Security, compliance
& data ownership.
Okommerce is built so the things auditors ask about — card handling, e-invoicing, access control and data residency — are addressed in the core and under your control.
PCI — token only
No raw card data is stored. Okommerce keeps gateway tokens only, keeping cardholder data out of your systems.
ZATCA Phase 2
KSA e-invoice hashing, QR signing and clearance are built in and kept current.
UAE FTA & VAT
FTA-compliant tax invoices with VAT TRN on every document, localized to Arabic.
Role-based access
Granular RBAC scoped by role, branch and module, with audit logging on sensitive actions.
Backups & recovery
Scheduled, verifiable backups with retention policies and tested restore (Enterprise: managed).
Data ownership
Self-hosted by default — your data stays on infrastructure you control, supporting GCC residency needs.
AI you can audit.
Approval gates
Every agent action touching money, stock or a customer waits for a human sign-off.
Scoped access
Agents are bounded by the same RBAC rules as your team, with full audit trails.
Grounded models
Powered by the Anthropic Claude API and grounded in your own catalogue and policies.
Ready to see Okommerce?
Book a tailored demo, or self-host the free Community Edition today.