Privacy Policy

1. Information We Collect

PCI Compliance Hub collects information necessary to provide our services while maintaining compliance with PCI DSS requirements. This includes:

• Account information (name, email, organization details)
• Payment information processed securely through Stripe (we do not store full payment details)
• Compliance scan results and security findings
• Training progress and certification records

2. How We Use Your Information

We use collected information to:

• Provide and improve our PCI DSS compliance services
• Generate compliance reports and certificates
• Process payments and manage subscriptions
• Communicate important service updates
• Maintain security and prevent fraud

3. Data Security

We implement strict security measures in compliance with PCI DSS requirements:

• Encryption of data in transit (TLS 1.2+) and at rest
• Regular security testing and vulnerability scanning
• Access controls and role-based permissions
• Secure development practices following OWASP guidelines
• Annual PCI DSS compliance assessments

4. Third-Party Services

We use carefully vetted third-party services that maintain PCI DSS compliance:

• Stripe for payment processing (PCI DSS Level 1 compliant)
• AWS for secure cloud hosting
• Auth.js for secure authentication

5. Your Rights

You have the right to:

• Access, correct, or delete your personal data
• Request a copy of your compliance records
• Withdraw consent for data processing
• Lodge complaints with regulatory authorities

6. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Significant changes will be communicated to users.

7. Contact Us

For privacy-related inquiries, please contact our Data Protection Officer at privacy@pcicompliancehub.com.