✅ Invoice Ninja has obtained a Certificate of PCI DSS (Payment Card Industry Data Security Standards Validation). Merchant Compliance recognized by Security Metrics.
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
The PCI DSS applies to any organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. The current PCI DSS documents can be found on the PCI Security Standards Council website.
Invoice Ninja & PCI DSS
Invoice Ninja is PCI DSS compliant. Our platform is designed so that cardholder data is handled exclusively by your chosen payment gateway (such as Stripe, PayPal, Square, etc.) — Invoice Ninja itself never stores, processes, or transmits full card numbers.
This architecture means your clients' payment data flows securely through your gateway directly, keeping Invoice Ninja outside the primary PCI DSS scope for card data handling.
How Payments Work
Choosing a Gateway
Invoice Ninja supports dozens of PCI-compliant payment gateways worldwide. Each gateway maintains its own PCI DSS certification. When you connect a gateway, you should ensure your gateway account is also configured in accordance with their PCI requirements.
View all supported payment gateways →
Contact
Users with questions regarding PCI Compliance, account data use, or any data use matter, should contact: