Compliance, Security & Data Ownership

Who is the data controller for a self-hosted Okommerce installation?

For a self-hosted installation, the business running it is the data controller — you operate the software, hold the database, and decide how customer data is processed. Okommerce (the software) is the tool you run; it isn't a processor holding your data on your behalf, because there's no vendor-operated service in the middle of a self-hosted deployment. This clean controller position…

For a self-hosted installation, the business running it is the data controller — you operate the software, hold the database, and decide how customer data is processed. Okommerce (the software) is the tool you run; it isn't a processor holding your data on your behalf, because there's no vendor-operated service in the middle of a self-hosted deployment. This clean controller position simplifies accountability: the operating business is responsible for and in control of its data. *(If you offer a managed/hosted Enterprise service, that arrangement would introduce processor/subprocessor roles — see the next item.)*

← Previous

How does self-hosting affect data residency and ownership?

How are subprocessors and data transfers handled for managed Enterprise services? [NEEDS YOUR INPUT]