Your Data Security is Our Priority

 

Home > Legal > Security & Compliance

Updated: December 2, 2025

PCI DSS Compliance & Card Security at Olive

At Olive, we understand that trust is the foundation of every loyalty program. That's why we've built our platform with security at its core, ensuring that your customers' payment card information is protected by industry-leading standards.

 

Our Security Framework

PCI DSS SAQ Compliant

Olive Group Ltd maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS) through our annual Self-Assessment Questionnaire (SAQ) validation. This demonstrates our commitment to the highest standards of payment card data security.

What This Means for You:

  • Your customers' card data is handled according to globally recognized security standards
  • Regular security assessments ensure ongoing compliance
  • Industry best practices are embedded in our platform architecture

 

How We Protect Card Data

Zero Card Data Storage

Olive never stores, processes, or transmits full payment card numbers (PANs) or sensitive authentication data. Here's how we do it:

Partnership with Spreedly (PCI DSS Level 1 Service Provider)

We've partnered with Spreedly, a PCI DSS Level 1 certified card tokenization and vault provider, to ensure the highest level of security for card data used in loyalty program enrolments. You can review Spreedly's PCI documentation here.

  • Secure Data Capture: Card information is captured directly through Spreedly's secure iframe embedded in your application—Olive systems never have access to full card numbers
  • PCI Level 1 Certification: Spreedly maintains the highest level of PCI compliance, validated annually by independent Qualified Security Assessors (QSAs)
  • Tokenization: Full card numbers are immediately converted to secure tokens, ensuring card data is never exposed

What Olive Receives:

  • Secure payment tokens (not actual card numbers)
  • Last 4 digits of the card
  • Expiration date
  • Card network (Visa, Mastercard, etc.)
  • Network tokens for transaction data matching

This approach means your customers' sensitive card data is protected by multiple layers of security and never touches Olive's systems.

 

Network Token Technology

For added security and performance, Olive leverages payment network tokenization provided directly by Visa and Mastercard:

  • Enhanced Security: Network tokens replace card PANs in the payment ecosystem
  • Reduced Risk: Even if a token were compromised, it cannot be used outside its intended context
  • Privacy Protection: Transaction data is anonymized through network tokens, ensuring customer privacy

 

Architecture Designed for Security

Defense in Depth

Our security architecture is built on multiple layers of protection:

  1. Secure Integration: Spreedly's iframe is embedded in your customer-facing applications using industry best practices
  2. Encrypted Transmission: All data transmission occurs over secure, encrypted connections (TLS 1.2+)
  3. Access Controls: Strict user authentication and authorization controls protect our systems
  4. Regular Security Testing: We conduct ongoing security assessments and vulnerability management
  5. Continuous Monitoring: Security monitoring helps detect and respond to potential threats

Vault-to-Vault Security

In cases where customers use their own PCI Level 1 card vaults, Olive facilitates direct vault-to-vault card data transfer to Spreedly — maintaining end-to-end security without Olive ever accessing the card data.

 

Compliance Documentation

Transparency You Can Trust

We maintain comprehensive compliance documentation, including:

  • Annual PCI DSS Self-Assessment Questionnaires (SAQ A)
  • Attestation of Compliance (AOC) documents
  • Validation of our service provider partnerships
  • Regular security assessments and audits

Available Upon Request

Our compliance documentation is available to customers as part of your vendor due diligence process. We're proud to demonstrate our commitment to security and compliance.

 

Your Responsibilities

Shared Security Model

While Olive handles the security of card data processing, we work together to maintain a secure environment:

Our Commitment:

  • Maintain PCI DSS compliance
  • Secure card data through our partnership with Spreedly
  • Provide secure integration points for your applications
  • Regularly assess and update our security controls

Your Role:

  • Implement Spreedly's secure iframe correctly in your applications
  • Follow security best practices for your application environment
  • Maintain the security of your own systems and user access controls
  • Report any security concerns promptly to our team

 

Why This Matters

Protection for Your Loyalty Program

By choosing Olive, you benefit from:

Reduced Compliance Burden: Our architecture minimizes your PCI DSS scope
Enterprise-Grade Security: Bank-level protection for card data
Customer Trust: Demonstrable commitment to protecting customer information
Regulatory Confidence: Meet compliance requirements for your loyalty program
Peace of Mind: Focus on growing your program while we handle security

 

Continuous Improvement

Security is not a one-time achievement—it's an ongoing commitment. Olive continuously evaluates and enhances our security practices to stay ahead of emerging threats and evolving standards.

Our Ongoing Commitment:

  • Regular security training for all team members
  • Continuous monitoring and assessment of security controls
  • Staying current with PCI DSS standards as they evolve
  • Proactive vulnerability management
  • Incident response preparedness

 

Questions About Our Security practices?

We're here to help. If you have questions about Olive's PCI compliance, security architecture, or how we protect card data, our team is ready to provide the transparency and information you need.

Please contact us at support@oliveltd.com with your questions.

 

Request Compliance Documentation:

Need our AOC or other compliance documentation for your vendor assessment?  Reach out to your account manager or contact us directly.

 

Trust Built on Security

At Olive, we believe that the best loyalty programs are built on a foundation of trust. By maintaining rigorous security standards and partnering with industry-leading security providers, we ensure that trust is never compromised.

Your customers' security is our priority. Always.