gitea Actions, automatic deploy via Coolify on Hetzner.',
+        text_de: 'Engineering Deep Dive: Über 500.000 Zeilen Code, 45 Container, 65 Compliance-Module. Tech-Stack: Go, Python, TypeScript mit Next.js. CI/CD über Gitea Actions mit automatischem Deploy via Coolify auf Hetzner.',
+        text_en: 'Engineering deep dive: Over 500,000 lines of code, 45 containers, 65 compliance modules. Tech stack: Go, Python, TypeScript with Next.js. CI/CD via Gitea Actions with automatic deploy via Coolify on Hetzner.',
        pause_after: 2000,
      },
      {
-        text_de: 'Infrastruktur: 100 Prozent EU-Cloud. PostgreSQL und Qdrant auf Hetzner, 120-Milliarden-Parameter-LLM auf OVH, 1000-Milliarden-Parameter-LLM auf SysEleven — BSI-zertifiziert. Keine US-Anbieter.',
-        text_en: 'Infrastructure: 100 percent EU cloud. PostgreSQL and Qdrant on Hetzner, 120 billion parameter LLM on OVH, 1 trillion parameter LLM on SysEleven — BSI certified. No US providers.',
+        text_de: '100 Prozent EU-Cloud. PostgreSQL und Qdrant auf Hetzner, LLMs auf SysEleven — Bundesamt für Sicherheit in der Informationstechnik-zertifiziert. Kein einziger US-Anbieter im gesamten Stack. Das ist nicht nur ein Feature — das ist unser Versprechen.',
+        text_en: '100 percent EU cloud. PostgreSQL and Qdrant on Hetzner, LLMs on SysEleven — BSI certified. Not a single US provider in the entire stack. That is not just a feature — that is our promise.',
        pause_after: 1500,
      },
    ],
  },

-  // 19 — annex-aipipeline (40s)
+  // 21 — annex-aipipeline (40s)
  {
    slideId: 'annex-aipipeline',
    duration: 40,
    paragraphs: [
      {
-        text_de: 'Die KI-Pipeline: 38 Verordnungen indexiert, 6.259 Controls extrahiert, 325 Pflichten aus 9 Regulierungen abgeleitet. RAG mit 6 Qdrant-Collections, BGE-M3 Embeddings, Hybrid Search mit Cross-Encoder Re-Ranking.',
-        text_en: 'The AI pipeline: 38 regulations indexed, 6,259 controls extracted, 325 obligations derived from 9 regulations. RAG with 6 Qdrant collections, BGE-M3 embeddings, hybrid search with cross-encoder re-ranking.',
+        text_de: 'Die KI-Pipeline im Detail: Über 380 Regularien indexiert, über 25.000 Controls extrahiert. RAG mit sechs Qdrant-Collections, BGE-M3 Embeddings und Hybrid Search mit Cross-Encoder Re-Ranking — das ist State of the Art.',
+        text_en: 'The AI pipeline in detail: Over 380 regulations indexed, over 25,000 controls extracted. RAG with six Qdrant collections, BGE-M3 embeddings and hybrid search with cross-encoder re-ranking — that is state of the art.',
        pause_after: 2500,
      },
      {
-        text_de: 'Kernprinzip: Das LLM ist nicht die Wahrheitsquelle. Wahrheit gleich Regeln plus Evidenz. Das LLM ist Übersetzer und Subsumtions-Helfer. Deterministische Policy Engine mit 45 Regeln und Eskalationsstufen E0 bis E3.',
-        text_en: 'Core principle: The LLM is not the source of truth. Truth equals rules plus evidence. The LLM is translator and subsumption helper. Deterministic policy engine with 45 rules and escalation levels E0 to E3.',
+        text_de: 'Und hier liegt unser Kernprinzip: Das LLM ist nicht die Wahrheitsquelle. Wahrheit entsteht aus Regeln plus Evidenz. Das LLM ist Übersetzer und Subsumtionshelfer. Eine deterministische Policy Engine mit 45 Regeln sorgt dafür, dass kein Compliance-Fehler durchrutscht.',
+        text_en: 'And here lies our core principle: The LLM is not the source of truth. Truth comes from rules plus evidence. The LLM is translator and subsumption helper. A deterministic policy engine with 45 rules ensures no compliance error slips through.',
        pause_after: 2000,
      },
    ],
  },

-  // 20 — annex-sdk-demo (45s)
+  // 22 — annex-sdk-demo (45s)
  {
    slideId: 'annex-sdk-demo',
    duration: 45,
    paragraphs: [
      {
