Guides
Free SignupLogin to DashboardCustomer Support

Regulatory Compliance

LiteAPI is designed to operate in compliance with applicable legal and regulatory requirements related to data protection, payment security, and information security. This page outlines LiteAPI’s compliance posture and the regulatory frameworks most commonly referenced by customers.

General Data Protection Regulation (GDPR)

LiteAPI complies with the EU General Data Protection Regulation (GDPR).

Key principles applied include:

  • Lawfulness, fairness, and transparency of processing
  • Purpose limitation and data minimization
  • Integrity and confidentiality of personal data
  • Accountability and documentation of processing activities

As described in the Data Protection & Privacy section, LiteAPI generally acts as a Data Processor, while customers act as Data Controllers.

Jurisdiction and Supervisory Authority

LiteAPI operates under the jurisdiction of Ireland, a member state of the European Union.

As such:

  • EU data protection laws apply by default
  • LiteAPI is subject to oversight by the Irish Data Protection Commission (DPC)

This provides a clear and well-established regulatory framework for data protection and privacy.

PCI DSS (Payment Card Industry Data Security Standard)

LiteAPI does not store, process, or transmit raw payment card data.

Card payments are handled through PCI-compliant third-party payment providers using a PCI proxy or redirection model. As a result:

  • LiteAPI’s PCI DSS scope is limited
  • LiteAPI aligns with SAQ A requirements under PCI DSS v4.x
  • Sensitive cardholder data never passes through LiteAPI systems

Customers remain responsible for their own PCI DSS obligations based on their integration model.

Third-Party Compliance Dependencies

LiteAPI relies on trusted third-party providers for infrastructure and operational services, including:

  • Cloud hosting
  • Monitoring and logging
  • Payment processing (where applicable)

These providers maintain their own industry-standard certifications and compliance programs (such as ISO 27001, SOC 2, or PCI DSS, depending on the service).

LiteAPI performs due diligence when selecting and reviewing third-party vendors.

Data Protection Agreements (DPA)

LiteAPI offers a Data Processing Agreement (DPA) consistent with GDPR Article 28 requirements.

The DPA defines:

  • Processing scope and purpose
  • Security and confidentiality obligations
  • Sub-processor conditions
  • Data subject rights support
  • Audit and compliance terms

The DPA is available upon request.

Audits and Assessments

LiteAPI maintains internal controls and documentation to support security and compliance reviews.

While LiteAPI does not publicly publish audit reports, reasonable security and compliance information may be shared with customers under appropriate confidentiality terms.

Regulatory Updates

LiteAPI monitors regulatory developments and adapts its policies and controls as required to remain compliant with applicable laws and industry standards.

Updated about 21 hours ago

What’s Next