Secure and accountable by design
PakPak runs the fulfillment of serious operations. The controls below are built into the platform, not bolted on.
Encrypted credentials
Store API secrets are sealed with AES-256-GCM; plaintext keys never touch the database.
Role-based access
Platform, owner, warehouse-admin and packer roles enforce least-privilege everywhere.
Tenant isolation
Every customer is a separate account; data is scoped and queried by account boundary.
Full audit trail
Logins, billing, store, automation and order changes are logged with before/after values.
Signed webhooks
Inbound store webhooks are HMAC-verified before anything is processed.
Authenticated cron
Scheduled jobs require a bearer secret; no unauthenticated background access.
Your data, isolated
Each account's stores, orders, teams and audit history are separated at the data layer and enforced on every query. A 3PL serving many clients keeps each client's data strictly apart.
Reliable EU infrastructure
PakPak runs on managed, EU-hosted infrastructure with the app and database co-located in Frankfurt for low latency, plus continuous error monitoring.
Sub-processors
The infrastructure providers that help us deliver PakPak.
| Provider | Purpose | Region |
|---|---|---|
| Neon | Managed Postgres database | EU (Frankfurt) |
| Vercel | Application hosting & edge | EU (fra1) |
| Sentry | Error monitoring | EU |
Have a security question or need a DPA? Contact us.