← Back to Compliance Center

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is the standard for all business that engages in credit card transactions in the payments industry. EmailMeForm values compliance and has achieved Level 2 PCI Certification, a full-scale audit validated by TUVRheinland, the PCI SSC qualified security assessor.

Apply for PCI Compliance Plan


PCI is the short term people use for Payment Card Industry Data Security Standard (PCI DSS). It’s a set of rules and requirements prescribed for those that collect sensitive customer data like credit card information and process payments online.

If you’re collecting sensitive customer information like credit card information to process the payments at a later time on their behalf, then yes.

  • Utilize the Vault field for collecting credit card information to ensure that the cardholder data is always encrypted upon collection, transmission between networks, and storage

  • Provide encrypted upload fields when asking users to submit documents like a passport for data privacy protection

  • Use field-level encryption on your form fields to encrypt the collected information before they are sent to our EmailMeForm storage

  • Collect electronic signatures via our signature fields for additional security protection

  • Access to our appointed Data Protection Officer (DPO) for your specific PCI requirements

Yes. EmailMeForm is PCI-Certified to handle offline credit card transmission and storage, as well as integrating with our reliable payment integration partners like Paypal, Stripe, Braintree, Chargify, and more.

We’re not just PCI Compliant. We’re the only PCI-Certified form builder who can allow users to collect the complete credit card number, CVV code, and expiration date.


PCI Compliance is a self-checked assessment of security measures prescribed by PCI DSS — it only takes about 30-45 days to complete.

PCI Certification takes that same checklist and then submits that assessment to an independent audit conducted by a PCI Qualified Security Assessor (QSA) who’s been selected, trained, and qualified by the PCI body itself.

In summary, being PCI-Compliant is just a claim, being PCI-Certified is having proof.

Learn more about PCI Compliance vs. PCI Certification here.

This is available upon request. Please send us a message here.

EmailMeForm’s independent QSA is TUVRheinland.

Higher level of security and convenience for both you and your client.

Instead of calling them on the phone to get the CVV code, our forms let you collect the complete credit card number, CVV code, and expiration date. We’re the only PCI-Certified Form Builder who can do that.

PCI certified business is necessarily PCI Compliant but certification is not guaranteed the other way around.

As far as we know, yes.

Other form builders can say they’re PCI-Compliant or PCI-Certified, but they don’t allow you to collect the full credit card number and CVV code. They are only certified to process integrated payments with 3rd parties.

We also have an appointed Data Protection Officer (DPO) who handles all our PCI concerns.

PCI Security Standards Council (PCI SSC) is the security council managing the laws adhered by the PCI DSS.

Your process of collecting credit card information entrusted using our forms is PCI Compliant and that’s our only scope. Clients are solely responsible for auditing their entire business for PCI compliance.

We’ve helped a lot of business owners— from travel agents to educational and sports institutions, banks, hospitals, and medical centers, sellers of all sizes, service providers, and various organizations — collect and store their customers’ sensitive cardholder data through our forms.

This sensitive information is stored in our Vault, EmailMeForm PCI Certified solution. Learn more here

This page is for presenting our PCI compliance information only. We highly recommend that you consult
legal advice to further support your PCI Compliance obligation.

If you have more questions about our PCI Certification, you can contact our Data Protection Officer (DPO) here

Ready to Get Started?

Start securely collecting customer data with PCI-Certified forms today.
Apply for PCI Compliance PlanSee Plans & Pricing