Legal & Compliance
Payment Card (PCI DSS) Policy
Ziatan does not directly process, store, or transmit credit card data. All orders, including card processing, are handled entirely within the secure systems of the respective providers. This policy describes our right-sized commitment to payment security.
Effective Date: June 2, 2026
1. Introduction & Scope
This policy applies to personnel, systems, and environments that could affect the security of cardholder data — even though we do not handle it directly. Our call center directs customers to the provider's ecosystem for order processing; our website does not support transactions.
2. No Direct Card Handling
Ziatan agents never ask for, collect, store, or transmit credit card numbers, CVV codes, expiration dates, or any sensitive authentication data. Because we do not process payments, we do not store any cardholder data.
3. Referral to Carrier Ecosystem
Customers are directed to the provider's official, PCI-compliant systems for all transaction processing. Our agents provide guidance and support; the actual payment occurs directly with the provider.
4. Security Controls We Maintain
Even with a reduced scope, we align with PCI DSS principles: network firewalls, secure configurations and strong unique passwords, TLS for data in transit, anti-malware, timely patching, least-privilege access, unique user IDs, restricted physical access, logging/monitoring, and periodic security testing.
5. Employee Training
Agents receive training on the strict prohibition against handling card data, recognizing and reporting incidents, and directing customers to the provider's secure payment ecosystem.
6. Incident Response
We maintain an incident-response process covering detection, containment, recovery, post-incident review, and communication with relevant parties where appropriate.
Contact Information
For questions about this policy, contact us:
Ziatan
1730 S Amphlett Blvd, San Mateo, CA 94402
Phone: 833-261-0564
Email: compliance@ziatan.com