How we help you to comply with the PCI Data Security Standard.
Last updated: 11 June 2026
Card Data Handling
Nookal does not store full PAN, CVV or PIN on Nookal servers or in Nookal databases. Card entry and processing are handled by Level 1 PCI DSS validated payment processors using hosted, tokenised or processor‑controlled payment flows. Card data is transmitted directly to these processors — we never receive or store sensitive card data.
PCI DSS Validation
Nookal completes annual PCI DSS validation appropriate to our payment flows, including:
- SAQ A/A‑EP: validation for merchant environments with limited card handling;
- Vulnerability management: regular scanning and remediation;
- Secure development: code review and change management;
- Access controls: least-privilege production access.
Our current PCI Attestation of Compliance (AOC) is available upon request. Contact privacy@nookal.com to request a copy.
Your Obligations
As a merchant using Nookal for payment processing, you remain responsible for your own PCI DSS obligations, including:
- maintaining secure systems and networks;
- protecting cardholder data where applicable;
- maintaining a vulnerability management programme;
- implementing access control measures;
- maintaining and testing security systems and processes;
- maintaining an information security policy.
Nookal’s SAQ A/A‑EP validation and use of Level 1 PCI DSS validated processors helps minimise your PCI scope and compliance burden.
Secure Payment Practices
- HTTPS/TLS encryption: all payment data in transit is encrypted using TLS 1.2 or higher;
- No sensitive data logged: card details are never logged or retained in audit trails;
- Network segmentation: payment systems are isolated and monitored;
- Incident response: documented procedures for handling potential security incidents.
Contact
- PCI and compliance inquiries: privacy@nookal.com
- General support: support@nookal.com
Questions? Contact privacy@nookal.com for privacy and compliance enquiries, or support@nookal.com for product support.