Skip to content
OS Domains
Infrastructure · Panama jurisdiction

Offshore hosting in our Panama datacenter, for work that survives a fair audit but meets disproportionate friction in US or EU

Offshore hosting is server hosting placed in a jurisdiction outside your home country — for OS Domains, primarily Panama — chosen for its data-protection and privacy laws rather than for evading legitimate legal process. We run it from a real Tier 3+ facility under a short, enforced acceptable-use policy, for customers doing lawful work who want their data and their legal jurisdiction outside the reach of their home country's routine data demands.

Single sentence first: we are not bulletproof, we are not anonymous, we will not host illegal content, and we filter every account on the way in. What we do is operate hardware in our Panama datacenter, outside US and EU jurisdiction, under predictable Panamanian due-process workflow, with the same operational team that has been running infrastructure since 2008. Built for journalists protecting sources, KYC-compliant crypto exchanges, licensed gaming operators, legal adult platforms, and political content that survives a fair audit but draws frivolous takedown noise where it currently sits. From €49 per month for a VPS, up to multi-server dedicated configurations.

In short

  • Servers in a Panama Tier 3+ facility, chosen for privacy and data-protection law — not a haven for abuse.
  • A short, enforced, non-negotiable acceptable-use policy: lawful customers only, and abuse is terminated.
  • Cryptocurrency accepted on every plan (Bitcoin, Monero, USDT); KYC documentation required for high-risk verticals.
  • From a €49 VPS to €749 dedicated and custom multi-server builds, billed monthly in euros with no setup fee.
  • Application to live server in 1 to 7 days, including an AUP screening step that keeps the network clean.
Jurisdiction

What does offshore hosting in Panama actually change?

Where a server physically sits decides whose laws govern the data on it and who can compel access to it. Hosting in Panama places your data under Panamanian data-protection law and outside your home country's routine data demands — not outside the law, which is why the acceptable-use policy is enforced and lawful use is the condition of service. Put plainly, it is the difference between choosing which country's data-protection regime governs your servers and trying to disappear from legal process altogether — we offer the first and we decline the second. The diagram shows what moves and what does not.

Home country routine data demands your data leaves here Panama jurisdiction Your servers Tier 3+ facility single tenant Panamanian data-protection law AUP enforced lawful use only The data and the legal jurisdiction move; the duty to operate lawfully does not.

The location is a verifiable fact, not a marketing claim — the IP geolocates to Panama and the reverse DNS resolves to a Panama node:

# the server physically and legally sits in Panama
$ curl -s https://ipinfo.io/203.0.113.45/json | grep -E 'country|region|org'
  "country": "PA",
  "region": "Panama",
  "org": "OS Domains"
$ dig +short -x 203.0.113.45
srv01.pa.osdomains.net.
What this product actually is

A clean offshore option, with adult supervision, for customers who do legal work

The offshore hosting market has a marketing problem. Most providers in this category sell with words like "bulletproof", "DMCA ignored", "anonymous", "no logs". The implication is that offshore equals impunity. Some buyers in this market actually want impunity for things that are not legal anywhere, and the bad providers serve them. The fallout is reputational damage to the entire category, IP blocks routinely listed on Spamhaus and similar, ASN-level blacklisting, and a steady drumbeat of news stories about offshore hosts disappearing overnight when authorities finally apply pressure. We are not that.

What we sell is hardware in our Panama datacenter, operated under Panamanian law, outside US Cloud Act reach and outside EU enforcement reach. Panama has strong privacy protections, no mandatory data retention requirements for hosting providers, and a court system that requires actual due process before data access — not a copyright holder's template letter. The practical effect: a frivolous DMCA notice from a US copyright holder does not result in your site disappearing in 24 hours. A legitimate court order from a Panamanian judge, with proper jurisdiction and proper grounds, gets handled the way court orders should be handled. The distinction matters and we are honest about it.

Our acceptable use policy applies to every account, on every plan, regardless of payment method. We do not host child sexual abuse material, terrorism content, malware command-and-control infrastructure, financial scams, identity theft kits, or anything illegal under Panamanian law. We do not host content that is clearly illegal under the laws where the content originates either, even if it might be technically tolerated in Panama, because the AUP applies a higher standard than the law alone. The filtering happens on the way in, not after a complaint arrives. New accounts go through a screening process that takes 24 to 72 hours and most rejected applications never even hear back; we just decline.

