Data Residency

Choose where your data lives — EU, US, or Asia-Pacific. Data residency is selected at signup and permanently determines where session recordings, audit logs, and infrastructure metadata are stored. Regional gateway preference ensures traffic stays close to your data.

Data Sovereignty

Choose Where Your Data Lives

Three regions — EU (Europe), US (United States), and Asia (Asia-Pacific)
Selected once at signup — immutable after organisation creation for compliance certainty
Available on all plans — Solo, Team, Business, and Enterprise
Regional S3 storage — session recordings stored in the matching AWS region (eu-west-1, us-east-1, ap-southeast-1)
Gateway affinity — shared gateways in your region are preferred for lower latency
GDPR and data sovereignty — keep EU customer data in EU infrastructure
Dedicated gateways inherit your region — customer-managed and OnePAM-managed gateways respect your data region
Visible in organisation settings — admins can always see their current data region
Audit trail — data region selection is recorded in the org creation audit event
No data migration risk — region lock prevents accidental cross-border data movement
Region Architecture

Global Data Regions

Data Residency — Region Selection AVAILABLE REGIONS 🇪🇺 EU (Europe) eu-west-1 ✓ Selected at Signup Ireland • Frankfurt 🇺🇸 US (United States) us-east-1 Available N. Virginia • Ohio 🌏 Asia-Pacific ap-southeast-1 Available Singapore • Tokyo DATA STORED IN SELECTED REGION 🎬 Session Recordings S3 bucket in eu-west-1 EU 📋 Audit Logs Compliance events stored in-region EU 🌐 Gateway Traffic Regional gateway affinity EU 🗄 Infrastructure Metadata Resource & connection data EU 🔒 Region Locked After Signup Data residency cannot be changed once selected. This ensures regulatory compliance and prevents accidental data migration.
Getting Started

How It Works

1. Connect Identity Provider

Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC provider in minutes.

2. Add Resources

Register your servers, databases, and web apps. Define role-based access policies.

3. Secure Access

Users access resources through the browser with identity verification, session recording, and audit logs.

Explore More

Related Features

SSH Access Management

Secure shell access with browser-based terminal — no SSH ports exposed to the internet. Full terminal emulation, session recording, keystroke logging, and identity-based access controls for compliance.

Secure RDP Access Management

Native RDP access with Kerberos authentication and Active Directory Protected User support. Access Windows desktops through the browser or GUI client — no RDP ports exposed. Includes SSO, MFA, full screen recording, clipboard controls, and file transfer policies.

VNC Remote Desktop Access

Embedded VNC access with browser-based remote desktop — no VNC ports exposed to the internet. SSO, MFA, full session recording, clipboard controls, and read-only mode for secure remote management of Linux desktops, Proxmox hosts, and headless servers.

Ready for Data Residency?

Deploy in minutes. No legacy VPN required. No credit card required.

Start Free Trial