diff --git a/PROJECT_STATE.md b/PROJECT_STATE.md
index 1a89815..f087ba6 100644
--- a/PROJECT_STATE.md
+++ b/PROJECT_STATE.md
@@ -4,7 +4,7 @@
 OTB Cloud
 
 ## Current version
-v0.1.1
+v0.1.2
 
 ## Build date
 2026-04-12
@@ -53,24 +53,25 @@ Each device should have:
 - Main blueprint
 - Auth blueprint
 - MariaDB connection helper
-- Signed handoff placeholder route
+- Signed handoff endpoint
 - Auth-protected dashboard
-- Local temporary portal base template
+- Temporary portal base template
 - SQL schema file
 - DB bootstrap script
 - Storage bootstrap scripts
+- Gunicorn systemd service on vault3
+- Mintme reverse proxy in place
 
 ## Immediate next tasks
-1. Create MariaDB database and otb_cloud DB user
-2. Run schema bootstrap script
-3. Install Python requirements into venv
-4. Start local Flask test run on 127.0.0.1:5090
-5. Add real shared `portal_base.html` integration from OTB portal
-6. Build file library and upload endpoints
-7. Add OTB Billing service-card integration
+1. Patch OTB Billing to add OTB Cloud services card
+2. Add signed handoff redirect route in OTB Billing
+3. Replace temporary portal base with shared portal template structure
+4. Build file library and upload endpoints
+5. Add upload audit logging
+6. Add first real storage browsing page
 
 ## Notes
 Original uploaded files should remain preserved and effectively read-only.
 Any user-facing edits or processing outputs should create derivative files.
 Admin access should require owner-issued one-time support authorization.
-The current auth handoff is a placeholder scaffold using a shared secret and HMAC signature.
+This version cleans up the temporary UI while keeping the same signed handoff endpoint for OTB Billing integration.
diff --git a/README.md b/README.md
index 9e58464..cee613f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,12 @@
 # OTB Cloud
 
+## v0.1.2 - 2026-04-12
+- Cleaned up unauthenticated OTB Cloud pages
+- Hid Dashboard/Logout navigation when not authenticated
+- Updated portal-required messaging for production-style flow
+- Updated handoff error page wording
+- Updated test handoff helper to load `.env` automatically
+
 ## v0.1.1 - 2026-04-12
 - Added app config module and MariaDB connection helper
 - Added signed portal handoff placeholder routes
diff --git a/VERSION b/VERSION
index 8308b63..5366600 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v0.1.1
+v0.1.2
diff --git a/app/templates/auth/handoff_error.html b/app/templates/auth/handoff_error.html
index 4951fed..fbba73d 100644
--- a/app/templates/auth/handoff_error.html
+++ b/app/templates/auth/handoff_error.html
@@ -1,10 +1,13 @@
 {% extends "portal_base.html" %}
 
-{% block title %}Handoff Error{% endblock %}
+{% block title %}Portal Handoff Error{% endblock %}
 
 {% block content %}
 <div class="card">
   <h1>Portal handoff failed</h1>
   <p class="muted">{{ message }}</p>
+  <div class="warn" style="margin-top:16px;">
+    Please return to the OTB Billing portal and try launching OTB Cloud again.
+  </div>
 </div>
 {% endblock %}
diff --git a/app/templates/auth/login_required.html b/app/templates/auth/login_required.html
index 2b23c6f..a1cc79e 100644
--- a/app/templates/auth/login_required.html
+++ b/app/templates/auth/login_required.html
@@ -6,11 +6,10 @@
 <div class="card">
   <h1>Portal login required</h1>
   <p class="muted">
-    OTB Cloud does not allow direct unauthenticated access.
-    This app is intended to be reached through the OTB Billing portal handoff.
+    OTB Cloud is available only through a signed handoff from the OTB Billing portal.
   </p>
   <div class="warn" style="margin-top:16px;">
-    Current status: direct local scaffold only. Real portal handoff wiring is next.
+    Please return to the OTB Billing portal and open OTB Cloud from your Services page.
   </div>
 </div>
 {% endblock %}
diff --git a/app/templates/cloud/dashboard.html b/app/templates/cloud/dashboard.html
index ce18930..5cc42f1 100644
--- a/app/templates/cloud/dashboard.html
+++ b/app/templates/cloud/dashboard.html
@@ -30,7 +30,8 @@
   <div class="card">
     <h2 style="margin-top:0;">Current scope</h2>
     <p class="muted">
-      v0.1.1 provides portal-handoff scaffolding, tenant bootstrap, device records, and an authenticated dashboard.
+      OTB Cloud is now running as a portal-linked secure storage service.
+      Next steps are real OTB Billing handoff integration, file library pages, and upload endpoints.
     </p>
   </div>
 </div>
diff --git a/app/templates/portal_base.html b/app/templates/portal_base.html
index 34e7c01..9214f13 100644
--- a/app/templates/portal_base.html
+++ b/app/templates/portal_base.html
@@ -93,8 +93,10 @@
     <div class="nav">
       <div class="brand">OTB Cloud</div>
       <div class="nav-links">
-        <a href="/dashboard">Dashboard</a>
-        <a href="/auth/logout">Logout</a>
+        {% if session.get("otb_user_id") %}
+          <a href="/dashboard">Dashboard</a>
+          <a href="/auth/logout">Logout</a>
+        {% endif %}
       </div>
     </div>
   </div>
@@ -105,7 +107,7 @@
 
   <div class="footer">
     <div class="wrap">
-      Temporary local portal base template for OTB Cloud v0.1.1. Replace this with the shared OTB portal base during integration.
+      OTB Cloud is a portal-linked secure backup and storage service for Outsidethebox.top.
     </div>
   </div>
 </body>
diff --git a/scripts/make_test_handoff.py b/scripts/make_test_handoff.py
index 5cd8108..93b3118 100755
--- a/scripts/make_test_handoff.py
+++ b/scripts/make_test_handoff.py
@@ -5,6 +5,10 @@ import os
 import time
 import urllib.parse
 
+from dotenv import load_dotenv
+
+load_dotenv()
+
 secret = os.getenv("OTB_PORTAL_SHARED_SECRET", "change-me")
 uid = os.getenv("OTB_TEST_UID", "1001")
 email = os.getenv("OTB_TEST_EMAIL", "client@example.com")