-        text_de: 'Zum Abschluss: Echte Screenshots aus unserem Compliance SDK. Sie sehen hier das Projekt der Müller Maschinenbau GmbH — ein typischer mittelständischer Maschinenbauer mit KI-Projekten.',
-        text_en: 'To conclude: Real screenshots from our Compliance SDK. You can see the project of Müller Maschinenbau GmbH — a typical mid-sized machine builder with AI projects.',
+        text_de: 'Zum Abschluss zeige ich Ihnen echte Screenshots aus unserem Compliance SDK im Einsatz. Sie sehen hier das Projekt der Müller Maschinenbau GmbH — ein typischer mittelständischer Maschinenbauer mit KI-Projekten.',
+        text_en: 'To conclude I will show you real screenshots from our Compliance SDK in action. You can see the project of Müller Maschinenbau GmbH — a typical mid-sized machine builder with AI projects.',
        pause_after: 2500,
      },
      {
-        text_de: 'Von der Risikomatrix über das Verarbeitungsverzeichnis bis zum Dokumenten-Generator — alle Module arbeiten zusammen. Das ist keine Mockup-Präsentation, sondern eine produktive Plattform.',
-        text_en: 'From the risk matrix to the processing register to the document generator — all modules work together. This is not a mockup presentation, but a productive platform.',
+        text_de: 'Von der Risikomatrix über das Verarbeitungsverzeichnis bis zum Dokumenten-Generator — alle Module arbeiten nahtlos zusammen. Das ist kein Mockup — das ist ein funktionierender Prototyp, der aktuell mit Testkunden validiert wird. Ab der Gründung im August 2026 gehen wir in den produktiven Betrieb.',
+        text_en: 'From the risk matrix to the processing register to the document generator — all modules work seamlessly together. This is not a mockup — this is a working prototype currently being validated with test customers. From the founding in August 2026 we go into production.',
        pause_after: 2000,
      },
    ],
  },
+  // — annex-strategy (35s)
+  {
+    slideId: 'annex-strategy',
+    duration: 35,
+    paragraphs: [
+      {
+        text_de: 'Unsere Wachstumsstrategie basiert auf zwei Channel-Partnern: CANCOM Cloud Marketplace für schnellen Einstieg und Bechtle für nationale Reichweite. Channel-Vertrieb skaliert exponentiell — weil die Partner ihre eigenen Teams auf unser Produkt schulen.',
+        text_en: 'Our growth strategy is based on two channel partners: CANCOM Cloud Marketplace for fast entry and Bechtle for national reach. Channel sales scales exponentially — because partners train their own teams on our product.',
+        pause_after: 2000,
+      },
+      {
+        text_de: 'Deshalb stellen wir den Channel Manager vor dem ersten Direktvertriebler ein. Ein einziger Bechtle-Deal bringt zehn bis fünfzig Endkunden.',
+        text_en: 'That is why we hire the channel manager before the first direct salesperson. A single Bechtle deal brings ten to fifty end customers.',
+        pause_after: 1500,
+      },
+    ],
+  },
+
+  // — annex-finanzplan (30s)
+  {
+    slideId: 'annex-finanzplan',
+    duration: 30,
+    paragraphs: [
+      {
+        text_de: 'Der detaillierte Finanzplan — hier können Sie in die Rohdaten eintauchen. Personalkosten, betriebliche Aufwendungen, Umsatzerlöse, Liquidität und GuV — alles monatlich aufgeschlüsselt über fünf Jahre.',
+        text_en: 'The detailed financial plan — here you can dive into the raw data. Personnel costs, operating expenses, revenue, liquidity and P and L — all broken down monthly over five years.',
+        pause_after: 2000,
+      },
+      {
+        text_de: 'Alle Kennzahlen und Grafiken in der Präsentation werden aus diesen Daten berechnet. Nichts ist erfunden — alles ist nachvollziehbar.',
+        text_en: 'All KPIs and charts in the presentation are calculated from this data. Nothing is invented — everything is traceable.',
+        pause_after: 1500,
+      },
+    ],
+  },
+
+  // — annex-glossary (20s)
+  {
+    slideId: 'annex-glossary',
+    duration: 20,
