Simple Payment has security in mind so it is PCI-DSS Data Protection Ready, what does it mean; Simple Payment only process credit card information and sensitive information but masks this information before saving it into the database. Which means:
The Engine class only has access to the information in the moment of processing the payment.
Credit Card number, CVV are masked before saved in the transaction information into the database which makes it safe for you to have a peace of mind, you can track the transaction, see 4 last digits of credit card number but not more than that.
Secure Connections / SSL
Having Data Protection in mind, we do not allow you to run the plugin in Live Mode without having a secure connection for your website. We do not check the certificate quality, validity, only validating we are on a secure connection.
Be Aware: PCI-DSS Standard
It is more than just that, it is about your hosting provider, server, log management, backups, personnel, and much more, we helps you comply with our part of Data Protection while using the Simple Payment plugin