PCI DSS Compliance Statement | Solara Trade Group LTD

Security & Compliance

PCI DSS Compliance

Solara Trade Group LTD is committed to the security of your payment card data. This statement describes our compliance posture, controls, and responsibilities under the PCI Data Security Standard.

SAQ A Compliant

Stripe Certified

No Card Data Stored

Overview & Commitment

Solara Trade Group LTD ("we," "our," or "us") takes the security of payment card data seriously. We are committed to maintaining compliance with the Payment Card Industry Data Security Standard (PCI DSS) to protect our customers' cardholder data during every transaction processed through our platform.

Our payment infrastructure is designed so that cardholder data never touches our servers. All payment processing is handled by Stripe, Inc., a PCI DSS Level 1 certified service provider — the highest level of certification available in the payments industry.

This statement was last reviewed and updated in 2026 and reflects our current compliance posture. We review and update our compliance program annually and after any significant changes to our payment environment.

Scope & SAQ Type

Because Solara Trade Group LTD uses Stripe's hosted payment fields (Stripe Elements / Stripe.js) to collect payment card data, cardholder data is entered directly into Stripe's secure environment. Our systems never receive, transmit, or store raw card numbers, CVV codes, or magnetic stripe data.

This architecture qualifies us for Self-Assessment Questionnaire A (SAQ A) — the simplest PCI DSS compliance pathway — which applies to merchants that fully outsource all cardholder data functions to PCI DSS compliant third-party service providers.

Customer Enters card data in browser

→

Stripe PCI Level 1 · Tokenizes card · Processes payment

→

Solara Receives token only · No card data

Card data flows directly from the customer's browser to Stripe's servers via encrypted channels. Solara Trade Group LTD receives only a secure payment token — never the raw card number.

Security Controls

We maintain the following security controls as part of our PCI DSS SAQ A compliance and overall security program:

🔒TLS Encryption

All data in transit is encrypted using TLS 1.2 or higher. Our website enforces HTTPS across all pages and endpoints.

Enforced

🛡️Access Controls

System access is restricted to authorized personnel only, using role-based permissions, strong authentication, and least-privilege principles.

Active

🔍Vulnerability Management

We conduct regular security assessments, patch management, and dependency audits to identify and remediate vulnerabilities.

Ongoing

📋Annual SAQ A Review

We complete PCI DSS Self-Assessment Questionnaire A annually, reviewing all applicable requirements and attestations.

Current

🌐Network Security

Firewalls, network segmentation, and intrusion monitoring protect our infrastructure from unauthorized access.

Active

📝Security Policies

Documented information security policies govern all aspects of data handling, access, and incident response across our organization.

Maintained

Cardholder Data

Solara Trade Group LTD does not store, process, or transmit raw cardholder data on our systems. Specifically:

No card numbers stored: Primary Account Numbers (PANs) are never written to our databases, logs, or any storage medium.
No CVV/CVC stored: Card verification values are never stored, in any format, as required by PCI DSS.
No magnetic stripe data: Full track data is never captured, stored, or transmitted by our systems.
Tokens only: We store Stripe-issued payment tokens, which cannot be reverse-engineered to obtain card numbers and are useless to attackers.
Encrypted transmission: All communications between our platform and Stripe use industry-standard TLS encryption.

Third-Party Vendors

We maintain a list of PCI DSS compliant third-party service providers and verify their compliance status annually. Key vendors include:

Stripe, Inc.: Our primary payment processor. Stripe is a PCI DSS Level 1 Service Provider — the highest certification level — and is listed on Visa's Global Registry of Service Providers. Stripe handles all card data collection, transmission, and processing. View Stripe's security documentation →
Hosting Infrastructure: Our web hosting environment is operated through reputable providers with documented security programs. We ensure our hosting configuration meets applicable PCI DSS requirements for network security and access controls.
Service Provider Agreements: All third-party vendors with access to our systems or data are required to maintain appropriate security standards and execute data processing agreements where applicable.

Incident Response

Solara Trade Group LTD maintains a documented incident response plan for potential security incidents, including those that may involve payment card data. In the event of a suspected or confirmed breach:

Detection & Containment

Immediately identify the scope of the incident, isolate affected systems, and preserve evidence. Engage our security team and, if applicable, our payment processor.

⏱ Immediate

Assessment & Notification

Assess the nature and extent of the incident. Notify our acquiring bank and relevant card brands within required timeframes. Engage a PCI Forensic Investigator (PFI) if required.

⏱ Within 24 hours

Customer Notification

Notify affected customers in accordance with applicable state and federal data breach notification laws and our legal obligations.

⏱ As required by law

Remediation & Review

Implement corrective measures, conduct a post-incident review, update policies and controls as needed, and document lessons learned.

⏱ Ongoing

Shared Responsibilities

PCI DSS compliance is a shared responsibility. Here is a summary of responsibilities between Solara Trade Group LTD and Stripe:

Stripe's Responsibilities: Securing card data collection, encryption, transmission, storage, and processing. Maintaining PCI DSS Level 1 certification. Providing SAQ A eligibility documentation for qualifying merchants.
Solara's Responsibilities: Implementing Stripe correctly using official libraries (Stripe.js / Stripe Elements). Maintaining secure website and server infrastructure. Restricting access to our systems. Completing annual SAQ A. Training staff on security awareness.
Your Responsibilities as a Customer: Keeping your account credentials secure and confidential. Promptly reporting any suspected unauthorized account activity to us at info@solaratrade.com.

Contact & Reporting

To report a security concern, suspected breach, or to ask questions about our PCI compliance program, please contact us:

Solara Trade Group LTD — Security Team

Email info@solaratrade.com

Phone +1-804-653-6130

Address 11357 Nuckols Rd, Suite 2170, Glen Allen, VA 23059

📅 Last Reviewed: 2026

📄 Standard: PCI DSS v4.0

✅ SAQ Type: SAQ A