diff --git a/apps/portal/src/features/get-started/components/GetStartedForm/steps/CompleteAccountStep.tsx b/apps/portal/src/features/get-started/components/GetStartedForm/steps/CompleteAccountStep.tsx
index 8316d79f..6d95f136 100644
--- a/apps/portal/src/features/get-started/components/GetStartedForm/steps/CompleteAccountStep.tsx
+++ b/apps/portal/src/features/get-started/components/GetStartedForm/steps/CompleteAccountStep.tsx
@@ -16,6 +16,7 @@ import {
   type JapanAddressFormData,
 } from "@/features/address/components/JapanAddressForm";
 import { prepareWhmcsAddressFields } from "@customer-portal/domain/address";
+import { getSafeRedirect } from "@/features/auth/utils/route-protection";
 import { useGetStartedStore } from "../../../stores/get-started.store";
 import { useRouter } from "next/navigation";
 
@@ -47,8 +48,11 @@ export function CompleteAccountStep() {
     serviceContext,
   } = useGetStartedStore();
 
-  // Compute effective redirect URL from store state
-  const effectiveRedirectTo = redirectTo || serviceContext?.redirectTo || "/account/dashboard";
+  // Compute effective redirect URL from store state (with validation)
+  const effectiveRedirectTo = getSafeRedirect(
+    redirectTo || serviceContext?.redirectTo,
+    "/account/dashboard"
+  );
 
   // Check if this is a new customer (needs full form) or SF-only (has prefill)
   const isNewCustomer = accountStatus === "new_customer";
diff --git a/apps/portal/src/features/get-started/components/GetStartedForm/steps/SuccessStep.tsx b/apps/portal/src/features/get-started/components/GetStartedForm/steps/SuccessStep.tsx
index fd5b18f1..e769c8ff 100644
--- a/apps/portal/src/features/get-started/components/GetStartedForm/steps/SuccessStep.tsx
+++ b/apps/portal/src/features/get-started/components/GetStartedForm/steps/SuccessStep.tsx
@@ -6,13 +6,17 @@
 
 import { Button } from "@/components/atoms";
 import { CheckCircleIcon, ArrowRightIcon } from "@heroicons/react/24/outline";
+import { getSafeRedirect } from "@/features/auth/utils/route-protection";
 import { useGetStartedStore } from "../../../stores/get-started.store";
 
 export function SuccessStep() {
   const { redirectTo, serviceContext } = useGetStartedStore();
 
-  // Compute effective redirect URL from store state
-  const effectiveRedirectTo = redirectTo || serviceContext?.redirectTo || "/account/dashboard";
+  // Compute effective redirect URL from store state (with validation)
+  const effectiveRedirectTo = getSafeRedirect(
+    redirectTo || serviceContext?.redirectTo,
+    "/account/dashboard"
+  );
 
   // Determine if redirecting to dashboard (default) or a specific service
   const isDefaultRedirect = effectiveRedirectTo === "/account/dashboard";