pakpak
Security & trust

Secure and accountable by design

PakPak runs the fulfillment of serious operations. The controls below are built into the platform, not bolted on.

Encrypted credentials

Store API secrets are sealed with AES-256-GCM; plaintext keys never touch the database.

Role-based access

Platform, owner, warehouse-admin and packer roles enforce least-privilege everywhere.

Tenant isolation

Every customer is a separate account; data is scoped and queried by account boundary.

Full audit trail

Logins, billing, store, automation and order changes are logged with before/after values.

Signed webhooks

Inbound store webhooks are HMAC-verified before anything is processed.

Authenticated cron

Scheduled jobs require a bearer secret; no unauthenticated background access.

Your data, isolated

Each account's stores, orders, teams and audit history are separated at the data layer and enforced on every query. A 3PL serving many clients keeps each client's data strictly apart.

Reliable EU infrastructure

PakPak runs on managed, EU-hosted infrastructure with the app and database co-located in Frankfurt for low latency, plus continuous error monitoring.

Sub-processors

The infrastructure providers that help us deliver PakPak.

ProviderPurposeRegion
NeonManaged Postgres databaseEU (Frankfurt)
VercelApplication hosting & edgeEU (fra1)
SentryError monitoringEU

Have a security question or need a DPA? Contact us.

Fulfillment you can trust