DE
BR
VWO Experience Optimization Platform complies with Payment Card Industry Data Security Standard version 4.0.1 Level 2 Service Provider. VWO is a service provider and does not process cardholder data.
VWO and PCI DSS
VWO complies with the Level 2 Service Provider certification process, which validates compliance on an annual basis by verifying adherence to PCI DSS requirements assessment, which includes validating the integration code i.e JS SmartCode, SDKs required for VWO Experience Optimization Platform, development, operations, management, support and in-scope services compliance using Self Assessment Questionnaire (SAQ-D) and Attestation of Compliance for Service Providers.
Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements. The VWO Customer PCI Guide specifies areas of responsibility for each PCI DSS requirement, and whether it is assigned to VWO or the customer, or if the responsibility is shared.
Audits, Reports, and certificates
Audit cycle: Wingify’s VWO Experience Optimization Platform is assessed at least annually against the PCI DSS v4.0.1 standard by third-party auditors – Qualified Security Assessor. Our last audit was concluded by Cyber Sigma on May 11, 2025.
Date of Attestation & Certificate: 11 May 2025
Valid Until: 11 May 2026
Refer to the following document for more details:
- Attestation of Compliance
- Certification of Compliance
- VWO Customer PCI Guide of Responsibility for each PCI DSS requirements
- How to configure Your VWO account to be PCI compliant
PCI DSS Overview
The Payment Card Industry Data Security Standard (PCI DSS) is a global framework designed to safeguard payment card data and prevent fraud. Any organization that stores, processes, or transmits cardholder information must comply with PCI DSS. Although VWO does not handle cardholder data, we maintain compliance to support customers operating in regulated environments.
