PCI applies to any merchant that accepts or stores any credit card data. Simply put, if any customer ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
Drop does not ask you to pay for any service directly on our platform using your credit card and therefore we don’t require the same PCI - DSS compliance that other merchants would require.