Guides
Free SignupLogin to DashboardCustomer Support
  1. Security, Privacy & Compliance

Regulatory Compliance

Nuitee Connect is designed to operate in compliance with applicable legal and regulatory requirements related to data protection, payment security, and information security. This page outlines Nuitee Connect’s compliance posture and the regulatory frameworks most commonly referenced by customers.

General Data Protection Regulation (GDPR)

Nuitee Connect complies with the EU General Data Protection Regulation (GDPR).

Key principles applied include:

  • Lawfulness, fairness, and transparency of processing
  • Purpose limitation and data minimization
  • Integrity and confidentiality of personal data
  • Accountability and documentation of processing activities

As described in the Data Protection & Privacy section, Nuitee Connect generally acts as a Data Processor, while customers act as Data Controllers.

Jurisdiction and Supervisory Authority

Nuitee Connect operates under the jurisdiction of Ireland, a member state of the European Union.

As such:

  • EU data protection laws apply by default
  • Nuitee Connect is subject to oversight by the Irish Data Protection Commission (DPC)

This provides a clear and well-established regulatory framework for data protection and privacy.

PCI DSS (Payment Card Industry Data Security Standard)

Nuitee Connect does not store, process, or transmit raw payment card data.

Card payments are handled through PCI-compliant third-party payment providers using a PCI proxy or redirection model. As a result:

  • Nuitee Connect’s PCI DSS scope is limited
  • Nuitee Connect aligns with SAQ A requirements under PCI DSS v4.x
  • Sensitive cardholder data never passes through Nuitee Connect systems

Customers remain responsible for their own PCI DSS obligations based on their integration model.

Third-Party Compliance Dependencies

Nuitee Connect relies on trusted third-party providers for infrastructure and operational services, including:

  • Cloud hosting
  • Monitoring and logging
  • Payment processing (where applicable)

These providers maintain their own industry-standard certifications and compliance programs (such as ISO 27001, SOC 2, or PCI DSS, depending on the service).

Nuitee Connect performs due diligence when selecting and reviewing third-party vendors.

Data Protection Agreements (DPA)

Nuitee Connect offers a Data Processing Agreement (DPA) consistent with GDPR Article 28 requirements.

The DPA defines:

  • Processing scope and purpose
  • Security and confidentiality obligations
  • Sub-processor conditions
  • Data subject rights support
  • Audit and compliance terms

The DPA is available upon request.

Audits and Assessments

Nuitee Connect maintains internal controls and documentation to support security and compliance reviews.

While Nuitee Connect does not publicly publish audit reports, reasonable security and compliance information may be shared with customers under appropriate confidentiality terms.

Regulatory Updates

Nuitee Connect monitors regulatory developments and adapts its policies and controls as required to remain compliant with applicable laws and industry standards.