What we host: journalists working sources in countries that retaliate against media, political platforms across the spectrum that face partisan takedown campaigns, legal adult content, KYC-compliant cryptocurrency exchanges, gaming operators with valid licenses (Curaçao, Malta, Isle of Man, Costa Rica), educational and reference material that gets misclassified by automated copyright systems, opinion content critical of governments or large corporations that draws abusive litigation. The common thread is "would survive a fair court hearing in any reasonable jurisdiction" combined with "meets disproportionate friction in the place it currently sits." The customers we say no to do not match that pattern, even when they pay well.

And the part that matters: we have been running this product since 2009. The Panama datacenter is a real Tier 3+ facility with redundant power, dedicated cooling, and full operational staff. Network is dual upstream via redundant regional Tier 1 carriers. The hardware is the same single-tenant ECC RAM NVMe gear we deploy in our EU PoPs, not the cheap secondhand boxes most offshore providers run. Customers who land here often arrived after burning through one or two cheap providers that disappeared, and the comparison is not subtle. The boring reliability is the entire pitch. We do not have flashy marketing, we do not promise anything we cannot deliver, and we treat the offshore product as a serious operational discipline rather than a marketing position.

One last note before the rest of the page. If you are looking for impunity, we are not the right vendor. If you are looking for an offshore option that is operationally serious, contractually clean, with real hardware in a real datacenter under real law, with an AUP that protects the netblock everyone shares, we may be exactly what you have been looking for. The discovery call is 30 minutes and we are very willing to say no to bad fits.

Worth one final clarification on what "outside US and EU jurisdiction" actually means in practice. It does not mean US authorities cannot ask for data; they can ask anyone for anything. It means the request has to go through proper diplomatic channels (mutual legal assistance treaties), be approved by Panamanian authorities, meet the standards of Panamanian due process, and result in a Panamanian court order before any data is handed over. The same applies to EU authorities. The friction is real, the bar is significantly higher than a domestic request, and the path requires actual legal grounds. For customers whose threat model includes opportunistic enforcement (administrative subpoenas, frivolous discovery requests, regulatory fishing expeditions), this friction is the entire point. For customers whose threat model includes a properly-grounded criminal investigation in Panama itself, no jurisdiction in the world helps. We are not selling impunity; we are selling a higher floor for what counts as a valid legal request.

Who buys this and why

Six buyer profiles where Panama jurisdiction earns its place

Below are the patterns we see most often. If your situation looks like one of these, the offshore option is probably the right architectural answer for you. If it does not, we are happy to point you at our standard EU dedicated product instead, or at someone else.

Profile 01

Journalists and investigative media protecting sources

You work on stories that involve government corruption, organized crime, or corporate malfeasance. Your sources need to know that even if your home-country authorities serve a warrant on your hosting provider, the server logs that could expose them are not in a jurisdiction where that warrant has reach. A US-based court order for server logs in Panama runs into Panamanian due process, which requires showing actual cause to a Panamanian judge. The friction protects your sources without breaking laws on either side.

Profile 02

KYC-compliant cryptocurrency exchanges and Web3 platforms

You operate a regulated exchange or DeFi platform, you do real KYC and AML on your users, you comply with the laws of the jurisdictions you actually operate in. What you do not want is to be perpetually subject to the regulatory whiplash of US enforcement actions targeting crypto generally, especially when your operation is legal where you actually live and work. Panama is a stable hosting jurisdiction with a coherent regulatory approach to crypto and a court system that does not act on press releases. Common pattern with exchanges serving LATAM and Asia.

Profile 03

Legal adult content platforms

Your work is legal in your jurisdiction and the jurisdictions you serve. You do age verification, you do consent verification, you do everything the regulated industry requires. Despite that, you face routine payment-processor harassment, Visa and Mastercard policy changes that retroactively reclassify legal content as forbidden, and aggressive takedown campaigns from organizations whose mandate ends at "approved" without specifying who approves. Operating from Panama gives you contractual stability that the US payment industry no longer reliably provides for legal adult content.

Profile 04

Licensed gaming and gambling operators

You operate under a Curaçao, Malta, Isle of Man, or Costa Rica gaming license. Your business is legal in the countries you target. Hosting in the EU exposes you to the patchwork of national gambling regulations that the EU has not harmonized. Hosting in the US exposes you to states that prohibit your activity even when your home jurisdiction permits it. Panama offers a stable hosting jurisdiction without that exposure, and our AUP covers what we accept (licensed operators, transparent terms) and what we do not (unlicensed gambling, scams dressed as gaming).

