> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mavioapp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Organizations, browser extension polish & security hardening

> A new organization layer for managing multiple teams, a refreshed Chrome extension, a redesigned marketing site, and a wave of auth and reliability fixes.

## New features

### Organizations

Mavio now has a dedicated organization layer above workspaces, so larger customers can group multiple teams under one umbrella.

* **Multi-workspace orgs** -- one organization can own several workspaces, each with its own members and settings.
* **Org roles** -- owner and admin roles control who can invite members, manage workspaces, and change billing.
* **Invitation flow** -- admins invite by email and role, with optional default workspace memberships. Invitees receive a tokenized link, accept once, and land in the org plus any preassigned workspaces in a single step.
* **Decline & resend** -- pending invites can be resent or hard-declined from the org settings page.

Learn more in [Team management](/documentation/account/teams).

### Sanity-backed blog

The Mavio blog has moved off the legacy CMS onto a new Sanity-backed setup with an embedded Studio. Expect more frequent product updates, customer stories, and best-practice guides going forward.

## Updates

### Browser extension refresh

The Chrome extension got a brand and UX pass and is now back in the Chrome Web Store with a tighter permissions footprint.

* Refreshed Mavio brand icons across the toolbar and popup.
* Cleaner popup layout with clearer recording state and quick actions.
* Removed unused browser permissions -- the extension now only requests what it actually needs.

See [Browser extension](/documentation/apps/browser-extension) for install steps.

### Marketing site redesign

Every page on [mavioapp.com](https://mavioapp.com) has been rebuilt on the new Mavio palette with real product mockups, refreshed hero imagery, and polished copy. The new site is now live on its production hosting.

### Desktop Home polish

The Home experience in the desktop app has been consolidated into a single page with cleaner popovers and consistent elevation, removing the duplicate Home variants from earlier builds.

## Bug fixes

* **OAuth redirects** -- fixed an issue where OAuth sign-in could redirect to the wrong host in production and where the web callback still pointed at an old domain. Sign-in with Google, Microsoft, and other providers is now reliable on every supported domain.
* **Stricter token verification** -- session tokens are now verified against the rotating JWKS keyset, hardening the app against forged or stale tokens.
* **Recent meetings on Home** -- the Recent Meetings card now only shows meetings that have finished processing, so you never click into a half-baked recording.
* **Account deletion** -- the delete account flow no longer accepts the confirmation password from the URL. See [Account settings](/documentation/account/settings).
* **Bot callbacks** -- meeting bot callbacks now fail closed if the auth token is missing, preventing any unauthenticated webhook traffic from touching your data.
* **Storage proxy** -- the file proxy endpoint now requires authentication and is restricted to an allowlist of buckets.
* **CORS & error handling** -- production now rejects the `null` origin and redacts raw error strings from 500 responses.
* **Row-level security** -- enabled stricter RLS on the feature access tables so plan limits are enforced consistently across every API call.

<Tip>
  All changes in this release roll out automatically. No action is required from desktop, mobile, or browser extension users.
</Tip>
