We currently have a payment processing client that's running on a desktop. Our operator enters the data and clicks a button (which the app sends the data to the payment gateway through a secure channel). Our app doesn't store sensitive data. It does encrypt and save a user's login information. Is this in line with PCI compliance?