+    paragraphs: [
+      {
+        text_de: 'Im Glossar finden Sie alle Fachbegriffe und Abkürzungen erklärt — von S. A. S. T. über Software Bill of Materials bis Verarbeitungsverzeichnis. Falls Ihnen ein Begriff unklar ist, fragen Sie gerne unseren KI-Agenten.',
+        text_en: 'The glossary explains all technical terms and abbreviations — from SAST to SBOM to RoPA. If any term is unclear, feel free to ask our AI agent.',
+        pause_after: 1500,
+      },
+    ],
+  },
+
+  // — legal-disclaimer (20s)
+  {
+    slideId: 'legal-disclaimer',
+    duration: 20,
+    paragraphs: [
+      {
+        text_de: 'Zum Abschluss der wichtige rechtliche Hinweis: Dieses Pitch Deck ist vertraulich und ausschliesslich für den eingeladenen Empfänger bestimmt. Alle Finanzangaben sind Planzahlen. Vielen Dank für Ihre Zeit und Ihr Interesse an BreakPilot COMPLAI.',
+        text_en: 'To conclude, the important legal notice: This pitch deck is confidential and intended exclusively for the invited recipient. All financial figures are projections. Thank you for your time and interest in BreakPilot COMPLAI.',
+        pause_after: 1500,
+      },
+    ],
+  },
 ]

 export function getScriptForSlide(slideId: string): SlideScript | undefined {
@@ -6,6 +6,7 @@ export const SLIDE_ORDER: SlideId[] = [
  'cover',
  'problem',
  'solution',
+  'usp',
  'regulatory-landscape',
  'product',
  'how-it-works',
@@ -29,6 +30,7 @@ export const SLIDE_ORDER: SlideId[] = [
  'annex-strategy',
  'annex-finanzplan',
  'annex-glossary',
+  'legal-disclaimer',
 ]

 export const TOTAL_SLIDES = SLIDE_ORDER.length
@@ -227,6 +227,7 @@ export type SlideId =
  | 'cover'
  | 'problem'
  | 'solution'
+  | 'usp'
  | 'regulatory-landscape'
  | 'product'
  | 'how-it-works'
@@ -250,3 +251,4 @@ export type SlideId =
  | 'annex-strategy'
  | 'annex-finanzplan'
  | 'annex-glossary'
+  | 'legal-disclaimer'
@@ -0,0 +1,123 @@
+# BreakPilot Pitch MCP Server
+
+MCP server that lets Claude Code directly manage pitch versions, invite investors, and assign versions — without touching the browser admin UI.
+
+## What it does
+
+11 tools exposed to Claude Code:
+
+| Tool | Description |
+|------|-------------|
+| `list_versions` | List all pitch versions with status + investor counts |
+| `create_version` | Create a draft (snapshot base tables or fork from parent) |
+| `get_version` | Get full version detail with all 12 data table snapshots |
+| `get_table_data` | Get one table's data (company, team, financials, market, etc.) |
+| `update_table_data` | Replace a table's data in a draft version |
+| `commit_version` | Lock a draft as immutable |
+| `fork_version` | Create new draft by copying an existing version |
+| `diff_versions` | Per-table diff between any two versions |
+| `list_investors` | List all investors with stats + version assignments |
+| `assign_version` | Assign a committed version to an investor |
+| `invite_investor` | Send magic-link email to a new investor |
+
+All actions go through the existing admin API at `pitch.breakpilot.com`, so they show up in the audit log.
+
+## Setup
+
+### 1. Build
+
+```bash
+cd pitch-deck/mcp-server
+npm install
+npm run build
+```
+
+### 2. Get the admin secret
+
+The `PITCH_ADMIN_SECRET` is stored in orca secrets on the server. SSH in and retrieve it:
+
+```bash
+ssh breakpilot-infra-vm1
+cat ~/orca/services/breakpilot-dsms/secrets.json | grep PITCH_ADMIN_SECRET
+```
+
+### 3. Configure
+
+Edit `.mcp.json` in the **breakpilot-core** repo root (already created):
+
+```json
+{
+  "mcpServers": {
+    "pitch-versions": {
+      "command": "node",
+      "args": ["pitch-deck/mcp-server/dist/index.js"],
+      "env": {
+        "PITCH_API_URL": "https://pitch.breakpilot.com",
+        "PITCH_ADMIN_SECRET": "paste-your-secret-here"
+      }
+    }
+  }
+}
+```
+
+> **Important:** `.mcp.json` contains a secret. It's already in `.gitignore` — never commit it.
