VWO Logo
Request Demo


Payment Card Industry Data Security Standard

VWO Experience Optimization Platform complies with Payment Card Industry Data Security Standard version 3.2.1 Level 2 Service Provider. VWO is a service provider and does not process cardholder data.


VWO complies with the Level 2 Service Provider certification process, which validates compliance on an annual basis by verifying adherence to PCI DSS requirements assessment, which includes validating the integration code i.e JS SmartCode, SDKs required for VWO Experience Optimization Platform, development, operations, management, support and in-scope services compliance using Self-Assessment Questionnaire (SAQ-D) and Attestation of Compliance for Service Providers.

Customers are responsible for ensuring that they achieve compliance with PCI DSS requirements. The VWO Customer PCI Guide specifies areas of responsibility for each PCI DSS requirement, and whether it is assigned to VWO or the customer, or if the responsibility is shared.

Audits, Reports, and certificates

Audit cycle: Wingify’s VWO Experience Optimization Platform is assessed at least annually against the PCI DSS v3.2 standard.

Refer to the following document for more details: 

PCI DSS Overview

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands—Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits the payment and cardholder data.