Back to home

Compliance

PebblePay is committed to operating in full compliance with applicable laws and regulations as a Merchant of Record for digital products.

Payment Compliance

  • PCI DSS Level 1 compliant payment processing through certified processors.
  • All card data is tokenized and never stored on PebblePay servers.
  • 3D Secure (3DS2) authentication supported for qualifying transactions.
  • Strong Customer Authentication (SCA) enforced for European transactions per PSD2.

Tax Compliance

  • As Merchant of Record, PebblePay collects and remits sales tax, VAT, and GST in applicable jurisdictions.
  • Automated tax calculation at checkout based on buyer location.
  • Registered for VAT/GST collection in the EU, UK, Australia, Canada, and other jurisdictions as required.
  • Sellers receive net payouts with tax obligations handled by PebblePay.

Consumer Protection

  • Clear refund and dispute resolution policies communicated to buyers at checkout.
  • 14-day cooling-off period for EU buyers per the Consumer Rights Directive (where applicable to digital goods).
  • Transparent pricing with no hidden fees shown to buyers.
  • PebblePay handles all buyer-facing support and disputes as the Merchant of Record.

Data Protection

  • GDPR compliant data processing with appropriate legal bases for all data handling.
  • Data Processing Agreements (DPAs) available for Sellers upon request.
  • Data breach notification within 72 hours as required by GDPR.
  • Privacy Impact Assessments conducted for new processing activities.
  • CCPA compliant for California residents, including right to know and right to delete.

Anti-Fraud and AML

  • Transaction monitoring to detect and prevent fraudulent activity.
  • Seller verification and KYC (Know Your Customer) checks during the application process.
  • Suspicious activity reporting as required by applicable anti-money laundering regulations.
  • Chargeback monitoring with automatic review triggered at 1% threshold.

Content Compliance

  • Prohibited content policy enforced for all Sellers (see our Terms of Service).
  • Regular audits of listed products for policy compliance.
  • DMCA takedown procedures for intellectual property infringement claims.
  • Immediate removal of content that violates applicable laws.

For compliance-related inquiries or to request documentation such as Data Processing Agreements, please contact our support team. For full legal terms, see our Terms of Service and Privacy Policy.