PCI-DSS, CCPA, GDPR Compliance

Compliance Standards

Transactions with Iron Software are made using an authorized reseller, Fastspring.

Payment Card Industry (PCI) Data Security Standard (DDS)

The Payment Card Industry Data Security Standard (PCI DDS) was developed to protect consumers and their data no matter where they shop or what channel they use. FastSpring renews their PCI Level 1 compliance every year, the highest level of certification possible.

California Consumer Privacy Act (CPA)

FastSpring is fully compliant with the California Consumer Privacy Act, which applies to any company with customers in California that is either a for-profit entity or collects or controls information about a California resident, and meets one of a variety of business thresholds.

General Data Protection Regulation (GDPR)

FastSpring is compliant with the EU General Data Protection Regulation (GDPR). The payment processing platform is capable of conducting business with all EU-based customers. FastSpring complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.