Profile 05

Political platforms across the spectrum

Political content, by its nature, attracts opponents. Opponents file abusive takedown campaigns, lawfare lawsuits, and complaints to payment processors and hosting providers, regardless of whether the underlying content is lawful. The volume of frivolous complaints is high enough that even strong legal positions get worn down by attrition. Hosting in Panama removes a class of these complaints from the operational equation. Our AUP covers political content broadly, with the exception of incitement to violence and content explicitly illegal under Panamanian law (which is a narrower exception than under US or EU law for political speech).

Profile 06

Educational and reference platforms misclassified by copyright bots

You run a documentation site, an academic reference, an educational platform, or a fair-use commentary archive. Automated copyright detection systems routinely misclassify your work because the algorithms are tuned for over-enforcement. The result: a steady stream of takedown notices that have to be contested individually, often successfully but always at cost. Hosting in Panama means the takedown notices that work via DMCA do not work, and you spend your time on the actual work instead of filing counter-notices.

What we do not host, ever, regardless of price

The AUP is short, enforced, and not negotiable

Most offshore providers bury their AUP in fine print or write it ambiguously enough to provide deniability. We make ours explicit. The list below is exhaustive, applies to every account on every plan, and we filter on the way in to enforce it. We have rejected high-paying applications for content on this list. We will continue doing so.

  • Categorical rejection

    Child sexual abuse material in any form. Terrorism content, including recruitment, planning, and propaganda for designated terrorist organizations. Material that depicts non-consensual sexual acts as entertainment.

  • Infrastructure for crime

    Malware command-and-control servers. Botnet coordination infrastructure. Phishing kits or scam infrastructure. Identity theft tools or stolen identity databases. Carding forums or marketplaces. Doxxing platforms.

  • Fraud and harm

    Financial scams (Ponzi, pig butchering, romance scams). Pump-and-dump operations dressed as legitimate trading. Fake-pharmacy operations. Counterfeit goods marketplaces. Investment frauds disguised as exchanges or DeFi.

  • Spam and abuse infrastructure

    Bulk email infrastructure for spam (we are an email infrastructure company; we know what spam is). Click fraud networks. SEO spam farms. List-bombing services. The exclusion of this category is non-negotiable: we operate the IP space and we will not let it be burned.

  • Specifically illegal under Panamanian law

    Content explicitly illegal under Panamanian law applies to every account regardless of where the customer or audience is. Drug trade infrastructure. Human trafficking content or coordination. Content that violates Panamanian gambling regulations.

About the Panama datacenter

A real Tier 3+ facility, not a closet with a generator

The biggest gap between offshore providers is the datacenter quality. Some operators run out of converted office space with consumer-grade UPS and one upstream. Our Panama operation is in a Tier 3+ facility that meets the same operational standards as our European PoPs. Below is what is actually there.

Tier 3+ certified facility

Concurrently maintainable infrastructure, redundant power paths from the utility through to the rack PDU. Independent N+1 cooling. Proper fire suppression with VESDA early detection. Physical security with 24/7 staffing, mantraps, and biometric access controls. Not a closet with a generator.

Redundant power and cooling

Dual utility feeds with automatic transfer switching. UPS systems with battery runtime sized for the cooling-restart envelope, plus diesel generators with on-site fuel for 72 hours of full-load runtime. Generator fuel contracts include emergency replenishment. Cooling is N+1 with hot-aisle containment.

Redundant regional network connectivity

Dual upstream via redundant regional Tier 1 carriers. Latency to North America is around 60-80ms, to Europe around 130-160ms, to LATAM under 30ms. Anti-DDoS protection up to 100 Gbps included on every node, with upstream coordination for larger events.

Hardware on par with our EU PoPs

Single-tenant always. ECC RAM throughout. NVMe storage on every plan. The hardware is the same single-tenant ECC RAM NVMe gear we deploy in Vienna and Frankfurt. We do not run a different (cheaper) hardware tier in Panama because the operational headache of supporting two hardware lines is worse than the cost saving.

Physical security and access control

The facility runs 24/7 staffed security with biometric access controls at every entry point. Visitor logs are maintained per Panamanian regulations but not shared with foreign authorities without proper legal process. Server cabinets are locked with two-factor authentication required for access. Camera coverage is comprehensive throughout the colocation floor with footage retained for 90 days. We have never had a physical access incident in the 16 years we have been operating in Panama.

