It's run by Braintree (part of PayPal). I have no control or see customer card details ..All I know is it works ..If you enter the wrong details it flags up as wrong and has all the usual things in place via my braintree home page .. I can actually activate a lot of setting to make it extremely strict..
Although to be fair I have only just started using it so really need to find out more.As as you say it may not be pci compliant when I first turned it on I actually thought I had put the wrong payment on until I double checked
Just found this https://www.braintreepayments.com/en-gb/products-and-features/data-security ,but I may just pop the question to them just to be safe..