When your application involves your customers to enter their info on their own individual devices, then you qualify for SAQ A. This permits all corporations—from massive corporations to startups and little and medium enterprises, which may not possess the requisite security infrastructure and personnel—to stay safeguarded and PCI DSS compliant. https://www.nathanlabsadvisory.com/nist-800-171.html
