All requests are validated server-side and stored in protected storage with safe defaults.
Sensitive data in logs is redacted. IP addresses are stored only as hash in audit records.
Backend includes dedicated payment-intent endpoint and env-based keys for provider integration.