Security | Okno

Okno's best security property is structural: we hold almost nothing of yours. Your content lives in your own Git repository, your site runs on your own hosting, and the little we do keep is minimal and in the EU.

Last updated 27 June 2026.

Your content and your site stay yours

Okno reads and writes your own Git repository (today, GitHub) — it doesn't host or copy your content, and it doesn't host your website. So an Okno outage, or even Okno disappearing, can't take your site down or leak your content: the site keeps running on your hosting, and the only copy of your content is the one in your repository.

Sign-in

You sign in with GitHub (OAuth). We never see or store a password. Okno acts only on the repositories you explicitly grant it access to, and only while you're using it.

Payments

Card details are entered into and stored by Paddle, our Merchant of Record, on their PCI-compliant systems. Card data never touches Okno's servers — we only keep a minimal record of which editing days were charged.

Infrastructure and data location

Our backend and database run on Hetzner servers in Nuremberg, Germany (EU), so that data stays in the European Union. Connections are encrypted over HTTPS. The okno.build website, DNS and email run on Cloudflare.

What we actually store

Only your GitHub identity (username, avatar, email), a minimal editing-days billing ledger, and basic technical logs. No content, no card numbers. The full breakdown — including our sub-processors and your GDPR rights — is in the Privacy Policy.

Reporting a problem

Found a security issue? Please email legal@okno.build and we'll look into it promptly. We appreciate responsible disclosure.