Privacy Policy​

Last Updated 1 March 2023

PCIVault.io is a service that offers an Open API, secure credit card tokenization vault and entropy as a service that allows you to comply with PCI requirements while integrating with any payment gateway around the world. We value and respect your privacy and will take all reasonable steps to protect your and your customers’ personal information. This Privacy Policy will help you understand what personal data PCIVault.io collects and how we collect, hold, use and disclose that information as well as the purposes of such collection and disclosure.

1. What does this Privacy Policy Apply To?

This Privacy Policy applies to PCIVault.io, all subpages, our blog (together, the “Website”) and all software and services that we offer through our Website. This Privacy Policy does not apply to any website, service or product of any third-party even if such third party links to or is linked from our Website. We do not control or operate those websites, services or products and assume no responsibility for them. You should carefully review the privacy policies of such third party websites, services or products before deciding whether to provide any personal information.

2. Information Collection and Use

What information do we collect?

We collect information in several ways: (i) when you send us an e-mail or communicate via any other electronic means we will store the address and the conversation history; (ii) when you register via our Website we will collect and store certain personal data that may include your address, phone numbers, credit card numbers, IP address, location, information about your computer or device and other standard web log information; (iii) when a customer uses a checkout process on a merchant’s website that is integrated to PCIVault.io, we will gather and may store payment card data, billing details and other personal data required to process the transaction.

We refer to the information we collect generally as “personal information”, which includes any information that can be used to identify and individual, or any anonymous information that is linked to a specific individual. Any information that is aggregated or becomes anonymous such that it cannot be reasonably associated with an individual shall not be considered personal information.

The types of personal information we collect and our use of that personal information will depend on whether you are a website user, merchant or end customer.

Website Users

When you browse our Website, you will not be required to provide any personal information. We may, however, gather non-personally-identifiable information solely for the purposes of monitoring our Website and the services that we offer through it. We will not share this information with third parties or use it to target any advertisements to you.


When you visit our Website we offer you the opportunity to sign-up for a free test account that gives you the ability to integrate to our API and run test transactions in our sandbox environment before you commit to purchasing a paid subscription plan. As part of this process, we may collect your IP address, information about your computer, and other standard web log information. We will also collect your email address and other personal information that we may use to update you about your account with PCIVault.io and our service generally.

When you sign-up for a paid production account, in addition to the information above, we require you to provide a valid credit card and contact email. We will only use this information to ensure that your PCIVault.io account remains in good standing until you elect to terminate your subscription.

Once you begin using the PCIVault.io service for production transactions, we will keep records of your transactions and collect information of your other activities related to our service.

End Customers

When a merchant using PCIVault.io’s service collects payment information from you, they will collect personal information from you and pass it to us. This personal information includes your payment card or bank account information, and may include your email address, phone number, and billing and shipping address. When you use a merchant’s website to store your payment card details for future use, we will use the personal information you provide to the merchant to store those card details.


We may collect information about your computer (including your IP address), operating system and browser type, for system administration purposes.

We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website, deliver a better and more personalized service, look for possible fraudulent activity, and to be better understand the sources of traffic to our Website.

You may elect to refuse disable cookies by activating the appropriate setting on your browser. However, if you select this option you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will automatically issue cookies when you log on to our Website.

Children’s Online Privacy Protection Act

Our Website and the services we offer are directed to the general public, but are not directed at persons under the age of 13. We do not knowingly collect information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Website or using our services. If we do learn that we have inadvertently collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any information from a child under 13 years of age, please contact us.

What we do with your information?

PCIVault.io uses the information we collect for the following general purposes including products and services provisioning, billing, identification and authentication, service improvement, contact, and research.

We may occasionally email you with information about new service. You may opt out of these emails by clicking on the unsubscribe link contained in such communications or by replying with unsubscribe in the subject line. Please note that you will continue to receive communications about your PCIVault.io account including billing invoices and usage notifications.

3. Sharing and Disclosure of Information

We are not allowed to disclose personal information without your written permission and will never sell or rent your personal information to marketers.

Certain information collected about you and your customers may be shared with third parties within the context of providing PCIVault.io services. These third parties may include our agents, related body corporates, contractors, financial institutions, payment processors, fraud services, and any third parties that you have directly authorized to receive your personal information. We may store personal information with third parties in locations outside our direct control, for example on offsite servers or databases. Some of the third parties to whom we disclose your personal information may be located outside your country of residence. By visiting our Website or using our service, you acknowledge that we may share payment transaction data and related information with third parties to the extent necessary to process transactions via the PCIVault.io service. The use of personal information by such third party will be subject to their applicable privacy policy, which we recommend you carefully review.