+
+### 4. Restart Claude Code
+
+Exit and reopen Claude Code, or run `/mcp` to check it loaded:
+
+```
+/mcp
+```
+
+You should see `pitch-versions` listed with 11 tools.
+
+## Usage examples
+
+Just talk to Claude naturally:
+
+- **"List all pitch versions"** → calls `list_versions`
+- **"Create a new version called 'Series A Aggressive'"** → calls `create_version`
+- **"Show me the company data from version X"** → calls `get_table_data`
+- **"Update the company tagline to 'AI-Powered Compliance' in version X"** → calls `update_table_data`
+- **"Commit version X"** → calls `commit_version`
+- **"Fork version X into a new draft called 'Conservative'"** → calls `fork_version`
+- **"Compare version X with version Y"** → calls `diff_versions`
+- **"Assign version X to investor jane@vc.com"** → calls `assign_version`
+- **"Invite john@fund.com from Big Fund"** → calls `invite_investor`
+
+## Data tables
+
+Each version stores 12 data tables as JSONB snapshots:
+
+| Table | Content |
+|-------|---------|
+| `company` | Name, tagline (DE/EN), mission (DE/EN), website, HQ city |
+| `team` | Members with roles, bios, equity, expertise (all bilingual) |
+| `financials` | Year-by-year revenue, costs, MRR, ARR, customers, employees |
+| `market` | TAM/SAM/SOM with values, growth rates, sources |
+| `competitors` | Names, customer counts, pricing, strengths, weaknesses |
+| `features` | Feature comparison matrix (BreakPilot vs competitors) |
+| `milestones` | Timeline with dates, titles, descriptions, status (bilingual) |
+| `metrics` | Key metrics with labels (bilingual) and values |
+| `funding` | Round details, amount, instrument, use of funds breakdown |
+| `products` | Product tiers with pricing, LLM specs, features (bilingual) |
+| `fm_scenarios` | Financial model scenario names, colors, default flag |
+| `fm_assumptions` | Per-scenario assumptions (growth rate, ARPU, churn, etc.) |
+
+## Architecture
+
+```
+Claude Code ←stdio→ MCP Server ←HTTP→ pitch.breakpilot.com/api/admin/*
+                     (local)           (deployed on orca)
+```
+
+The MCP server is a thin HTTP client. All auth, validation, and audit logging happens on the server side. The bearer token authenticates as a CLI admin actor.
+
+## Troubleshooting
+
+**"PITCH_ADMIN_SECRET is required"** → The env var is missing in `.mcp.json`
+
+**401 errors** → The secret is wrong or the pitch-deck container isn't running. Check: `curl -s -H "Authorization: Bearer YOUR_SECRET" https://pitch.breakpilot.com/api/admin/investors`
+
+**MCP server not showing in `/mcp`** → Make sure you're in the `breakpilot-core` directory when you launch Claude Code (`.mcp.json` is project-scoped)
@@ -0,0 +1,19 @@
+{
+  "name": "breakpilot-pitch-mcp",
+  "version": "1.0.0",
+  "description": "MCP server for managing BreakPilot pitch versions via Claude Code",
+  "private": true,
+  "type": "module",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.2",
+    "@types/node": "^22.10.2"
+  }
+}
@@ -0,0 +1,285 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+
+const API_URL = process.env.PITCH_API_URL || "https://pitch.breakpilot.com";
+const API_SECRET = process.env.PITCH_ADMIN_SECRET || "";
+
+if (!API_SECRET) {
+  console.error("PITCH_ADMIN_SECRET is required");
+  process.exit(1);
+}
+
+// --- HTTP client ---
+
+async function api(
+  method: string,
+  path: string,
+  body?: unknown
+): Promise<unknown> {
+  const url = `${API_URL}${path}`;
+  const res = await fetch(url, {
+    method,
+    headers: {
+      Authorization: `Bearer ${API_SECRET}`,
+      "Content-Type": "application/json",
+    },
+    body: body ? JSON.stringify(body) : undefined,
+  });
+
+  const text = await res.text();
+  let data: unknown;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    data = text;
+  }
+
+  if (!res.ok) {
+    const msg =
+      typeof data === "object" && data && "error" in data
+        ? (data as { error: string }).error
+        : `HTTP ${res.status}`;
+    throw new Error(msg);
+  }
+  return data;
+}
+
+const TABLE_NAMES = [
+  "company",
+  "team",
+  "financials",
+  "market",
+  "competitors",
+  "features",
+  "milestones",
+  "metrics",
+  "funding",
+  "products",
+  "fm_scenarios",
+  "fm_assumptions",
+] as const;
+
+// --- MCP Server ---
+
+const server = new McpServer({
+  name: "breakpilot-pitch",
