Application and Data Security You Can Trust


OneSmile applications are built from the ground up to support sizeable B2B enterprises and complex, multi-level organizational hierarchies with thousands of employees and millions of website customers. OneSmile Commerce incorporates multiple levels of enhanced security measures, so your applications and data are protected and you maintain compliance with privacy regulations.

Application Security Features

Enjoy unparalleled control and customizable access by user as well as support for complex
hierarchies. Take advantage of the latest in encryption and customize your login protocols.


Access Control

OneSmile products use Access Control Lists (ACLs) to establish rules that grant or deny access to different data types, including sensitive data. Every user in an OneSmile application has a role, and every role has a set of permissions configured to perform or restrict actions to entities and system capabilities. Limit data access and control permissions on a level as granular as a personal basis. Control what actions a user is permitted, whether it is just to view the latest sales report or entirely modify a customer’s order or authorize a payment. Restrict sales to work with leads and opportunities, while marketing has access to manage marketing lists and campaigns, and administrators access all systems globally. Maintain complete control over access to data and records directly from the UI without the need for developer assistance.

Unlike B2C sellers, B2B structures and processes are generally quite complex. A single enterprise may offer both goods and services through multiple sub-organizations, with each having dedicated websites for different regions or countries. OneSmile applications were built to tame the complexity of B2B enterprises.

Set up and configure any OneSmile application from the application configuration UI to specifically conform to your needs. Apply configuration at global, organization, website, and user levels.

Use Global settings to affect the entire application. Tailor Organization settings to configure options specifically for each organization and configure each website to conform to the features needed at each level of the enterprise. The user-level configuration provides employees the ability to adapt certain application settings to their personal preferences.

Global enterprises with multiple websites in various countries can set up the appropriate currencies and languages for each site. They can then add different local warehouses, manage inventory options, control the products displayed and even how they are arranged on each website.

To prevent security breaches, OneSmile encrypts original data to keep it secure. We constantly review new technologies to support the latest and most robust encryption solutions. 

  • Database column encryption allows us to choose what pieces of data to encrypt instead of encrypting the entire database file.
  • User passwords are stored as irreversible hashes not open or encrypted text.  
  • HTTPS forced redirect ensures the security of the link between the browser and the webserver.
  • Safe architecture of the online payment process and out-of-the-box integrations with payment gateways keeps transactions secure.

OneSmile products incorporate the best password practices to help prevent unsafe passwords and motivate users to create strong credentials. Admins can customize password and login restrictions for application users to:

  • Configure the desired password length and complexity
  • Enforce password change policy and password history
  • Limit the number of login attempts
  • Lock accounts after several failed logins to prevent brute force attacks.

In addition, we support multi-factor authentication to strengthen application security with the additional authentication factor. 

OneSmile applications also support IDPs that store and manage digital identities to let company users connect to the application securely, which is particularly important for efficiency and performance in large-scale companies. OneSmile applications support IDP services such as LDAP, Google SSO, and OAuth 2.0 credentials authorization.

OneSmile products support data audit functionality to track changes made to records in OneSmile applications. 

View and track directly from the UI:

  • Who changed a record
  • When the change occurred
  • What changed 

Easily create data audit reports and track all login attempts to simplify security-related investigations.

Data security is critical for any eCommerce company. B2B eCommerce applications frequently store customer personal data, credit card numbers, and support online payments. OneSmile adheres to the latest security processes to prevent potential security threats, and constantly refines and improves security to remain on the cutting edge of safeguards, procedures, and policies to safeguard your customer data.


Secure Development

OneSmile utilizes standardized security best practices to maintain a secure development lifecycle. During development, OneSmile:

  • Employs OWASP’s Top 10 list and best practices to produce the most secure code and shield from emerging security threats.
  • Utilizes regular penetration testing to simulate potential attacks to ensure that cyber controls remain effective.
  • Scans for vulnerability code and performs automated penetration tests as part of the CI pipeline.


Information security should always be a leading factor in selecting a software vendor. OneSmile applications comply with the highest standards for security and help you meet local data privacy regulations.

Independently Verified Secure
OneSmile submitted to an independent evaluation of internal controls policies and achieved SOC2 Type 2 compliance in security and availability in 2021. This certification confirms process application security and maturity, confirms our system is protected against unauthorized access, and is available and used for operation as committed.

PCI DSS Compliant
OneSmile Commerce is PCI DSS compliant and is reassessed every year. This means that every resource we use, our servers, network, software, and configuration, comply with PCI DSS requirements. We securely handle all customer payment information and perform regular penetration tests and independent PCI DSS-approved vulnerability scans.

Want to Learn More About How OneSmile Commerce Connects to Your Business Ecosystem? Check out these free resources.

OneSmile believes that high levels of security should be by design and the default for every software product. Read more about OneSmile standards and practices as a data processor to support compliance with GDPR.

Read the Article

Are you familiar with Service Organization Controls (SOC 2)? OneSmile fulfills all Security and Availability requirements of the Trust Service Criteria. Learn more about this third-party assessment of an organization’s controls for security, confidentiality, and availability.

If your eCommerce business takes credit cards as a form of payment, you must comply with PCI DSS standards for data security. Whether you deploy in the OneSmileCloud or on-premise, you must know your responsibilities. Read this informative article to better understand your responsibilities and how OneSmile helps you stay in compliance.

Back to top

You will be redirected to [title]. Would you like to continue?

Yes No