We built Caterbook to be compliant from day 1. We don't transmit, store or process any card data on our network. It's all done externally meaning we only ever receive tokenised data in Caterbook. This reduces the scope of our compliance, and in turn minimises your risk.
By adhering to good data management principles and practices for our PCI accreditation, you can rest assured that our approach to the GDPR is similarly rigorous.
Our most recent PCI Attestation of Compliance is available for clients on request.