Hi there LOVE LOVE LOVE Base 44 and so happy that I stumbled onto it at the right time and love the way it works, however like everything in life, there are enhancements and improvements that can be made and my number one request is to enable power users like myself to have the ability to purchase extra credits. More than happy to pay for them to get the app ready for release, but can't do that so now have to wait 2 weeks....which means that Base 44 is losing money and I'm losing time. My number 2 request is to have actual, real customer service. I have submitted 4 tickets over the past 4 weeks with absolutely ZERO response and each ticket has just magically disappeared from my account too...Incredibly disappointing, completely unprofessional and very concerning. REQUEST #3 comes straight from Claude Ai itself: o: base44 Platform Engineering & Security Team From: A Developer on the base44 Platform Subject: Feature Request: Enhanced Infrastructure-Level Security Controls for High-Assurance Applications Introduction: To build applications that meet the highest security standards, especially those integrating with decentralized platforms like Hive, several infrastructure-level security features are essential. While the application-level security is being robustly implemented, the underlying platform must provide the following capabilities to ensure a true defense-in-depth architecture. 1. Web Application Firewall (WAF) Requirement: The ability to configure and deploy a WAF in front of the application's API gateway and frontend hosting. Justification: A WAF is the first line of defense against common web exploits (OWASP Top 10), such as SQL Injection, Cross-Site Scripting (XSS), and automated bot attacks. This is a fundamental security control that cannot be implemented at the application code level. 2. Confirmation of Hardware Security Module (HSM) for Secrets Management Requirement: Formal confirmation that all secrets and encryption keys managed by the base44 platform are protected by a FIPS 140-2 Level 3 (or higher) compliant Hardware Security Module (HSM). Justification: For handling sensitive financial and identity-related API keys, software-only key stores are insufficient. HSM-backed envelope encryption provides critical protection against database compromise and ensures that cryptographic keys are never exposed in plaintext outside of a secure hardware boundary. 3. CI/CD Integrated Security Tooling Requirement: Integration of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools into the base44 CI/CD pipeline. Justification: To protect against supply-chain attacks and coding vulnerabilities, security scanning must be automated. This includes scanning all third-party dependencies for known CVEs before deployment and analyzing application code for potential security flaws. 4. Advanced Rate Limiting and DDoS Protection Requirement: Granular, infrastructure-level rate limiting controls at the API gateway and network edge. Justification: While application-level throttling is being implemented, it is not sufficient to mitigate large-scale Distributed Denial of Service (DDoS) attacks. Platform-level protection is required to block malicious traffic before it consumes application resources. 5. User-Configurable JWT Time-to-Live (TTL) Requirement: The ability for developers to configure the expiration time for the JSON Web Tokens issued by the base44 authentication service. Justification: For high-security applications, enforcing very short-lived session tokens (e.g., 5-15 minutes) is a critical security measure to limit the impact of a stolen token. The current fixed TTL may not be suitable for all use cases. These platform enhancements are crucial for enabling developers to build truly secure and resilient applications. We look forward to seeing these capabilities integrated into the base44 platform. I look forward to a response- any kind of response asap thanks.