In certain circumstances we may be required to disclose personal information to government officials, law enforcement or other third parties: (i) in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of PCIVault.io’s terms of use, or as otherwise required by law; (ii) if we are compelled to do so by subpoena, court order or other legal process; or (iii) if we are required to do so to comply with any law, statute, or set of rules or regulations.

We will only disclose personal information in response to a request if we believe in good faith that it is necessary to comply with any applicable law or legal requirement. We will use reasonable efforts to provide you prompt notice prior to such disclosure so that you can contest the requirement if you choose unless we determine in good faith that: (i) we are not permitted to provide you such notice under any applicable law; or (ii) giving such notice would result in an imminent risk of death, serious injury or significant property loss or damage to PCIVault.io or a third party.

In the event PCIVault.io is acquired by or merged with another company or enters into a reorganization, bankruptcy or any other similar event then we may also transfer any personal information to our success or assign. In this event, we will notify you by email or by putting a prominent notice on the Website before any personal information is transferred and becomes subject to a different privacy policy.

4. Data Retention

Personal information we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes.

PCIVault.io owns the data storage, databases and all rights to the PCIVault.io application, but we make no claim to the rights of your data. You retain all rights to your data and we will never contact your clients directly, or use your data for our own business advantage or to compete with you or market to your clients.

To offer our service we are required to retain certain data you provide us to ensure transactions are processed correctly, to identify fraudulent activity, and to comply with applicable laws and regulations. Accordingly, even if you close your PCIVault.io account and we export your data to a third party, we will retain certain information as necessary to meet these obligations.

5. Credit Card Transactional Data

PCIVault.io sits in a unique position, seeing credit card transactional data from a wide range of global credit cards running across a diverse set of financial payment providers. In an attempt to help improve the performance of payment networks, PCIVault.io may aggregate credit card transactional information and may sell that aggregated data to interested third parties.

“Interested third parties” are customers of our data as a service (DaaS) offering. They are typically focused on comparing their experience of credit card transaction service (specifically, success and decline rates and gateway latency) to the industry overall, with an eye to reducing decline rates and thus improving the payment experience for all involved. By “aggregated data” we mean data collected at the gateway level across all merchants transacting through that gateway.

We DO NOT collect or share any personal identifying information of any individual (such as name, address, credit card or social security number, or other identifiers), any data concerning any PCIVault.io merchant customer, or any type of Stock Keeping Unit identification code or other information that indicates what product or service was purchased.

6. Security and Protection of Information

The security of your personal information is important to us. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology. We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. PCIVault.io’s systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.

You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Website or our service and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer and systems.

PCIVault.io provides some or all of its service from systems located outside of Europe. Accordingly, any European merchants and/or merchants collecting information from European persons by using PCIVault.io’s service must disclose to their customers that personally identifiable information may be transferred, processed and stored outside of Europe.

PCIVault.io maintains strict administrative technical, and physical procedures to protect information stored in our servers, which are located in the United States, and access to personal information is limited to only those employees who require it to perform their job functions.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our Website, you should get in touch.

7. EU-U.S. and Swiss-U.S. Privacy Shield Policy

PCI Vault complies/adheres with the EU-US and Swiss ¬U.S. Privacy Shield Framework in regards to the collection, use, storing, protecting of personal data transferred from the European Union [EU] member countries and Switzerland. PCIVault.io has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. PCIVault.io is subject to the investigatory and enforcement powers of the FTC with respect to our adherence to Privacy Shield. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework and to view our certification, please visit https://www.privacyshield.gov/welcome

In cases of onward transfers to third parties of data of EU or Swiss individuals received pursuant to the EU-US and Swiss-U.S. Privacy Shield, PCIVault.io, is potentially liable, unless PCIVault.io., proves that it is not responsible for the event giving rise to the damage.

Inquiries & Complaints

In compliance with Privacy Shield Principles, PCI Vault, commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact PCIVault.io.

We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using JAMS as a third party resolution provider. For more information on filing a complaint with JAMS, please visit: https://www.jamsadr.com/eu-us-privacy-shield.If your complaint is not resolved through the above channel, in certain limited circumstances you may qualify to invoke binding arbitration before the ‘Privacy Shield Panel’ set up by the US Department of Commerce and the European Commission.

8. Changes to this Privacy Policy

We reserve the right to modify this privacy statement at any time, so please review it occasionally to ensure you’re still in agreement with its provisions. If we make material changes to this policy, we will notify you here or by means of a notice on our Website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy.

9. Questions; Access, Corrections and Complaints

If you have any questions about this Privacy Policy or would like to access or seek correction of your personal information, or if you have any complaints regarding our privacy practices, please send us a message.

PCI DSS Storage Vault

PCIVault.io is a vendor neutral PCI DSS compliant environment. It is a SaaS solution offering Tokenization as a Service (TaaS) combined with it’s own Entropy as a Service (EaaS) engine for lightning quick enterprise grade encryption.