Coldstream Informatics
Compliance

Payment card security

PCI DSS

SAQ A

We never handle raw card data — payments run through Stripe, keeping us to the simplest PCI scope.

What it is

PCI DSS — the Payment Card Industry Data Security Standard — governs how card data is handled. Its requirements scale with how much card data you touch.

Where Coldstream stands

We don’t store, process, or transmit raw card data. Payments are handled by Stripe, a PCI DSS Level 1 service provider. Card details go directly to Stripe; they never touch our servers. This keeps us to the simplest validation tier (SAQ A), and means our customers’ payment data is protected by Stripe’s certified infrastructure.

What we’re doing

Keeping payment integrations on Stripe’s hosted, tokenized flows so raw card data stays out of our systems entirely.

Last reviewed 2026-07-04T00:00:00.000Z · Questions? contact@coldstream.info