Hello hello,
I’m using the stripe.js plugin to handle customer payments, and I’m trying to figure out if our app is in fact handling the sensitive payment details or not (we’re putting together a terms of use doc).
Looking at Stripe’s documentation, they say that using Stripe.js ensures that all sensitive data is handled by Stripe, so it is PCI compliant. But in the tokenization part of their API docs, they mention that it is only PCI compliant if the tokens are being generated at the client side. That confuses me because the tokens are generated within a bubble workflow.
Is someone able to clarify whether using the stripe.js plugin to handle customer payments using tokenization is PCI compliant or not? And additionally if there is anything specific we should include in our terms and conditions to this end?
Cheers!
Matt