Do I need to be PCI-DSS compliant if I use Stripe?

Yes, but it’s much simpler than self-hosting card data. Using Stripe Elements or Stripe Checkout, your store never touches a raw PAN — you qualify for SAQ A (the easiest PCI tier). You still need to: (1) serve checkout over HTTPS only, (2) not log card data anywhere, (3) complete the SAQ A self-assessment annually, (4) run quarterly ASV scans (your acquirer usually provides these). We’ll lock down the Magento install (admin-URL randomisation, 2FA, restricted IPs, no card-data caching) so SAQ A actually applies.