PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) defines how systems must be secured when they store, process, or transmit payment card data. At EventLinx, this standard only applies to specific production environments that handle payments. It does not apply to this documentation website.
The purpose of this page is to clearly separate what is in scope for PCI DSS and what is not, so there is no confusion between documentation systems and payment systems.
Scope overview
PCI DSS requirements are only relevant where cardholder data is involved. Within EventLinx, that means production payment systems that interact with approved payment processors may fall under PCI DSS obligations depending on their role in the transaction flow.
The documentation website at docs.eventlinx.com is intentionally outside of this scope. It does not contain checkout functionality, payment processing, or any storage or transmission of cardholder data. It is strictly used for informational and administrative documentation.
Even though PCI DSS does not apply here, PIPEDA still applies wherever personal information may be collected, such as through contact forms or system logs.
PCI DSS applicability statement
Based on the current system design, this documentation environment does not interact with payment card data in any form. There are no card numbers, no payment gateways, and no merchant processing components running on this site.
Because of this, the site is not considered part of a Cardholder Data Environment (CDE), and it does not meet the conditions required for PCI DSS scope.
As a result, PCI DSS compliance activities such as self-assessment questionnaires or formal attestations are not required for this documentation system. This status is based on the current architecture and would only change if payment functionality were ever introduced into this environment.
EventLinx and payment processing
Payment processing within EventLinx is handled through controlled production systems and external payment providers. These systems are designed specifically to meet PCI DSS expectations where applicable.
When card data is involved, it is processed only within PCI-scoped environments, often with shared responsibility between EventLinx and certified payment processors. Any formal compliance documentation related to those systems would apply only to those production environments, not to the documentation site.
For any questions about payment processing or compliance scope, users are directed to official EventLinx contact channels.
Card industry definitions (PCI SSC)
PCI DSS refers to the security standard used to protect payment card data across systems that handle it. Cardholder Data refers to any information linked to a payment card, such as a primary account number. A Cardholder Data Environment (CDE) is any system or group of systems that store, process, or transmit that data.
More information is available from the PCI Security Standards Council: https://www.pcisecuritystandards.org/
Public documentation website
This documentation site is strictly informational and does not handle any financial transactions. It does not process payments, does not store card numbers, and does not include any checkout functionality.
While it does not handle payment data, it may still collect limited non-payment information such as contact form submissions or basic technical logs like IP address and browser information. None of this data is considered cardholder data and therefore does not bring this system into PCI DSS scope.
Security controls (documentation site)
Even though PCI DSS does not apply here, EventLinx still applies standard security practices to protect the integrity and availability of this documentation system. This includes encrypted communication over HTTPS, controlled access to administrative tools, system logging for monitoring purposes, and routine updates to infrastructure and dependencies.
These protections are primarily aligned with general security and privacy expectations under PIPEDA and internal security policies rather than PCI DSS requirements.
Scope decision flow
Compliance summary
PCI DSS applies only to systems that handle payment card data. It does not apply to this documentation website because this site does not store, process, or transmit any cardholder information.
EventLinx only brings systems into PCI DSS scope when they are part of active payment processing workflows that involve card data or a Cardholder Data Environment (CDE). The documentation site is fully outside of that scope.
Even though PCI DSS does not apply here, standard security practices are still used to protect the site. These controls support general security expectations and align with broader privacy obligations such as PIPEDA.