security, privacy, compliance.
the policies, certifications, and practices that make okommerce safe to deploy in regulated environments. start here when your security team has questions.
security
how we secure the platform: OWASP, encryption, audit logs, vulnerability disclosure.
privacy
what we collect, what we don't, and your rights as a data subject.
DPA
data processing agreement template for enterprise customers.
certifications & compliance.
okommerce is engineered to meet the regulatory requirements of GCC e-commerce.
ZATCA Phase 2 (KSA)
e-invoicing certified for saudi arabia. clearance & reporting flows built in.
UAE FTA Tax Invoice
FTA-compliant tax invoices. VAT TRN capture, validated, displayed correctly.
PCI-DSS aware
we never store card data. enterprise customers get PCI-aware deployment guidance.
UAE PDPL & KSA PDPL
data handling aligned with regional data protection laws. GDPR-aware where applicable.
need a security questionnaire response?
we keep a current SIG / CAIQ / vendor questionnaire response on file. just ask.