CartDNA is a Shopify Payment App Development Partner

CartDNA Logo

PCI DSS and Payment Security

Learn how CartDNA approaches payment security, PCI DSS awareness, and responsible support for Shopify payment integrations and merchant operations.

This page explains CartDNA's security practices, the role of payment providers, and merchant responsibilities when using payment-related services.

Last updated: 12 March 2026
View Privacy PolicyContact CartDNA

Clear security information for merchants, partners, and reviewers

Table of Contents

1. PCI DSS Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect payment card data and ensure secure card transactions.

PCI DSS applies to organisations that process, store, or transmit payment card information. The standard includes requirements for:

  • Payment card security standards
  • Protecting cardholder data
  • Security controls across payment environments
  • Regular security testing and monitoring

CartDNA supports payment security awareness by providing information and guidance about payment methods, integrations, and merchant best practices.

2. CartDNA Security Approach

CartDNA provides tools, guidance, and payment-related resources to help merchants understand payment integrations and checkout optimisation. Approved payment providers handle transaction processing and card data environments.

Important Clarification

CartDNA does not directly process or store payment card data unless explicitly stated. Payment processing is handled by certified third-party payment providers that maintain PCI DSS compliance.

CartDNA's role focuses on providing information, educational resources, and tools to support merchants in making informed decisions about their payment infrastructure.

3. Role of Payment Providers

Payment providers are responsible for handling payment transactions, card data processing, and maintaining PCI DSS compliance for their payment environments.

Typical responsibilities of payment providers include:

  • Payment processing infrastructure
  • Card data handling and storage
  • Encryption and tokenisation of sensitive data
  • Secure payment gateway operations
  • PCI DSS certification and auditing

Merchants should review the security policies and compliance documentation of their chosen payment providers to understand how card data is protected.

4. Merchant Responsibilities

Merchants using payment services through Shopify or other ecommerce platforms have their own security responsibilities.

Recommended merchant security practices include:

  • Use trusted and certified payment providers
  • Protect store credentials and admin access
  • Keep ecommerce systems and plugins updated
  • Follow Shopify security guidance and recommendations
  • Monitor store activity for suspicious behaviour
  • Implement strong password policies
  • Use two-factor authentication where available

Merchants should consult their payment provider and ecommerce platform for specific security requirements and compliance obligations.

5. Security Practices

CartDNA maintains reasonable technical and organisational security measures to protect its website, services, and operational infrastructure.

Security practices may include:

  • Secure hosting infrastructure
  • Access controls and permission management
  • Monitoring for suspicious activity and security threats
  • Regular software and infrastructure updates
  • Security testing and vulnerability assessments
  • Incident logging and review processes

While security measures are in place, no online system can guarantee absolute protection against all potential threats. CartDNA encourages users to follow security best practices when using online services.

6. Data Protection Principles

CartDNA applies data protection principles when handling personal information and operational data.

Key principles include:

  • Data minimisation – collecting only information necessary for stated purposes
  • Transparent handling – clear communication about how data is used
  • Protection of personal information – reasonable security measures for sensitive data
  • Responsible operational practices – ongoing review of security and privacy measures

Additional information about data handling can be found in the CartDNA Privacy Policy and GDPR information pages.

7. Incident Response

In the event of a security incident, data breach, or suspected compromise, CartDNA follows responsible incident response practices.

Incident response procedures may include:

  • Investigate reported issues promptly
  • Review system logs and access records
  • Apply security updates and mitigations
  • Communicate with affected parties where appropriate
  • Report incidents to relevant authorities when required by law

Users who suspect a security issue or wish to report a concern should contact CartDNA through the contact page.

8. Policy Updates

CartDNA may update this page periodically to reflect changes in security practices, industry standards, or regulatory requirements.

Users are encouraged to review this page occasionally to stay informed about CartDNA's security approach and payment-related practices.

9. Contact Regarding Security Matters

If you have questions regarding PCI DSS compliance, payment security, or CartDNA's security practices, please contact:

Nabeyond Ltd

Operator of the CartDNA platform

Visit contact page

Related legal pages

Privacy PolicyGDPR InformationTerms and ConditionsLegal Hub

Clear security information builds merchant trust

Security awareness

Explain payment security expectations in plain, merchant-friendly language.

Clear platform role

Clarify what CartDNA does and what payment providers are responsible for.

Responsible data handling

Show that privacy and security practices support merchant confidence.

Need help with a security or compliance question?

Contact CartDNA if you need clarification about payment security, platform practices, or compliance-related information.

Contact CartDNAExplore Payment Methods