In scope of compliance
If you choose to use the StringToken to store card details - whether the card number or the full card details, when retrieving the data stored behind a token, your system is then exposed to the raw card details and as such is in scope of PCI compliance.
The same applies to any other type of sensitive data - by retrieving the data, your system is then in scope of the relevant compliance.
Try It! to start a request and see the response here!