E01
Visible scope
Before checkout
Edition, delivery model, licence boundary, terms, refund note, and support expectation stay visible before payment.
Loading
Trust Centre
This page avoids unverified compliance claims. It shows the payment, privacy, security, status, and dispute-evidence posture that is actually present or explicitly prepared.
Payment
Off-site card boundary
Security
Server-side gates
Evidence
Webhook memory
Atlas room
TRU-05
Dispute evidence chain
The user sees scope before paying; the server validates the request; the provider handles card data; signed webhooks preserve the operational memory needed for refunds and disputes.
E01
Visible scope
Edition, delivery model, licence boundary, terms, refund note, and support expectation stay visible before payment.
E02
Server gate
Allowed product IDs, CSRF, origin checks, honeypot, rate limiting, and bot verification protect the session route.
E03
Off-site card data
Card data is handled off-site by the payment provider. Istiqtal receives only the checkout URL and operational metadata.
E04
Dispute evidence
Signed webhook events, duplicate checks, payment/refund/dispute fields, and alerts preserve the transaction record.
Payment security
Checkout runs through an encrypted, off-site payment boundary. Card details are never handled by Istiqtal application code.
Privacy
Only necessary operational data should be collected. Public analytics are not added by default.
Security practices
Webhook signatures, origin checks, CSRF checks, bot checks, rate limits, and audit logs protect payment flows.
Status
A public status surface is prepared. It must be connected to a real incident source before making uptime claims.
Payment boundary
Payments are handled by a PCI-compliant processor over an encrypted, off-site boundary. Card details are never seen or stored by Istiqtal; every transaction is verified and recorded server-side.