Compliance & Certifications

WameedPOS is fully certified for ZATCA Phase 2 (Integration Phase) compliance. Every invoice generated through our platform meets the mandatory requirements for electronic invoicing in Saudi Arabia.

• check_circleReal-time XML invoice generation in UBL 2.1 format with all required fields
• check_circleCryptographic stamping using ZATCA-issued digital certificates (CSID)
• check_circleQR code generation embedding seller info, VAT number, invoice total, VAT amount, and cryptographic hash
• check_circleAutomated submission to ZATCA Fatoora Portal via API for B2B (clearance) and B2C (reporting)
• check_circleSupport for standard invoices, simplified invoices, debit notes, and credit notes
• check_circleOffline invoice queuing with automatic submission when connectivity is restored
• check_circleReal-time clearance status tracking and rejection handling
• check_circleFull audit trail of all invoice submissions, responses, and corrections

WameedPOS adheres to the Payment Card Industry Data Security Standard (PCI-DSS) to ensure cardholder data is handled with the highest level of security.

• check_circleEnd-to-end encryption (E2EE) for all card transactions from terminal to processor
• check_circlePoint-to-point encryption (P2PE) certified payment terminals
• check_circleZero storage of full card numbers, CVV codes, or magnetic stripe data
• check_circleNetwork segmentation isolating payment processing from other system functions
• check_circleRegular vulnerability scanning and quarterly ASV (Approved Scanning Vendor) assessments
• check_circleAnnual penetration testing by independent PCI QSA (Qualified Security Assessor)
• check_circleStrong access control with multi-factor authentication for payment system access
• check_circleComprehensive logging and monitoring of all access to cardholder data environments

We fully comply with the Saudi Personal Data Protection Law (PDPL), enacted by Royal Decree M/19 dated 9/2/1443H, ensuring that personal data is processed lawfully and transparently.

• check_circleLawful basis established for all personal data processing activities
• check_circleTransparent privacy notices provided to all data subjects at point of collection
• check_circleData subject rights implemented: access, correction, deletion, portability, and objection
• check_circleData Protection Impact Assessments (DPIA) conducted for high-risk processing
• check_circleData breach notification procedures with 72-hour reporting to SDAIA
• check_circleData residency maintained within Saudi Arabia for all primary data storage
• check_circleData Processing Agreements (DPA) in place with all sub-processors
• check_circleDesignated Data Protection Officer (DPO) responsible for PDPL compliance

WameedPOS operates in alignment with Saudi Central Bank (SAMA) regulations governing electronic payments and financial technology services.

• check_circleIntegration with SAMA-licensed payment service providers and acquirers
• check_circleSupport for Mada debit network as the primary card payment rail
• check_circleCompliance with SAMA Open Banking framework for authorized data sharing
• check_circleSettlement and reconciliation processes aligned with SAMA clearing requirements
• check_circleAnti-fraud measures following SAMA cybersecurity guidelines
• check_circleTransaction monitoring and suspicious activity reporting capabilities

Our security architecture is built on industry best practices and undergoes continuous monitoring and improvement.

• check_circleAES-256 encryption for all data at rest across databases and backups
• check_circleTLS 1.3 encryption for all data in transit between client, server, and third parties
• check_circleSOC 2 Type II aligned controls for security, availability, and confidentiality
• check_circleISO 27001 aligned Information Security Management System (ISMS)
• check_circleZero-trust architecture with least-privilege access controls
• check_circleReal-time intrusion detection and prevention systems (IDS/IPS)
• check_circleAutomated security patching and vulnerability management
• check_circleEncrypted backups with geo-redundant disaster recovery (RPO < 1 hour, RTO < 4 hours)

WameedPOS hardware bundles and software comply with Saudi Standards, Metrology and Quality Organization (SASO) requirements.

• check_circleHardware devices meet SASO electromagnetic compatibility (EMC) standards
• check_circleBarcode and QR code generation follows GS1 Saudi Arabia standards
• check_circleArabic language support across all interfaces, receipts, and reports
• check_circleRight-to-left (RTL) layout support for Arabic-primary businesses
• check_circleWeight and measurement units compliant with Saudi metrology standards
• check_circleReceipt formatting meets Saudi consumer protection disclosure requirements