_save_cc_data_to_order()
is called from 3 places:
uc_credit_order()
's Save operation. When Debug mode (uc_credit_debug
) is on, it saves the full payment details. When Debug mode is off, it saves the last 4 digits of the credit card number (and all other payment details except the CVV).uc_credit_order()
's Submit operation. When Debug mode is on, it saves the full payment details. When Debug mode is off, it's never called.uc_credit_terminal_form_submit()
. When Debug mode is on, it saves the full payment details. When Debug mode is off, it's never called.
So, under normal circumstances (when Debug mode is off), Ubercart is storing some sanitized information. I can't speak to whether this meets your level of PCI compliance requirements, but this answer might be helpful.