How secure is Zakeke?

  • Posted by: iONE360 team
    • <li

Choosing an **online product configurator** for your business involves more than just visual quality and feature sets. Security matters too, and if you are evaluating Zakeke or comparing it with alternatives, understanding how any configurator platform handles data protection is a fair and important question. This article walks through the most common security questions buyers ask about Zakeke, giving you clear answers to each one.

What security certifications does Zakeke hold?

Zakeke operates on cloud infrastructure that complies with widely recognised security standards. The platform runs on Amazon Web Services (AWS), which holds certifications including ISO 27001, SOC 1, SOC 2, and SOC 3. However, Zakeke itself does not publicly list its own independent security certifications on its website, which means buyers should request a security overview directly from the vendor before committing.

For B2B buyers in the furniture and home furnishings sector, this distinction matters. Relying on the underlying cloud provider’s certifications is common practice among SaaS vendors, but it does not automatically mean the application layer, the software itself, has been independently audited. If your organisation requires vendor-level certifications such as ISO 27001 or SOC 2 Type II as part of a procurement checklist, it is worth asking Zakeke directly whether it has completed or is pursuing those audits.

How does Zakeke protect customer and product data?

Zakeke uses HTTPS encryption for all data transmitted between users and its servers, and data at rest is stored using encryption standards provided by AWS. Access to production systems is restricted to authorised personnel, and the platform uses role-based access controls to limit who can view or modify data within a merchant account.

From a practical standpoint, this means your product catalogue data, configuration logic, and customer-facing sessions are protected in transit and in storage. That said, the depth of application-level security controls, such as penetration testing frequency, vulnerability disclosure policies, or bug bounty programmes, is not extensively documented in Zakeke’s public materials. Buyers handling sensitive product data or operating in regulated industries should ask for a vendor security questionnaire response before signing a contract.

Is Zakeke GDPR compliant?

Yes, Zakeke states compliance with the General Data Protection Regulation (GDPR). As a company headquartered in Italy, Zakeke operates within the European Union and is therefore subject to GDPR requirements directly. It provides a Data Processing Agreement (DPA) for merchants who need one, which is a standard requirement for any European business using a third-party data processor.

In practice, GDPR compliance for a product configurator platform typically covers the following areas:

  • Lawful basis for processing end-user data collected during configuration sessions
  • Data subject rights, including the right to access, correct, or delete personal data
  • Retention limits on customer session data
  • Sub-processor transparency, meaning Zakeke should disclose which third parties process data on its behalf

If you are a retailer or manufacturer selling to European consumers, you should request Zakeke’s DPA and review its sub-processor list as part of your compliance review. GDPR compliance is not a one-time checkbox but an ongoing responsibility shared between you as the data controller and Zakeke as the data processor.

Where is Zakeke data stored and who can access it?

Zakeke stores data on AWS infrastructure, primarily in European data centres. This is relevant for GDPR compliance because storing personal data within the EU or EEA reduces the complexity of cross-border data transfer requirements. The AWS data centre locations used by Zakeke are not always specified at the region level in its public documentation, so if data residency is a hard requirement for your organisation, confirm the exact region in writing before onboarding.

Regarding access, Zakeke’s own technical and support staff can access merchant data for the purposes of support and platform maintenance. This is standard for SaaS platforms but worth understanding clearly. Your product data, pricing rules, and configuration logic are visible to Zakeke employees with the appropriate internal access level. If your product catalogue contains commercially sensitive information, such as unreleased collections or proprietary pricing structures, you should ask Zakeke about its internal access controls and confidentiality obligations for staff.

What happens to data if a Zakeke subscription ends?

When a Zakeke subscription ends, merchants should expect their data to be retained for a limited period before deletion, which is common practice among SaaS providers. However, Zakeke’s publicly available documentation does not specify the exact retention window after account cancellation, nor does it clearly outline the process for exporting your data before termination.

Before ending a subscription, you should take the following steps:

  1. Export all product data, 3D assets, and configuration rules you have uploaded to the platform
  2. Request written confirmation of Zakeke’s post-cancellation data retention and deletion timeline
  3. Confirm whether any customer session data linked to your account is deleted simultaneously or on a separate schedule
  4. Check whether your DPA specifies data deletion obligations and timelines

This is particularly important for furniture brands and manufacturers who have invested significant time uploading 3D models, configuration logic, and pricing structures. Ensuring you retain ownership of and access to that data, regardless of which platform you use, is a sound data governance practice.

How iONE360 approaches security and data ownership

If the security questions above give you pause, it is worth knowing that not all visual configurator platforms take the same approach to data governance and transparency. We built iONE360 with the specific needs of furniture manufacturers and home furnishings brands in mind, and that includes how we handle your product data, integration security, and long-term data ownership.

Here is what sets our approach apart:

  • ERP-connected architecture: Our 3D product configurator is built on ERP logic, meaning your configuration rules and pricing live in your systems, not only in ours
  • Integration-first design: We connect with your existing PIM, ERP, and CMS, reducing the risk of data silos and ensuring you remain in control of your product data
  • Transparent data handling: We are happy to discuss data residency, access controls, and GDPR obligations openly as part of any evaluation process
  • Long-term partnership model: With more than 45 years of software experience in the furniture industry, we are built for durable relationships, not short-term subscriptions

If you are evaluating online product configurator platforms and want a partner who can answer your security and integration questions clearly, get in touch with us to discuss your specific requirements.

Related Articles

Scroll to Top
cookies-website
Powered by  GDPR Cookie Compliance
Privacy Overview

This site uses cookies to provide you with the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our site and helping our team understand which parts of the site you find most interesting and useful.