Is the PaymentSheet implementation in example project PCI compliant?

[garrettlove8]

Hi,

I'm using the basic payment sheet from the example project found in this repo. It appears to use a method called initPaymentSheet which reaches out to a backend which integrates with a Stripe SDK to create a payment intent and check for customers before ultimately calling the confirmPayment method which is what actually gets the Payment sheet to be displayed.

It does not appear as though any PCI data is being sent to the back server here, rather that's being handled exclusively through the Payment Sheet widget and is sent directly to Stripe. My understanding is that the Payment Sheet widget from this package is ultimately using the native mobile elements officially supported by Stripe, thus making it PCI compliant.

Is it therefore safe conclude that modeling my implementation on this example (including the server endpoint to handle creating the payment intent and creating a customer for Connect accounts) will be PCI compliant and benefit from Stripe being able to generate my PCI compliance docs according to the "Connect" section here?