+  version: "1.0.0",
+});
+
+// 1. list_versions
+server.tool(
+  "list_versions",
+  "List all pitch versions with status, parent chain, and investor assignment counts",
+  {},
+  async () => {
+    const data = await api("GET", "/api/admin/versions");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 2. create_version
+server.tool(
+  "create_version",
+  "Create a new draft version. Optionally fork from a parent version ID, otherwise snapshots current base tables.",
+  {
+    name: z.string().describe("Version name, e.g. 'Conservative Q4'"),
+    description: z
+      .string()
+      .optional()
+      .describe("Optional description"),
+    parent_id: z
+      .string()
+      .uuid()
+      .optional()
+      .describe("UUID of parent version to fork from. Omit to snapshot base tables."),
+  },
+  async ({ name, description, parent_id }) => {
+    const data = await api("POST", "/api/admin/versions", {
+      name,
+      description,
+      parent_id,
+    });
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 3. get_version
+server.tool(
+  "get_version",
+  "Get full version detail including all 12 data table snapshots",
+  {
+    version_id: z.string().uuid().describe("Version UUID"),
+  },
+  async ({ version_id }) => {
+    const data = await api("GET", `/api/admin/versions/${version_id}`);
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 4. get_table_data
+server.tool(
+  "get_table_data",
+  "Get a specific table's data for a version. Tables: company, team, financials, market, competitors, features, milestones, metrics, funding, products, fm_scenarios, fm_assumptions",
+  {
+    version_id: z.string().uuid().describe("Version UUID"),
+    table_name: z
+      .enum(TABLE_NAMES)
+      .describe("Which data table to retrieve"),
+  },
+  async ({ version_id, table_name }) => {
+    const data = await api(
+      "GET",
+      `/api/admin/versions/${version_id}/data/${table_name}`
+    );
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 5. update_table_data
+server.tool(
+  "update_table_data",
+  "Replace a table's data in a DRAFT version. Pass the full array of row objects. Single-record tables (company, funding) should still be wrapped in an array.",
+  {
+    version_id: z.string().uuid().describe("Version UUID (must be a draft)"),
+    table_name: z.enum(TABLE_NAMES).describe("Which data table to update"),
+    data: z
+      .string()
+      .describe(
+        "JSON string of the new data — an array of row objects. Example for company: [{\"name\":\"BreakPilot\",\"tagline_en\":\"...\"}]"
+      ),
+  },
+  async ({ version_id, table_name, data: dataStr }) => {
+    let parsed: unknown;
+    try {
+      parsed = JSON.parse(dataStr);
+    } catch {
+      return {
+        content: [{ type: "text", text: "Error: invalid JSON in data parameter" }],
+        isError: true,
+      };
+    }
+    const result = await api(
+      "PUT",
+      `/api/admin/versions/${version_id}/data/${table_name}`,
+      { data: parsed }
+    );
+    return {
+      content: [{ type: "text", text: JSON.stringify(result, null, 2) }],
+    };
+  }
+);
+
+// 6. commit_version
+server.tool(
+  "commit_version",
+  "Commit a draft version, making it immutable and available for investor assignment",
+  {
+    version_id: z.string().uuid().describe("Draft version UUID to commit"),
+  },
+  async ({ version_id }) => {
+    const data = await api(
+      "POST",
+      `/api/admin/versions/${version_id}/commit`
+    );
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 7. fork_version
+server.tool(
+  "fork_version",
+  "Create a new draft by forking an existing version (copies all data)",
+  {
+    version_id: z.string().uuid().describe("Version UUID to fork from"),
+    name: z.string().describe("Name for the new forked draft"),
+  },
+  async ({ version_id, name }) => {
+    const data = await api(
+      "POST",
+      `/api/admin/versions/${version_id}/fork`,
+      { name }
+    );
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 8. diff_versions
+server.tool(
+  "diff_versions",
+  "Compare two versions and see per-table diffs (added/removed/changed rows and fields)",
+  {
+    version_a: z.string().uuid().describe("First version UUID"),
+    version_b: z.string().uuid().describe("Second version UUID"),
+  },
