Trust & Security
Last updated: April 2026
OKTee is a B2B SaaS platform connected to the sensitive data of your Amazon operations. This page centralises everything your technical, legal, or procurement team needs to assess our security and compliance posture.
Platform Availability
Check our services status in real time — uptime, ongoing incidents, and maintenance history:
Where Is Your Data?
All customer data stays in Europe.
| What | Where | Provider |
|---|---|---|
| 🗄 Database (orders, users, Amazon data) | 🇩🇪 Germany — Frankfurt | Neon |
| ⚙️ Automated processing (Amazon sync, supplier sync) | 🇳🇱 Netherlands — Amsterdam | Railway |
| 🖥 Application interface (what you see in your browser) | 🇺🇸 United States — Virginia | Vercel |
The application interface passes through the United States but stores no data. It is the “pipe” between your browser and your data, which remains in Europe. Interface hosting can be moved to the European Union upon contractual request.
Compliance and Certifications
| Standard | Status |
|---|---|
| GDPR (Regulation EU 2016/679) | ✅ Compliant |
| Data Act (Regulation EU 2023/2854) | ✅ Compliant |
| Data Processing Agreements (DPA) with all sub-processors | ✅ Signed |
| Amazon SP-API Developer Agreement | ✅ Compliant |
| SOC 2 Type II | 🗓 Planned Q3 2027 |
Our Sub-Processors
OKTee engages the following providers for service delivery. Each is bound by a GDPR-compliant Data Processing Agreement (DPA).
| Provider | Role | Region | DPA | Certification |
|---|---|---|---|---|
| Neon | PostgreSQL database | 🇩🇪 Germany (Frankfurt) | Incorporated in ToS | SOC 2 |
| Railway | Synchronisation workers | 🇳🇱 Netherlands (Amsterdam) | Signed — EU SCCs + UK Addendum | SOC 2 Type II |
| Inngest | Task orchestration | 🇪🇺 EU/US | Signed — EU SCCs | — |
| Vercel | Application interface | 🇺🇸 United States (Virginia) | Incorporated in ToS + SCCs | — |
| Sentry | Monitoring & error tracking | 🇺🇸 United States | EU Commission SCCs | SOC 2 |
| OpenAI | AI features (OKTee Product) | 🇺🇸 United States | EU Commission SCCs | SOC 2 |
| CIC | Payment (wire transfer, SEPA) | 🇫🇷 France | French banking regulation | — |
Transfers to the United States (Vercel, Sentry, OpenAI) are governed by the Standard Contractual Clauses of the European Commission (Decision 2021/914).
Security Measures
Data
- Encryption in transit: TLS 1.2+ on all communications
- Encryption at rest: AES-256 in the database
- Automatic daily backups, hosted in Europe
Access
- Role-Based Access Control (RBAC) — each user accesses only what they need
- Multi-Factor Authentication (MFA) available — enforceable by your organisation's administrator
- Complete isolation between customer accounts (multi-tenant)
- Sessions with automatic expiry
Amazon Connection
- Connection via Amazon's official OAuth 2.0 only — OKTee never handles your Amazon credentials
- Revocable at any time from Vendor Central or Seller Central
- Permissions strictly limited to your activated modules
Development
- Systematic code review before production deployment
- No secrets or API keys in code (secrets manager mandatory)
- Automated monitoring of vulnerabilities in third-party dependencies
Incident Management
- Detection: automated monitoring via Sentry, real-time alerts on our internal channel
- Notification: in the event of an incident affecting your data, you are informed within 72 hours
- Amazon obligation: any incident involving Amazon data is reported to
security@amazon.comwithin 24 hours - Review: incident response plan reviewed every six months
Documents Available on Request
| Document | Contact |
|---|---|
| Security one-pager (1-page summary) | legal@oktee.io |
| OKTee DPA (to sign with your teams) | legal@oktee.io |
| Security questionnaire response (CISO, CTO) | legal@oktee.io |
Responsible Disclosure
Found a security vulnerability in our systems? Please report it responsibly.
We commit to acknowledging receipt within 72 hours and keeping you informed of progress.
Contact
KnGA SAS – OKTee
📧 legal@oktee.io | privacy@oktee.io
📞 +33 1 83 84 93 80
See also: Privacy Policy · Security · Terms of Service
