Privacy Policy

Privacy Policy

PCI Compliance Statement for Use of Go High Level, Stripe, and Ezi Debit

Business: Worldwide Salon Marketing
Date: November 13, 2025
Prepared by: Greg Milner, CEO

1. Overview

This page outlines our business’s PCI-DSS compliance posture in relation to the payment platforms we use:

  1. Stripe, integrated with Go High Level, for the majority of online payments.
  2. Ezi Debit, used as a stand-alone direct debit service for a smaller number of clients.

Our business does not collect, store, transmit, or process payment card data on any internal systems. All payment data is handled exclusively by our PCI-certified third-party providers.

2. Payment Flow Summary

2.1 Stripe (via Go High Level)

  • Clients enter payment details through Stripe-hosted payment pages, invoices, or checkout links embedded in Go High Level.
  • Stripe securely processes all transactions and stores cardholder data using tokenisation.
  • Go High Level interacts with Stripe via API tokens only; it never has access to raw card data.
  • Our business does not receive, store, or transmit any card details.

2.2 Ezi Debit (stand-alone)

  • Some clients use Ezi Debit’s direct debit system for recurring payments.
  • Payment information is entered directly into Ezi Debit’s secure environment.
  • Ezi Debit handles all storage, transmission, and processing of card and bank account data.
  • Our business does not integrate Ezi Debit with any internal system or CRM and never handles card or account numbers.

2.3 Cash Handling

No cardholder data or direct debit information is ever captured or stored on our devices, network, or CRM.

3. PCI-DSS Applicability

Because our business fully outsources payment processing to Stripe and Ezi Debit, both Level 1 PCI-DSS certified, our PCI scope is limited to:

✔ SAQ-A (Self-Assessment Questionnaire A) — the lowest PCI compliance burden

We qualify for SAQ-A because:

  • We do not store, process, or transmit cardholder data.
  • We use hosted payment pages and redirect APIs provided by Stripe and Ezi Debit.
  • No systems under our control handle card data.

4. Our PCI Obligations

4.1 Security Practices

  • Use strong, unique passwords and MFA for Stripe, Go High Level, and business systems.
  • Maintain secure devices with up-to-date operating systems and antivirus protection.
  • Restrict access to payment systems to authorised staff only.
  • Enforce secure Wi-Fi (WPA2/WPA3).

4.2 Staff Training

  • Staff are instructed never to collect or store card data.
  • No card details may be written, typed, emailed, or saved in any internal system.

4.3 Annual SAQ-A Completion

We complete SAQ-A annually to confirm:

  • All payment processing is outsourced to PCI-certified providers.
  • No internal systems touch cardholder data.
  • Appropriate security controls are in place.

5. Conclusion

By using Stripe (via Go High Level) and Ezi Debit as our exclusive payment processors, and by ensuring that no cardholder data is stored, transmitted, or processed on our systems, our business remains compliant with PCI-DSS under SAQ-A requirements.

We do not require Ezi Debit’s Merchant Trust Initiative (MTI) subscription, as our internal PCI obligations are minimal and manageable in-house.

6. Signature

I certify that the above PCI compliance measures are accurate and implemented within our business.

Greg Milner signature

Name: Greg Milner

Position: CEO

Date: 13 November, 2025