+  async ({ version_a, version_b }) => {
+    const data = await api(
+      "GET",
+      `/api/admin/versions/${version_a}/diff/${version_b}`
+    );
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 9. list_investors
+server.tool(
+  "list_investors",
+  "List all investors with their login stats, assigned version, and activity",
+  {},
+  async () => {
+    const data = await api("GET", "/api/admin/investors");
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 10. assign_version
+server.tool(
+  "assign_version",
+  "Assign a committed version to an investor (determines what pitch data they see). Pass null to reset to default base tables.",
+  {
+    investor_id: z.string().uuid().describe("Investor UUID"),
+    version_id: z
+      .string()
+      .uuid()
+      .nullable()
+      .describe("Committed version UUID to assign, or null for default"),
+  },
+  async ({ investor_id, version_id }) => {
+    const data = await api("PATCH", `/api/admin/investors/${investor_id}`, {
+      assigned_version_id: version_id,
+    });
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// 11. invite_investor
+server.tool(
+  "invite_investor",
+  "Invite a new investor by email — sends a magic link for passwordless access to the pitch deck",
+  {
+    email: z.string().email().describe("Investor email address"),
+    name: z.string().optional().describe("Investor name"),
+    company: z.string().optional().describe("Investor company"),
+  },
+  async ({ email, name, company }) => {
+    const data = await api("POST", "/api/admin/invite", {
+      email,
+      name,
+      company,
+    });
+    return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+  }
+);
+
+// --- Start ---
+
+async function main() {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+
+main().catch((err) => {
+  console.error("MCP server error:", err);
+  process.exit(1);
+});
@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "declaration": true
+  },
+  "include": ["src"]
+}
@@ -1,5 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
-import { jwtVerify } from 'jose'
+import { jwtVerify } from 'jose/jwt/verify'

 // Paths that bypass auth entirely
 const PUBLIC_PATHS = [
@@ -12,6 +12,8 @@ const PUBLIC_PATHS = [
  '/manifest.json',
  '/sw.js',
  '/icons',
+  '/screenshots',             // SDK demo screenshots: public marketing assets. Must bypass auth because the next/image optimizer fetches them server-side without investor cookies.
+  '/team',                    // Team photos: must bypass auth for next/image optimizer
  '/favicon.ico',
 ]

@@ -67,6 +69,17 @@ export async function middleware(request: NextRequest) {
    }
  }

+  // ----- Allow admins to access investor routes (e.g. /api/chat in preview) -----
+  const adminFallback = request.cookies.get('pitch_admin_session')?.value
+  if (adminFallback && secret) {
+    try {
+      await jwtVerify(adminFallback, new TextEncoder().encode(secret), { audience: ADMIN_AUDIENCE })
+      return NextResponse.next()
+    } catch {
+      // Invalid admin token, fall through to investor auth
+    }
+  }
+
  // ----- Investor-gated routes (everything else) -----
  const token = request.cookies.get('pitch_session')?.value

@@ -5,6 +5,7 @@ const nextConfig = {
  typescript: {
    ignoreBuildErrors: true,
  },
+  serverExternalPackages: ['nodemailer'],
  async headers() {
    return [
      {
@@ -17,7 +17,8 @@
        "pg": "^8.13.1",
        "react": "^18.3.1",
        "react-dom": "^18.3.1",
-        "recharts": "^2.15.0"
+        "recharts": "^2.15.0",
+        "server-only": "^0.0.1"
      },
      "devDependencies": {
        "@types/bcryptjs": "^2.4.6",
@@ -3743,6 +3744,12 @@
        "node": ">=10"
      }
    },
+    "node_modules/server-only": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/server-only/-/server-only-0.0.1.tgz",
+      "integrity": "sha512-qepMx2JxAa5jjfzxG79yPPq+8BuFToHd1hm7kI+Z4zAq1ftQiP7HcxMhDDItrbtwVeLg/cY2JnKnrcFkmiswNA==",
+      "license": "MIT"
+    },
    "node_modules/sharp": {
      "version": "0.34.5",
      "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz",
@@ -20,7 +20,8 @@
    "pg": "^8.13.1",
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
-    "recharts": "^2.15.0"
+    "recharts": "^2.15.0",
+    "server-only": "^0.0.1"
  },
  "devDependencies": {
    "@types/bcryptjs": "^2.4.6",