# How secure Stripe checkout works

PersonApp uses Stripe Payment Intents with server-side package validation and authenticated checkout sessions.

- Canonical URL: https://personapp.io/help/payment/secure-checkout-stripe
- Category: Payment
- Platforms: web, ios, android
- Published: 2026-02-26
- Last reviewed: 2026-02-27
- Publisher: PersonApp Help Center (https://personapp.io/help)

---

Checkout uses Stripe Payment Intents created server-side only after validating package ID, coin amount, and price tuple. The checkout request requires your authenticated access token and returns a client secret used by Stripe Payment Element.

## Steps

1. Select a package in the coin modal so the client sends packageId, coins, and price to create-payment-intent.
2. The backend validates the package values against allowed catalog entries before creating the intent.
3. Complete payment using Stripe Payment Element; the card form is hosted and secured by Stripe.
4. Wait for Stripe webhook confirmation, then verify the credited coins in your profile.

## Frequently Asked Questions

### Does PersonApp store my card number?

No. Card collection is handled by Stripe Payment Element and not stored directly in app profile records.

### What happens if package values are tampered in browser?

The edge function rejects invalid package tuples and does not create a payment intent.

---

*Markdown version of https://personapp.io/help/payment/secure-checkout-stripe, provided for AI assistants and plain-text readers. Full index: https://personapp.io/llms.txt*
