![CoudDepot_LOGO_RGB.png]](https://kb.clouddepot.com/hs-fs/hubfs/CoudDepot_LOGO_RGB.png?height=40&name=CoudDepot_LOGO_RGB.png){kind=logo}
PCI Compliance
Cloud Depot’s security standards, including our PCI Level 2 SAQ-D compliance, monthly Qualys vulnerability scanning, and how we leverage Level 1 partners to keep your data safe.
Security and PCI Compliance
At Cloud Depot, the security of your data and your customers' payment information is our highest priority. Our platform is built on a "Security by Design" philosophy to ensure that every transaction is handled with the highest level of integrity.
1. PCI DSS Compliance
Cloud Depot is a PCI DSS Level 2 (SAQ-D) compliant service provider.
The Assessment Questionnaire D (SAQ-D) is a comprehensive type of assessment, designed for service providers who handle the technical complexities of payment processing. Being compliant at this level means we adhere to strict internal security policies, data encryption standards, and rigorous access controls.
2. Our Partner Network
To provide an extra layer of security, Cloud Depot strictly integrates with PCI Level 1 Service Providers (the highest level of PCI compliance available).
-
When you use our Recurring Payment System (RPS) or HostedPay, your customers' sensitive credit card data is "tokenized" directly by the gateway (e.g. WorldPay, GoCardless, or Stripe).
-
Zero Data Retention: Cloud Depot never stores raw credit card numbers or CVV codes on our servers. We only store secure "tokens" provided by our Level 1 partners.
3. Continuous Monitoring and Testing
Security is not a "set and forget" task. We employ industry-leading tools to ensure our environment remains hardened against threats:
-
Monthly Vulnerability Scans: Our infrastructure is scanned monthly by Qualys, a global leader in cybersecurity and compliance. These scans identify potential vulnerabilities in our network and application layers.
-
Quarterly Attestations: Following our monthly scans, we perform quarterly Attestations of Compliance (AOC). This process ensures that any identified risks are remediated immediately and that our security posture meets the evolving standards of the PCI Security Standards Council.
-
Encryption: All data in transit is protected using industry-standard TLS (Transport Layer Security) encryption.
- Web Application Firewall (WAF): Our portal is shielded by a WAF to filter out malicious traffic.
- Content Security Policy (CSP): We use a strict CSP to define which scripts and resources are allowed to load, preventing unauthorized data exfiltration.
- JavaScript Integrity: All external scripts are verified using Subresource Integrity (SRI) to ensure the code hasn't been tampered with before it reaches your browser.
4. Why This Matters for You
By using a PCI-compliant provider like Cloud Depot, your own compliance burden is significantly reduced. Because we handle the secure transmission and tokenization of data, you can assure your clients that their financial information is being managed by a platform that is independently scanned and verified every month.
PCI Overview
| Feature | Standard |
| PCI Level | Level 2 (SAQ-D) |
| Partner Requirement | Level 1 Providers Only |
| Vulnerability Scanning | Monthly (Qualys) |
| Compliance Verification | Quarterly Attestation |
| Data Encryption (Transit) | TLS 1.2+ |
| Data Encryption (Storage) | AES-256bit |