OCT requires a public presence and to impose even scaled
anonymity and privacy isn't feasible. Perhaps, every member may access it thru some universal VPN agreed with OCT and not being accessible otherwise. Maybe to consider that MG members post the content in private forums with PGP encryption. Or, create an OCT application that will locally generate certificates for members and allow that all member tiers post the content with encryption.
This isn't NATO COSMIC TOP SECRET or USG SAP resource. And certainly not a resource for petty or serious and organized crime - as some l'agents provocateurs are implying. But, when you chose not to disclose beneficiaries and manager, then the technical aspect is a logical sequence - for whatever the reasons may be.
A short remarks about comfort.
Still, there is no back button - like it had been present in previous version - in the down left side; bloody hard to navigate from an iPhone when the OCT is put on home screen.
Previously, you could click on a new post in any particular thread from the main forum page - now you're landed on that sub-forum main page when clicking from main forum page; loss of time.
Post merger should be enabled in time to come
A safety and reliability one as well. As
@JohnLocke said, OCT isn't a hobby project (anymore).
Without commenting your choice for domain registrar and hosting provider (jurisdiction and quality wise), TLS certificates provider (transparency wise) and DNS provider (reliability wise), OCT should have at least two different DNS providers - beside Cloudflare a selection should be made from IBM NS1, Vercara/UltraDNS or even Amazon Route 53 for reliability. There were glitches in previous days when I tried accessing the OCT. DNSSEC is enabled which is a standard nowadays. With two different DNS providers, multi-signed DNSSEC must be enabled.
Perhaps, instead of Name.com a different domain registrar should be chosen - (2fa is via mail).
As for hosting provider, no comment - what you don't share I don't comment. But, clustered container or virtual machine set-up within two different locations is probably the optimal option.
Well, nothing to comment for mail provider - Proton isn't secure and never was - only an appearance of it. For OCT use, Google would have been better selection. But, current configuration offers at least some security-thru-obscurity - mail forwarded via icloud.
Current selection at Cloudflare SSL/TLS settings de-anonymizes OCT's TLS certificate provider and mechanism and allows trace-back
When using Cloudflare, there is a secondary benefit of displaying TLS certificates from Google Trust Services. Your developer(s) should understand this.
Web-site and associated forum is as I noted a public resource. Whether an implemented and advertised firewall will mean anything in relation to hosted location and other protected values is to be seen in time to come.
Of course, all of this is my humble expert opinion and doesn't bound the OCT owners and management and their developers to any action or lack of it