Information Security Policy

LAST UPDATED: March 31, 2026

PCI Compliance & Payment Processing


All payment transactions under this Agreement shall be processed exclusively through a third-party PCI-DSS compliant payment gateway, currently Authorize.Net, or a substantially similar provider.

Company shall not store, process, or transmit cardholder data on its own systems. All sensitive payment information shall be securely tokenized and handled solely by the payment processor in accordance with applicable Payment Card Industry Data Security Standards (PCI-DSS).

Accordingly, Company’s PCI compliance obligations shall be limited to those applicable to merchants who fully outsource payment processing (commonly referred to as SAQ-A level compliance). The payment processor shall bear sole responsibility for the security, storage, and transmission of cardholder data.

Each Party agrees to comply with all applicable PCI-DSS requirements to the extent such requirements apply to its respective role. Under no circumstances shall Company be liable for any breach, compromise, or unauthorized access to cardholder data arising from systems or services controlled by the payment processor or other third-party providers.

Company shall not have access to full cardholder data at any time, and any references to payment information within Company systems shall consist solely of tokenized or truncated data provided by the payment processor.
     Proud Partner
Love Anchors Cruise
The Stock Whisperer
Trustpilot