Compliance overview
Understanding your compliance obligations.
Overview
Running an online jewelry store comes with legal and regulatory obligations. Katura provides built-in tools to help you stay compliant with data privacy laws, payment security standards, and accessibility requirements.
PCI compliance
You're automatically PCI compliant when using Katura with Stripe. Here's why:
- Katura never stores, processes, or transmits credit card numbers
- Payment forms are rendered by Stripe's secure Payment Element
- Stripe is a PCI Level 1 Service Provider (the highest level)
- Card data goes directly from the customer's browser to Stripe's servers
Data privacy
Katura takes data privacy seriously:
- Data storage β Customer data is stored in Supabase (PostgreSQL) with encrypted connections
- Error monitoring β Sentry is configured with privacy-conscious settings
- Audit trail β Admin actions are logged for accountability
- Role-based access β Only authorized team members can access sensitive data
Audit logging
Katura maintains audit logs for compliance and accountability:
- Employee audit log β track team member actions at Employees β Audit
- System audit β general audit trail at Admin β Audit
- Vulnerability scanning β proactive security monitoring
Warning
If you sell to EU customers, ensure you have a cookie consent banner and a GDPR-compliant privacy policy. These are your responsibility as the store owner.