• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multiframework
    • Security
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Meet Upsun. The new, self-service, fully managed PaaS, powered by Platform.sh.Try it now
Trust CentersecurityPCI compliance

PCI compliance

Refer to our Compliance Guidance for an overview of our PCI-compliant program, including security & compensating controls, and a general allocation of responsibility.


Payment Card Industry (PCI) Data Security Standards (DSS) is a set of network security and business best practice guidelines that establish a “minimum security standard” to protect payment card information. While Platform.sh doesn’t handle credit cards, many of our customers do.

Platform.sh undergoes an annual third-party audit to maintain PCI DSS recertification. Note that the FR-1 and FR-3 regions are excluded from our PCI certification.

Note: Cardholder processing activity is discouraged. Please use a third-party processor.


Customers who want to run PCI workloads on Platform.sh must agree to and implement the measures contained in the Platform.sh PCI Responsibility Matrix (Excel). This document provides guidance on shared responsibilities to achieve PCI DSS compliance using PCI DSS v4.0 as a reference.

While Platform.sh provides a secure and PCI compliant infrastructure, the customer is responsible for ensuring that the environment and applications that they host on Platform.sh are properly configured and secured according to PCI requirements. Failure to do so will result in a non-compliant customer environment.

Our most current PCI DSS report can be obtained from a sales or account representative.

AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