This document discusses moving a growth product engineering service out of PCI compliance. It describes orchestrating user data from backend services through a middle tier API service for user signup flows. The new system architecture uses client-side encryption with a public key to keep sensitive data like payment information encrypted. Moving to this new architecture took longer than initially estimated due to unexpected issues like integrating a JavaScript dependency, tuning a third party encryption library, and adjusting various system parameters.