Your data belongs to you
We built PACO to work for you, not to harvest your information. Here's how we keep it that way.
- Stored encrypted at rest — your data is unreadable without the encryption key
- Never sold to anyone, period
- Never used to train AI models — your business information stays yours
- Export or delete anytime — your data, your choice
How we protect your business information
Multiple layers of security, from the connection to the database.
- All connections use HTTPS/TLS encryption — data is protected in transit
- Data encrypted at rest with AES-256, the same standard used by banks
- OAuth tokens stored with an additional encryption layer
- No PACO employee can access your business data
- Infrastructure hosted on Railway with SOC 2 compliant providers
Integrations
When you connect a service to PACO, you stay in control.
- Your own OAuth tokens — PACO acts on your behalf, not ours
- Disconnect any integration instantly
- Revoking access removes all stored tokens immediately
- We request only the minimum permissions needed
Our commitments
Accountability matters. Here's what we hold ourselves to.
- SOC 2 Type II certification in progress (target Q3 2026)
- 24-hour breach disclosure policy — if something happens, you'll know fast
- Regular third-party security audits
- Security questions? Reach us at hello@pacoai.co