Payment data certifications: PCI DSS, SOC2, ISO27001

Updated on 19 Jun 2024’s transactional engine software can be customized to comply with regulatory requirements in different regions. This adaptability ensures that financial institutions and businesses using the platform can effectively meet local compliance standards.

Please keep in mind that is a software platform and it does not handle the regulatory aspects of launching a financial technology product. Therefore, it is the responsibility of the customer to ensure regulatory compliance for their product built using Platform.


PCI DSS (Payment Card Industry Data Security Standard) refers to a set of security standards that aim to ensure the protection of cardholder data and the secure handling of payment transactions. 

Since the main databases are managed by the customers on their side, the software doesn’t retain any user data or cardholder information, which means that the PCI DSS compliance regulations are not directly applicable to the Platform.

However, customers can issue payment cards for their end-users adhering to PCI DSS regulations thanks to the integration with Marqeta, a card issuing provider certified with PCI DSS level 1 and SSAE-18 compliance.

Also, is currently obtaining PCI DSS certification for its code storage and development procedure.

Alternatively, customers using it as a foundation for a product that involves payment card transactions can implement a storage system that aligns with PCI DSS compliance guidelines and use it as an autonomous standalone service with required storage and encryption within their own databases.


SOC 2 (Service Organization Control Type 2) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA). Its main purpose is to ensure third-party service providers securely store and process client data.

Since SOC 2 mainly focuses on how service providers secure customer data, does not store user data or cardholder information, as customers manage their databases. Therefore, SOC 2 compliance may not directly apply to the platform in the traditional sense.

However, to ensure the security of our code storage and development practices, we are planning to pursue SOC 2 compliance in the future. This will provide independent verification of our security controls in these areas.

ISO 27001

ISO 27001 is the globally recognized standard for managing risks related to the security of information and data held by your organization. This standard ensures that customer and employee data is stored securely and complies with legal requirements such as GDPR. does not store any user information or personal data itself. Instead, its customers, who own and control the databases where user information is stored, are responsible for ensuring compliance with ISO 27001 regulations. 

While facilitates secure transactions and data handling, the direct application of ISO 27001 pertains to its customers. Nonetheless, is committed to pursuing ISO 27001 certification in the future to further enhance its security framework.