YOUR DATA IS IN GOOD HANDS.

Zakeke Security & Compliance

Thousands of merchants trust Zakeke every day, and we take that trust seriously.
Keeping your data safe is our top priority. Here’s how we do it.

Trusted by over 10,000 companies worldwide

Empowering unique customer experiences, at Zakeke we’re serving over 10,000 clients in 400+ industries globally, tailoring visual commerce solutions for every business type and size and ensuring customer expectations are not just met, but exceeded.

Logo 1 Logo 2 Logo 3 Logo 5 Logo 6 Logo 7 Logo 8 Logo 9 Logo 10 Logo 11 Logo 12 Logo 13 Logo 14 Logo 15 Logo 16 Logo 17 Logo 18 Logo 19 Logo 20 Logo 1 Logo 2 Logo 3 Logo 5 Logo 6 Logo 7 Logo 8 Logo 9 Logo 10 Logo 11 Logo 12 Logo 13 Logo 14 Logo 15 Logo 16 Logo 17 Logo 18 Logo 19 Logo 20 Logo 1 Logo 2 Logo 3 Logo 5 Logo 6 Logo 7 Logo 8 Logo 9 Logo 10 Logo 11 Logo 12 Logo 13 Logo 14 Logo 15 Logo 16 Logo 17 Logo 18 Logo 19 Logo 20

Our approach to Security

Trust starts with security, but it also means reliability, privacy, and compliance. At Zakeke, we commit to all four to protect your data and earn your trust.

Security

We follow strict administrative, operational, and technical practices to protect your data. Our security team continuously improves threat detection and mitigation, ensuring your information is always safeguarded.

Reliability

Zakeke products are built for stability and security at scale. Our business continuity, disaster recovery, and backup programs minimize the impact of any disruptions on your operations.

 

Privacy

We’re committed to keeping your data private and protected. We support global privacy regulations like GDPR and provide governance tools to help you manage your data securely and stay in control.

Compliance

We invite you to review and validate our security and privacy practices. Our products are consistently subjected to independent third-party penetration testing and certified for data security compliance.

How we secure our systems and daily operations

We take security seriously, from our internal systems to daily operations, ensuring your data stays safe at every step.

Securing our internal environment

We take several steps to ensure the security of our systems:

Network security

Zakeke secures its network with layered controls, separating infrastructure into zones and environments. Only authorized services can communicate, and all traffic is encrypted through VPC routing and firewalls.

We use role-based access and multi-factor authentication to ensure staff only access what’s necessary. Management approval is required, making our systems highly secure against phishing and attacks.

Securing our day-to-day operations

Security is embedded in every part of our daily processes:

Asset tracking

Our production systems run on cloud infrastructure, with all services tracked in a custom database. This ensures that new deployments are automatically updated and monitored for consistency.

Only authorized engineers can manage configurations in our production environment. Configuration management tools enforce consistency, preventing unauthorized changes to our systems.

We aggregate and monitor logs from various systems for suspicious activity. Logs are retained for 30 to 365 days and form a key part of our incident detection and response strategy.

We ensure business continuity with built-in redundancy, regular testing, and automated daily backups encrypted with AES-256. Backups are stored in multiple data centers, with quarterly recovery tests to guarantee reliability.

Our physical security includes restricted access to offices, secure working areas, and monitoring entry points. Partner data centers ensure strict access controls, including biometric verification for authorized personnel only.

We make compliance easy

Staying compliant, every step of the way.

Fully compliant with GDPR

Our security program complies with GDPR. We understand our customers’ GDPR requirements, and we’ve dedicated resources to help them meet those obligations when using Zakeke products and services.

Privacy

Zakeke’s privacy program ensures we meet top data privacy standards and help customers meet their obligations, as GDPR requires. Our staff and vendors follow strict data security practices, and we offer tools like profile deletion to help customers manage and delete their data.

GDPR compliant

Keeping your data secure

At Zakeke, we take multiple measures to ensure your data stays secure, accessible, and under your control.

