Security & Compliance

Yes. Jaapi AB achieved ISO/IEC 27001:2022 certification in February 2026 (Certificate: 55960GAI20260202SWEIS1P1, valid until February 2029). The certification covers our development and operation of a B2B SaaS platform for on-demand corporate branded merchandise. View our certificate and detailed controls at trust.jaapi.com.

All customer data is stored in the European Union, primarily in Frankfurt, Germany. We are an EU-based company (Jaapi AB, Sweden) and maintain EU data residency as part of our GDPR compliance commitment.

Jaapi never stores credit card numbers or payment details. All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. Card details never touch our systems—we only store encrypted payment tokens.

Jaapi holds ISO/IEC 27001:2022 certification, the international standard for information security management. We are also GDPR compliant as an EU-based company with EU data hosting. Our infrastructure providers (hosting, database, payments) maintain SOC 2 Type II and PCI DSS certifications.

Yes. Our Trust Center at trust.jaapi.com provides detailed information about our ISO 27001 controls, policies, and compliance documentation. For security questionnaires, vendor assessments, or audit requests, contact lynn@jaapi.store.

Yes. Jaapi supports enterprise Single Sign-On via SAML 2.0, OpenID Connect, and social authentication (Google, Microsoft). SSO is available on all plans and can be configured by your organization's IT administrator.