Compliance

Last updated: June 10, 2026

Regulatory posture

Cardidol is not a bank and does not hold customer funds. Cardidol operates a software platform. Card issuance, settlement and money movement — once enabled — are performed by a licensed issuing partner who is responsible for the regulated financial activity.

KYC / AML

Once real issuing activates, new accounts undergo identity verification (name, date of birth, address, government ID) and sanctions screening. High-risk profiles are declined or referred for enhanced review.

Data protection

We follow principles aligned with GDPR and CCPA: lawful basis for processing, data minimization, purpose limitation, and honoring access/deletion requests.

PCI DSS

Cardidol is architected to minimize PCI scope. Sensitive card material is handled exclusively by the connected issuing partner using tokenization; Cardidol never stores primary account numbers or CVCs in its database.

Incident response

We maintain an incident response plan with documented severity tiers, communication templates, and notification timelines. Affected customers are notified without undue delay.

Contact

compliance@cardidol.com