Payment Security

Idempotency — no double charges

Every checkout session is assigned a unique idempotency key. If you retry a payment (network drop, accidental double-click within 5 minutes), the system recognizes the duplicate and never charges you twice. Webhooks from gateways carry a unique reference ID checked against a dedup table before any balance change happens.

Recovery — slow webhooks

If a payment provider's webhook is delayed or dropped:

A reconciliation job runs daily to cross-check all pending payments older than 24 hours against the gateway's API.
If the gateway confirms the payment succeeded, the order is fulfilled and your balance/subscription activated — even if the original webhook never arrived.
You can also tap "Check Payment" on a stuck transaction; this calls the gateway directly in real time.

Hybrid payment rollback

For payments combining Saldo Sub + gateway:

If the gateway portion fails or expires, the Saldo Sub portion is automatically refunded to your wallet in the same transaction.
A full audit trail is written so you can always see what was deducted and what was returned.

Refund policy

Failed gateway → automatic, instant refund of any Saldo Sub used.
Failed PPOB after payment → automatic refund to Saldo Sub or original method.
Voluntary refund (top-up, subscription) → manual within policy windows — see the relevant feature page.

What we don't store

Full card numbers (PCI-DSS scope offloaded to the gateway)
CVV (never touches our servers)
Bank login credentials (you only authenticate with the gateway)

Reporting suspicious activity

Email [email protected] immediately if you see a charge you didn't make. Include the transaction reference, date, and amount. We respond to security reports within 24 hours.

Idempotency — no double charges​

Recovery — slow webhooks​

Hybrid payment rollback​

Refund policy​

What we don't store​

Reporting suspicious activity​