# 08D Paid Launch Compliance Recheck

Verdict: Compliance_NO_GO

Reviewed at: 2026-05-29 12:35:08 UTC
Domain: https://aieditorrsp.net
Scope: production site + repository after auth/payment integration

## Bottom line

Paid launch should not proceed yet.

The backend/payment implementation is mostly aligned with the paid-launch compliance requirements, but the production legal/pricing copy still contradicts the live system. Production publicly says provider generation, paid checkout, subscriptions, and paid credits are disabled, while `/api/credits` reports `paid_enabled: true`, Google OAuth is live, and `/api/checkout/stripe?plan=monthly` redirects anonymous users into Google login before checkout.

This is a material consumer-disclosure mismatch for a paid launch.

## Required checks

| Check | Status | Evidence |
|---|---:|---|
| Privacy/terms/refund/pricing/cookie copy matches real Google OAuth | NO_GO | Production banner and pages still say disabled / provider-pending preview. Google OAuth endpoint is live and sets OAuth state cookie. |
| D1 user/credits/orders storage disclosed and implemented | PARTIAL_GO | D1 remote has `users`, `credit_accounts`, `usage_records`, `orders`, `webhook_events`. Legal copy still has outdated/contradictory statements about storage and payment records. |
| Stripe Checkout + Tax | CODE_GO / COPY_NO_GO | Checkout route sets `automatic_tax[enabled]=true`, `billing_address_collection=required`, `tax_id_collection[enabled]=true`. Public copy does not clearly say Stripe Tax is not MoR or that tax is calculated at checkout. |
| fal provider 24h temporary result URL | PARTIAL_GO | Code returns fal-hosted URL and API response reports `result_cache_ttl_hours`. Production privacy extraction still contains older mirror/storage wording in places. |
| support@aieditorrsp.net | GO | Production pages expose `support@aieditorrsp.net`. |
| No legacy `aieditor-rsp.io` | GO | Source/design/public scan found no `aieditor-rsp.io`. |
| No provider-disabled copy | NO_GO | Production pages still show `Provider-pending preview`, `Provider pending`, `Provider generation is currently disabled`, and disabled paid checkout copy. |
| No false MoR/tax claims | PARTIAL_GO | No explicit false MoR claim found, but pages lack clear “Stripe is payment processor/Stripe Tax is not Merchant of Record; merchant remains responsible for filing/remittance” disclosure for paid launch. |
| Tax payable/subtotal/tax/total represented | CODE_GO | `orders` schema and webhook store `subtotal_amount`, `tax_amount`, `total_amount`, `tax_payable_amount`; checkout and webhook code populate these fields. |

## Production findings

1. `/api/credits` confirms paid mode is live:

```json
{
  "authenticated": false,
  "plan": "free",
  "daily_limit": 2,
  "paid_enabled": true,
  "checkout": {
    "monthly": "/api/checkout/stripe?plan=monthly",
    "yearly": "/api/checkout/stripe?plan=yearly",
    "credit_pack": "/api/checkout/stripe?plan=credit_pack"
  }
}
```

2. `/api/auth/login?return_to=/pricing` returns 302 to Google OAuth with redirect URI:

```text
https://aieditorrsp.net/api/auth/callback/google
```

It sets:

```text
aieditorrsp_oauth_state=...; HttpOnly; Secure; SameSite=Lax
```

3. `/api/checkout/stripe?plan=monthly` returns 302 to login for anonymous users:

```text
Location: https://aieditorrsp.net/api/auth/login?return_to=%2Fapi%2Fcheckout%2Fstripe%3Fplan%3Dmonthly
```

4. Production legal/pricing pages still show stale disabled copy:

- Site-wide banner: “AI generation, paid checkout, subscriptions, credit purchases ... are not enabled yet.”
- `/pricing`: “generation provider is not enabled yet. Paid checkout and credits remain disabled...”
- `/terms`: “PRO — PLANNED / DISABLED”, “CREDIT PACK — PLANNED / DISABLED”
- `/refund`: “Provider generation, paid checkout, subscriptions, and credit packs are disabled...”
- `/privacy`: “Paid checkout is disabled in the current preview...” and older upload/output storage language appears in extracted production text.
- `/cookie-policy`: says `rsp_session` is reserved/future and provider generation is disabled, while OAuth/session is live.

