Privex Pay is built on enterprise-grade security infrastructure so that you can accept payments with confidence. As your Merchant of Record, Privex Pay takes on the security and compliance obligations that would otherwise fall on you — including card data handling, regulatory adherence, and infrastructure uptime. This page explains exactly what Privex Pay protects, what you are responsible for, and how your customers’ data is kept safe.Documentation Index
Fetch the complete documentation index at: https://privexpay.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
PCI DSS Level 1 certification
Privex Pay holds PCI DSS Level 1 certification — the highest tier awarded by the Payment Card Industry Data Security Standard. This certification is assessed annually by a Qualified Security Assessor and covers the full transaction lifecycle, from card entry through authorization and settlement. As a merchant using Privex Pay, you benefit from this certification without needing to pursue your own PCI compliance program. Because Privex Pay acts as the Merchant of Record, card data never touches your servers.PCI DSS Level 1 applies to organizations that process more than six million card transactions per year. It is the standard trusted by the world’s largest banks, payment networks, and enterprise retailers.
Encryption and tokenization
Every transaction processed through Privex Pay is protected by 256-bit AES encryption in transit and at rest. This is the same encryption standard used by financial institutions and government agencies worldwide. Card numbers, CVVs, and expiry dates are never stored in plain text. Instead, Privex Pay replaces sensitive card data with a secure token — a random identifier that cannot be reverse-engineered to recover the original card details. This process is called tokenization, and it means that even in the event of a data breach on any system, no usable card data is exposed.Because Privex Pay is your Merchant of Record, your customers’ card details are processed and stored entirely within Privex Pay’s PCI-certified environment. You are never in possession of raw card data.
Uptime and reliability
Privex Pay guarantees 99.99% uptime on its payment processing infrastructure. This corresponds to less than one hour of unplanned downtime per year. Redundant systems, geographic failover, and continuous monitoring ensure that your checkout remains available around the clock.GDPR compliance
Privex Pay operates as an independent data controller under the General Data Protection Regulation (GDPR). This means Privex Pay determines the purposes and means of processing personal data it collects during payment and verification flows, and complies with GDPR obligations independently. You remain responsible for your own data handling practices — including how you collect, store, and use customer information on your own platforms. Review your privacy policy to ensure it accurately reflects your data practices separate from Privex Pay’s processing.What Privex Pay handles vs. what you are responsible for
Privex Pay handles
- PCI DSS Level 1 compliance
- 256-bit encryption of all transaction data
- Card data tokenization and secure storage
- Fraud detection and real-time monitoring
- GDPR compliance for payment data Privex Pay processes
- 99.99% infrastructure uptime
- Cooperation with law enforcement requests related to payment data
You are responsible for
- Accurate product descriptions and pricing
- Compliance with laws applicable to your business and jurisdiction
- Maintaining 2FA on your Privex Pay account
- Not submitting fraudulent or prohibited transactions
- Your own data handling practices outside of Privex Pay
- Operating only in permitted jurisdictions
Explore related compliance topics
Fraud protection
Learn how Privex Pay’s AI-powered fraud detection analyzes every transaction in real time and what to do if a transaction is flagged.
KYC verification
Understand the identity verification process you must complete before accepting live payments.