Home/ Docs/ Compliance, Security & Data Ownership

Compliance, Security & Data Ownership

ZATCA Phase 2 (Saudi e-invoicing) requires a statutory tax/e-invoicing engine and integration with the authority's clearance/reporting system.

How does Okommerce support ZATCA Phase 2 (KSA e-invoicing)? [NEEDS YOUR INPUT] ZATCA Phase 2 (Saudi e-invoicing) requires a statutory tax/e-invoicing engine and integration with the authority's clearance/reporting system. How does it support UAE FTA e-invoicing and VAT TRN? [NEEDS YOUR INPUT] Same position as ZATCA: UAE FTA e-invoicing and VAT TRN handling depend on a tax engine and authority integration that are not present in the current system reference (tax is roadmap). What does PCI token-only card storage mean and how is it implemented? PCI token-only storage means the platform never stores raw card data — instead, a saved card is represented by an opaque provider token plus safe display-only details (card brand, last… How is card data kept safe (StoredPaymentMethod tokens, never raw card data)? Saved payment methods are stored as StoredPaymentMethod records that hold only the provider's opaque token and safe display info (brand, last four, expiry) — **never the raw PAN, CVV, or… What does "compliant by default" mean versus bolting compliance on later? Honestly framed: Okommerce builds in security and data-handling good practices by default — token-only card storage, audit columns and soft-delete on every record, role-based access control,… How does self-hosting affect data residency and ownership? Because Okommerce is self-hosted, you choose where the database and application run, which means you control data residency — you can keep data in a specific country or cloud region to… Who is the data controller for a self-hosted Okommerce installation? For a self-hosted installation, the business running it is the data controller — you operate the software, hold the database, and decide how customer data is processed. How are subprocessors and data transfers handled for managed Enterprise services? [NEEDS YOUR INPUT] This question assumes a managed/hosted Enterprise offering (where the vendor operates infrastructure on the customer's behalf), which is **not defined in the current system/platform… What security guards protect destructive operations (data erase, reset)? Destructive operations are heavily guarded.

← All categories