Data Residency

Choose EU, US, or Asia-Pacific at signup. Session recordings, audit logs, and metadata stay in your chosen region — immutable after creation.

Start Free Trial See All Features
What You Get

Your Data Stays Where You Choose

Three regions — EU (Europe), US (United States), and Asia (Asia-Pacific)
Selected once at signup — immutable after organisation creation for compliance certainty
Available on all plans — Solo, Team, Business, and Enterprise
Regional S3 storage — session recordings stored in the matching AWS region (eu-west-1, us-east-1, ap-southeast-1)
Gateway affinity — shared gateways in your region are preferred for lower latency
GDPR and data sovereignty — keep EU customer data in EU infrastructure
Dedicated gateways inherit your region — customer-managed and OnePAM-managed gateways respect your data region
Visible in organisation settings — admins can always see their current data region
Audit trail — data region selection is recorded in the org creation audit event
No data migration risk — region lock prevents accidental cross-border data movement
Region Architecture

Global Data Regions

Data Residency — Region Selection AVAILABLE REGIONS 🇪🇺 EU (Europe) eu-west-1 ✓ Selected at Signup Ireland • Frankfurt 🇺🇸 US (United States) us-east-1 Available N. Virginia • Ohio 🌏 Asia-Pacific ap-southeast-1 Available Singapore • Tokyo DATA STORED IN SELECTED REGION 🎬 Session Recordings S3 bucket in eu-west-1 EU 📋 Audit Logs Compliance events stored in-region EU 🌐 Gateway Traffic Regional gateway affinity EU 🗄 Infrastructure Metadata Resource & connection data EU 🔒 Region Locked After Signup Data residency cannot be changed once selected. This ensures regulatory compliance and prevents accidental data migration.
Deploy in Under 5 Minutes

Three Steps to Secure Access

1. Sign Up With SSO

Connect your identity provider — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Your team logs in with existing credentials.

2. Add Your Resources

Register servers, databases, Kubernetes clusters, and web apps. Define who can access what with role-based policies.

3. Access Securely

Your team accesses resources through the browser — identity-verified, session-recorded, and audit-logged. No VPN, no exposed ports.

Goes Well With

Related Capabilities

SSH Access Management

Stop exposing SSH ports and sharing keys. OnePAM provides identity-verified browser SSH with session recording, keystroke logging, and automatic key rotation.

Secure RDP Access Management

Shared admin accounts and exposed RDP ports are the #1 Windows attack vector. OnePAM replaces them with identity-verified RDP and session recording.

VNC Remote Desktop Access

VNC ports on the internet are a breach waiting to happen. OnePAM provides browser-based VNC with SSO, MFA, and session recording.

Try Data Residency — Free for 14 Days

From signup to your first secure session in under 5 minutes. No infrastructure changes, no credit card, no sales call.

Start Free — Deploy in 5 Minutes