Data Centers

Zakeke products and data are hosted on Microsoft Azure, leveraging global redundancy and failover options. We use multiple regions, including West Europe, France Central, and Germany, to ensure that no single data center failure affects the availability of your products or data.

All customer data is encrypted in transit using TLS 1.2+ with Perfect Forward Secrecy (PFS) to protect against unauthorized access. Data at rest is secured with industry-standard AES-256 encryption.

We ensure customer data is logically separated within our cloud infrastructure. The Tenant Context Service (TCS) guarantees that each tenant’s data remains isolated, preventing any crossover between customers.

Only authorized Zakeke employees can access customer data. We use role-based access control, 2FA, and stringent authentication protocols to secure all data access, ensuring tight controls and monitoring.

Zakeke offers tools for managing data retention and deletion. We respond to user requests for data removal and help customers delete their information upon request, ensuring complete control over your data.

A closer look at how we protect your data

We’ve built security into every layer of Zakeke. Here’s a clear, simple overview of our security measures.

Password Protection

We use salted password hashing to protect user passwords, making them secure even if breached.

Secure HTTPS-Only

All data between you and Zakeke is encrypted using HTTPS, ensuring secure communication.

OAuth Secure Access

Zakeke uses OAuth 2.0 to authorize third-party apps securely, without exposing your login credentials.

SQL Injection Defense

To prevent SQL injection, we use parameterized queries and stored procedures to secure our databases.

XSS & XSRF Protection

We block malicious code and unauthorized requests with anti-XSS filtering and token-based validation.

Brute Force & Session Security

CAPTCHA and session management protect against brute force attacks, keeping your login sessions secure.

Secure Payment Processing

Payments are handled through Chargebee, a PCI-DSS Level 1 provider, ensuring secure transactions.

Data Storage & Redundancy

Data are stored in Azure SQL Database with automated backups, retained for up to 30 days to ensure secure storage and quick recovery.

Azure’s Network Security

Zakeke leverages Microsoft Azure’s robust infrastructure to protect against DDoS and network threats.

Regular Vulnerability Scanning

We regularly scan and patch vulnerabilities to keep your data safe from new threats.

Your Privacy, our priority

At Zakeke, privacy is a top priority, and we are fully GDPR compliant.

We handle two types of data, based on whether we act as a data controller or a data processor, with each role governed by distinct policies detailed below.

Data Controller

As a controller, Zakeke oversees data from users who create an account on the platform or individuals/legal entities it interacts with.

Platform Privacy Policy

Governs the management of personal data for those who create an account on Zakeke.

Governs the management of data from visitors and individuals who interact with us but are not Zakeke users (e.g., site visitors or those sending inquiries).

Data Processor

Zakeke acts as the processor for data collected during platform operations and for all data of our customers’ clients (e.g., email addresses for quotes or uploaded images). For these data, the controller is the merchant itself, which has a direct relationship with the end user.

When customers create a Zakeke account, they:

  • Accept our General Conditions (required)
  • Accept our Platform Privacy Policy (required)
  • Consent to data processing for marketing purposes (optional)

All your questions, answered

No, Zakeke does not process sensitive data. Our platform only manages basic information, such as email addresses and minimal data required to operate the service, ensuring compliance with privacy standards.

Yes, Zakeke is fully GDPR compliant and applies GDPR rules to all customers, not just those in Europe.

The retention period varies based on the type of data. Zakeke collects only the data required to operate the platform and strives to delete or anonymize it once its purpose is fulfilled. For other data, Zakeke deletes all assets 2 years after a subscription is canceled, while account data are removed upon the client’s request.

Yes, clients can request data deletion at any time, and Zakeke is required to comply with this request as part of their data rights.

No, there’s no need to create a separate DPA. Zakeke includes a Data Processing Agreement (DPA) as part of our General Terms and Conditions, so it’s already in place when you become a customer.

Have any security concerns?

We're here to help. Reach out to us anytime at [email protected].