# Security Token Purchase Flow

<figure><img src="/files/1SmuGqPatrTt7D6fEDjl" alt=""><figcaption></figcaption></figure>

The platform implements a structured process for purchasing security tokens that integrates wallet management, identity verification, compliance checks, and secure token transfers all in a single atomic call.

#### Step-by-Step <a href="#step-by-step" id="step-by-step"></a>

1. **Wallet Setup and Deposits** Users deposit stablecoins (USDT, USDC) into their on-platform smart wallet for managing funds and facilitating transactions. No native MASQT is required because gas is paid in the same stablecoins.
2. **KYC and On-Chain Identity**  After completing KYC (Sumsub or Digitap), the user's identity is recorded via `ZodorIdentityRegistry`, with claims stored through `ZodorClaimIssuer`. ZK-KYC users go through `ZKKYCGate` instead of a backend signature.
3. **Marketplace Access**  Verified users browse tokenized assets in the Hub and initiate purchases using their wallet balance. The site filters assets based on the user's jurisdiction and accreditation claims.
4. **Compliance Validation**  `ZodorComplianceModule` validates each transaction against regulatory requirements before any state changes, preventing non-compliant users from proceeding.
5. **Atomic Stablecoin Purchase**  `StablecoinPurchaseRouter.purchase()`:
   * Pulls USDT/USDC from the user
   * Calls `canTransfer()` on the target token
   * Transfers stablecoin to the asset treasury
   * Mints/transfers tokens to the investor's wallet
   * Pays gas via `ZodorTokenPaymaster` from the user's stablecoin balance
6. **Privacy Protection**  For Capital and Infinity, sensitive operations are secured using **ZK-KYC** so PII never lands on-chain. For Energy, optional **`ConfidentialZEROC`** uses Zama fhEVM for fully encrypted balances. For ZCFT specifically, **Path C** keeps balances private to `msg.sender` and emits `amount = 0` Transfer events.

```
sequenceDiagram
  actor User
  participant Wallet as ZodorDelegateAccount
  participant Paymaster as ZodorTokenPaymaster
  participant Router as StablecoinPurchaseRouter
  participant Compliance as ZodorComplianceModule
  participant Token as ZodorToken
  participant Treasury

  User->>Wallet: signUserOp(purchase)
  Wallet->>Paymaster: validatePaymasterUserOp
  Paymaster->>Paymaster: priceOracle + 500 bps buffer
  Paymaster-->>Wallet: ok (will charge USDT)
  Wallet->>Router: purchase(asset, amount)
  Router->>Compliance: canTransfer(0, user, amount)
  Compliance-->>Router: ok
  Router->>Treasury: USDT in
  Router->>Token: mint/transfer to user
  Token-->>User: tokens received
  Paymaster->>User: deduct USDT for gas
```

<figure><img src="/files/Jfb0paMY36Fd6G58PLV8" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://whitepaper.zodor.io/system-architecture/security-token-purchase-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.