What it is
PCI DSS — the Payment Card Industry Data Security Standard — governs how card data is handled. Its requirements scale with how much card data you touch.
Where Coldstream stands
We don’t store, process, or transmit raw card data. Payments are handled by Stripe, a PCI DSS Level 1 service provider. Card details go directly to Stripe; they never touch our servers. This keeps us to the simplest validation tier (SAQ A), and means our customers’ payment data is protected by Stripe’s certified infrastructure.
What we’re doing
Keeping payment integrations on Stripe’s hosted, tokenized flows so raw card data stays out of our systems entirely.