## Repository findings

### Backend/payment implementation

PASS at code level:

- `wrangler.jsonc` binds D1 database `aieditorrsp-db` with database_id `a9d3f65c-15e6-406f-8147-e20e3f526fb6`.
- Remote D1 has required tables: `users`, `credit_accounts`, `usage_records`, `orders`, `webhook_events`.
- Google OAuth uses state cookie and callback validation.
- Session cookie uses `HttpOnly; Secure; SameSite=Lax`.
- Stripe Checkout route includes:
  - `automatic_tax[enabled]=true`
  - `billing_address_collection=required`
  - `tax_id_collection[enabled]=true`
- Stripe webhook uses `request.text()` and verifies `stripe-signature` before processing.
- Orders schema stores `subtotal_amount`, `tax_amount`, `total_amount`, `tax_payable_amount`.
- `generate-image` reserves credits before provider call but only commits/deducts after successful fal result; provider timeout/failure says no credits charged.

### Repo copy state

Partial remediation exists in `src/lib/rawDesign.ts`, replacing some disabled-copy phrases at render time. However:

- `design-v3/html/*` and `src/lib/designHtml.ts` still contain stale disabled/preview text.
- Production is still serving stale disabled copy despite `origin/main` HEAD showing `fix: remove paid disabled copy`.
- This means either the latest source has not been successfully deployed, static cache/assets are stale, or the replacement coverage is incomplete.

## Blocking issues before Compliance_GO

P0. Production paid-state disclosure mismatch

Fix all public pages so they match live behavior:

- Google login is enabled.
- Stripe Checkout is enabled for authenticated users.
- Pro monthly, Pro annual, and credit pack purchase paths are active if `paid_enabled=true`.
- fal generation is enabled if provider secret is live.
- Paid credits are recorded in D1 and deducted only after successful generation.

P0. Remove disabled/provider-pending copy from production

Remove or replace:

- “Provider-pending preview”
- “generation provider is not enabled yet”
- “paid checkout ... not enabled yet”
- “paid checkout is disabled”
- “PRO — PLANNED / DISABLED”
- “Provider generation is currently disabled”
- `rsp_session` reserved/future wording, now that OAuth/session exists

P0. Update Privacy storage disclosures

Privacy must match actual D1/API behavior:

- Google OAuth stores email/name/avatar/google_id in `users`.
- D1 stores `credit_accounts`, `usage_records`, `orders`, `webhook_events`.
- Usage metadata may store provider/model/request_id and fal result URL metadata.
- fal receives source image and prompt for one-off processing.
- Site does not store source images/generated outputs in R2/site-owned media storage unless that changes.
- fal-hosted result URL is temporary; public copy should say 24h result URL window only if provider behavior/implementation supports that assumption.

P0. Add paid tax disclosure

Pricing/refund/terms should state:

- Prices may exclude applicable taxes.
- Stripe Checkout calculates and collects applicable taxes where configured.
- Stripe processes payments; Stripe Tax is not Merchant of Record.
- Nextfield Labs LLC / site operator remains responsible for tax filing/remittance unless using a MoR provider.
- Order records distinguish subtotal, tax, total, and tax payable.

P1. Commercial-use claim needs narrowing

Production pricing FAQ says: “all assets generated on Pro and Annual plans include a full commercial license.” That is too broad. Replace with:

“Commercial use may be allowed subject to your rights in the source image, third-party model/provider terms, and applicable law. We do not grant rights to source material, likenesses, trademarks, or third-party IP you do not own.”

P1. Confirm deployment/cache state

After copy changes, redeploy and verify production text with `curl`/browser extraction. Current production does not reflect the expected paid-launch copy.

## GO criteria

Return to Compliance_GO only after all are true in production:

1. `/pricing`, `/privacy`, `/terms`, `/refund`, `/cookie-policy` no longer contain provider-disabled or paid-disabled language.
2. Legal copy explicitly matches Google OAuth, D1 account/credit/order storage, Stripe Checkout, Stripe Tax, and fal processing.
3. Tax/MoR disclaimer is present and not misleading.
4. Production `/api/credits` paid state and visible pricing/CTA language agree.
5. No legacy `aieditor-rsp.io` or provider-disabled copy in production.

## Result

Compliance_NO_GO

This is not formal legal advice. It is a launch compliance gate review for product copy and implementation consistency.