Aspose PCI-DSS Statement

Last updated: 12 March 2025

1. Introduction

This PCI-DSS Statement outlines Aspose Pty Ltd’s position regarding the Payment Card Industry Data Security Standard (PCI-DSS) and clarifies our approach to PCI compliance within our operations.

2. Structure, Operations, and Payment Handling

Aspose Pty Ltd (Aspose) is a market-leading software development company that offers APIs for creating, editing, converting, and rendering various file formats such as Office, OpenOffice, PDF, Images, and CAD. Our APIs support multiple platforms, including .NET, Java, C++, Python, PHP, and Android.

Aspose does not directly handle, process, store, or transmit payment card data. All customer payments are processed through Stripe, a third-party payment processor that is fully PCI-DSS compliant.

3. PCI-DSS Applicability and Risk

Aspose does not directly handle payment card data. All payment transactions are processed through Stripe, which is certified to the highest level of PCI-DSS compliance (Level 1). Aspose relies on Stripe’s secure infrastructure and monitors its compliance status to ensure continued alignment with PCI-DSS standards.

4. Security Measures for Payment Handling

We have implemented the following measures to ensure secure payment handling through Stripe:

  • Third-Party Selection: Aspose exclusively engages with Stripe, a payment provider that is fully certified for PCI-DSS compliance (Level 1).
  • Secure Integration: All payment processing interactions with our systems are conducted over secure, encrypted channels using Stripe’s secure APIs.
  • Data Minimization: Aspose does not collect or store customer payment details.

5. Review and Monitoring

We assess the effectiveness of our approach to payment security by:

  • Regular Provider Review: Monitoring Stripe’s compliance status to ensure ongoing PCI-DSS certification.
  • Security Monitoring: Conducting regular security reviews of our payment interfaces and Stripe integration.
  • Incident Response: Maintaining an incident response plan to address security or compliance issues related to payment processing.
  • Employee Awareness and Training: While Stripe maintains responsibility for PCI-DSS compliance, Aspose ensures that relevant employees are aware of secure payment handling practices through periodic training and guidance. This approach ensures that employees understand the boundaries of Aspose’s responsibility and can effectively address customer inquiries related to payment security.

6. Policy Management

Aspose is a privately held company. Our policies are reviewed and maintained by the leadership team to keep them aligned with our business goals and industry standards.

This policy is live and effective as of the Last Updated date at the top of this document. Updates reflect changes in our business practices, customer feedback, and compliance requirements.