PCI DSS Compliance

Payment Card Industry Data Security Standard - SAQ A

Our Payment Security Approach

PyTalk uses a SAQ A (Self-Assessment Questionnaire A) compliance model. This means we never store, process, or transmit cardholder data on our servers. All payment processing is fully outsourced to our PCI DSS Level 1 certified payment processor.

Payment Processor: PayU

  • PCI DSS Level 1 Certified - The highest level of payment security certification
  • All card data is entered directly on PayU's secure payment page
  • PyTalk servers never see or handle credit card numbers, CVVs, or full card details
  • Payment confirmations are received via secure server-to-server callbacks

What We Store

We only store non-sensitive payment reference data:

  • Transaction IDs (for reconciliation)
  • Payment status (success/failure)
  • Plan and billing period information
  • Invoice records

We do NOT store:

  • Credit/debit card numbers
  • CVV/CVC codes
  • Card expiration dates
  • Full cardholder names for payment purposes

SAQ A Requirements Met

Requirement Status
No electronic storage of cardholder data Compliant
All payment pages served by PCI-compliant provider Compliant
HTTPS/TLS for all web traffic Compliant
No direct processing of cardholder data Compliant
Redirect-based payment flow (no iframes with card fields) Compliant
Secure callback verification for payment confirmations Compliant

Security Measures

  • All communication encrypted with TLS 1.2+
  • HSTS (HTTP Strict Transport Security) enabled
  • CSRF protection on all forms
  • Content Security Policy headers enforced
  • Regular security audits and penetration testing
  • Comprehensive audit logging of all billing operations