security & sovereignty
Your work, protected.
Security isn't a tier on Pako — it's the foundation. Encryption, signed tokens, granular permissions, and immutable revision history.
the foundations
What protects your repositories
EU data residency
Your repositories and personal data are stored and processed in Europe by default, under EU jurisdiction — not replicated to other continents without your say.
Encryption everywhere
Traffic is encrypted in transit with modern TLS; blobs are encrypted at rest in object storage. Your assets are never sitting in the clear.
Signed, short-lived access
Access rides inside signed tokens that expire quickly and carry only the permissions a request needs. Sessions are httpOnly cookies the browser never exposes.
Granular permissions
Public or private per repository, with roles that decide who can read, write and lock — enforced at the moment a token is minted.
GDPR-first privacy
Built for European data law from the start: clear lawful bases, data-subject rights honoured, and a Data Processing Agreement available to teams.
Durable by design
Content-addressed, immutable revisions mean history can't be silently rewritten, and redundant storage keeps your blobs safe.
data sovereignty
Residency, not just a region toggle
For teams that need it, repositories default to EU infrastructure with a Data Processing Agreement available. Residency is the default, not a region toggle you have to remember to enable.
EU by default
Repositories stored and processed in Europe.
Encryption
In transit and at rest — blobs never sit in the clear.
Exportable
Your data and history are yours to take, anytime.
DPA available
For teams that need it in writing.
Found something? Tell us.
We welcome responsible disclosure. Report a vulnerability privately and we'll work with you on a fix — and credit you, if you'd like.
Security you can build on.
Start free, with encryption and free bandwidth from day one.