Product and pricing
- Approved product family copy and plan limits.
- Tax, refund, invoice, and order-form handling.
- Support expectations that do not imply unapproved service commitments.
Checklist
Use this checklist before describing BayStore as production ready.
The current public site is useful as a static, self-hosted marketing and test-runtime surface. Production payment, auth, and runtime mutation require separate approved implementation and deployment work.
Current public state
What is visible now, and what remains deferred?
| Area | Current public state | Production dependency |
|---|---|---|
| Marketing site | Static native HTML/CSS/JS with self-hosted assets and sitemap coverage. | Deployment-specific CDN, TLS, and cache policies. |
| Checkout | Checkout remains sandbox_placeholder; this public site does not charge cards or configure production provider billing. | Approved payment provider setup, live webhooks, tax handling, receipts, and merchant review. |
| Authentication | Sign-in and sign-up are public entry pages. | Production identity provider, sessions, authorization policy, and account issuance. |
| Runtime operations | Operator actions are recorded by the API; production runtime mutation remains deferred. | Worker queue execution, secrets, production cluster permissions, and recovery runbooks. |
| Compliance claims | BayStore does not currently claim SOC 2, ISO 27001, HIPAA, PCI DSS, or other third-party compliance certification. | Independent audit evidence and approved public claims. |
Readiness work
Production launch needs decisions across product, trust, and operations.
Security and legal
- Privacy, DPA, cookies, and terms reviewed for the launch jurisdiction.
- Access control, data handling, retention, and incident process evidence.
- No certification claim unless approved evidence exists.
Runtime operations
- Provision, suspend, upgrade, retry, and retire actions wired to approved execution paths.
- Backup metadata and restore procedure tested in the production environment.
- Status page and support handoff aligned to actual deployment behavior.
Use this checklist as a boundary document: it explains what the static public surface can say today and which claims require separate evidence before publication.