If the application calls for your consumers to enter their info on their particular equipment, then you qualify for SAQ A. This allows all organizations—from significant companies to startups and tiny and medium enterprises, which may not have the requisite security infrastructure and team—to remain secured and PCI DSS compliant. https://www.nathanlabsadvisory.com/eu-gdpr.html
