Security
Encrypted secrets
Stripe and WhatsApp tokens are encrypted at rest before being written to D1.
Signed sessions
The merchant dashboard uses an httpOnly signed session cookie instead of exposing account identifiers in the browser.
Webhook verification
Stripe webhook payloads are verified before any recovery record is created or updated.
Operational controls
- Queue-based outbound messaging
- Event deduplication by provider event ID
- Proxy recovery links for attribution
- Security headers on site and API responses
Still required before launch
- Final legal review and DPA
- Meta app review, app secrets, and templates
- Stripe public app review and external testing
- Backup and incident response policy