CartDNA is a Shopify Payment App Development Partner

CartDNA Logo

PCI DSS & Payment Security

Discover how CartDNA approaches payment security, PCI DSS awareness and responsible support for Shopify payment integrations and merchant operations.

This page explains CartDNA's security practices, the role of payment providers and merchant responsibilities when using payment-related services.

Last updated: 12 March 2026
View privacy policyContact CartDNA

Clear security information for merchants, partners and assessors

Table of contents

1. PCI DSS Overview

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect payment card data and ensure secure card transactions.

PCI DSS applies to organisations that process, store or transmit payment card information. The standard includes requirements for:

  • Payment card security standards
  • Protection of cardholder data
  • Security controls in payment environments
  • Regular security testing and monitoring

CartDNA supports payment security awareness by providing information and guidance on payment methods, integrations and merchant best practices.

2. CartDNA Security Approach

CartDNA provides payment-related tools, guidance and resources to help merchants understand payment integrations and checkout optimisation. Licensed payment providers handle transaction processing and card data environments.

Important clarification

CartDNA does not directly process or store payment card data unless explicitly stated. Payment processing is handled by certified third-party payment providers who maintain PCI DSS compliance.

CartDNA's role focuses on providing information, educational resources and tools to help merchants make informed decisions about their payment infrastructure.

3. Payment Provider Role

Payment providers are responsible for handling payment transactions, processing card data and maintaining PCI DSS compliance for their payment environments.

Typical payment provider responsibilities include:

  • Payment processing infrastructure
  • Card data management and storage
  • Encryption and tokenisation of sensitive data
  • Secure payment gateway operations
  • PCI DSS certification and audits

Merchants should review their chosen payment providers' security policies and compliance documentation to understand how card data is protected.

4. Merchant Responsibilities

Merchants using payment services through Shopify or other e-commerce platforms have their own security responsibilities.

Recommended merchant security practices include:

  • Use trusted, certified payment providers
  • Protect shop credentials and admin access
  • Keep e-commerce systems and plugins up to date
  • Follow Shopify security guidance and recommendations
  • Monitor shop activity for suspicious behaviour
  • Implement strong password policies
  • Use two-factor authentication when available

Merchants should consult their payment provider and e-commerce platform about specific security requirements and compliance obligations.

5. Security Practices

CartDNA maintains reasonable technical and organisational security measures to protect its website, services and operational infrastructure.

Security practices may include:

  • Secure hosting infrastructure
  • Access controls and permission management
  • Monitoring for suspicious activities and security threats
  • Regular software and infrastructure updates
  • Security testing and vulnerability assessments
  • Incident logging and review processes

While security measures are in place, no online system can guarantee absolute protection against all potential threats. CartDNA encourages users to follow security best practices when using online services.

6. Data Protection Principles

CartDNA applies data protection principles when handling personal information and operational data.

Key principles include:

  • Data minimisation – collecting only information necessary for stated purposes
  • Transparent processing – clear communication about data usage
  • Protection of personal information – reasonable security measures for sensitive data
  • Responsible operational practices – ongoing review of security and privacy measures

Additional information about data processing can be found in CartDNA's privacy policy and GDPR information pages.

7. Incident Response

In the event of a security incident, data breach or suspected compromise, CartDNA follows responsible incident response practices.

Incident response procedures may include:

  • Investigate reported issues promptly
  • Review system logs and access records
  • Apply security updates and mitigations
  • Communicate with affected parties where appropriate
  • Report incidents to relevant authorities when required by law

Users who suspect a security issue or wish to report a concern should contact CartDNA through the contact page.

8. Policy Updates

CartDNA may update this page periodically to reflect changes in security practices, industry standards or regulatory requirements.

Users are encouraged to review this page occasionally to stay informed about CartDNA's security approach and payment-related practices.

9. Contact Regarding Security Matters

If you have questions regarding PCI DSS compliance, payment security or CartDNA's security practices, please contact:

Nabeyond Ltd

Operator of the CartDNA platform

Visit contact page

Related legal pages

Privacy policyGDPR informationTerms and conditionsLegal hub

Clear security information builds merchant trust

Security awareness

Explain payment security expectations in simple, merchant-friendly language.

Clear platform role

Clarify what CartDNA does and what payment providers are responsible for.

Responsible data handling

Show that privacy and security practices support merchant trust.

Need help with a security or compliance question?

Contact CartDNA if you need clarification about payment security, platform practices or compliance-related information.

Contact CartDNAExplore payment methods