On-site operational team in Panama City

We maintain on-site technical staff in Panama City with deep knowledge of the local infrastructure, the regulatory environment, and the practical realities of running a serious operation in the country. Hardware swaps happen the same day, network changes happen within hours, emergency intervention is available 24/7. The Panama operation is not run remotely from Vienna; the team there speaks Spanish natively, knows the colocation provider personally, and has the relationships that make day-to-day operations smooth.

How we compare to other offshore providers

Honest comparison with the better-known offshore options

Most "best offshore hosting" lists are heavily affiliated. Below is an honest comparison with the providers we encounter most often in customer migration conversations. We are not always the cheapest. We are usually the more boring choice, and that is the point.

Attribute OS Domains Shinjiru Abelohost Flokinet AlexHost
Operating since 2008 (offshore product since 2009) 2008 2014 2012 2008
Primary jurisdiction Panama Malaysia + multiple Netherlands Iceland + Romania + Finland Moldova + Bulgaria + Romania
Acceptable Use Policy enforcement Strict, filter on the way in Standard offshore (looser) Specific exclusions documented Free-speech focus, narrow exclusions Standard offshore (looser)
Hardware quality Single-tenant ECC RAM NVMe Mixed, varies by location Solid, similar to ours Solid, NVMe options Mixed quality
Sub-processor list published? Yes, EU only Not published Limited disclosure Limited disclosure Not published
KYC for high-risk verticals Required for crypto and gaming Optional Standard ID for high-risk Limited KYC Optional
Cryptocurrency accepted Yes (Bitcoin, Monero, USDT) Yes Yes Yes Yes
Audited financial entity Yes, Austrian GmbH with audited accounts Private Private Private Private
Five plans, fixed monthly pricing in euros

How much does offshore hosting cost?

Plans run from €49 (VPS Single) and €119 (VPS Pro) up to €389 (Dedicated Single) and €749 (Dedicated Performance), plus custom multi-server builds. Pricing is in euros, billed monthly, no setup fee. Cryptocurrency is accepted on every plan (Bitcoin, Monero, USDT). For high-risk verticals (crypto exchanges, licensed gaming, adult content), KYC documentation is required during onboarding regardless of payment method. Annual prepay saves 15%.

VPS Single

Entry tier for small platforms, individual sites, low-volume work.

€49 / month

Live in 24 to 72 hours after AUP review

Ideal for

Personal blogs with controversial content, small political platforms, individual journalist sites, single-domain projects.

  • 4 vCPU, 8 GB RAM, 100 GB NVMe
  • KVM virtualization (not container-based)
  • 1 dedicated IPv4 + IPv6 /64
  • 5 TB/month bandwidth
  • Choice of Linux OS (Debian, Ubuntu, AlmaLinux)
  • KVM-over-IP for emergency access
  • AUP applies, full root access
  • Cryptocurrency payment accepted
Order VPS Single

VPS Pro

For mid-size platforms, small exchanges, regional content sites.

€119 / month

Live in 24 to 72 hours after AUP review

Ideal for

Small KYC-compliant exchanges, regional content sites with moderate traffic, journalism platforms with growing audience.

  • 8 vCPU, 16 GB RAM, 200 GB NVMe
  • Everything in VPS Single
  • 2 dedicated IPv4 + IPv6 /64
  • 10 TB/month bandwidth
  • Daily snapshots retained 7 days
  • Email support, 24h business response
  • KYC documentation processed during onboarding for high-risk verticals
Order VPS Pro
Most chosen

Dedicated Single

Single-tenant bare metal for serious workloads.

€389 / month

Live in 5 to 7 business days

Ideal for

Streaming platforms with substantial volume, mid-size exchanges, regional adult content platforms, gaming operators.

  • 16-core CPU (Xeon Silver / EPYC), 64 GB DDR4 ECC RAM
  • 2x 1.92 TB NVMe in RAID 1, hot-swappable
  • /29 dedicated IP block (5 IPs), IPv6 /64
  • 50 TB/month bandwidth at 10 Gbps
  • Volumetric DDoS protection up to 100 Gbps
  • KVM-over-IP for emergency access
  • Hardware replacement SLA: 8h business hours, 16h after-hours
  • Email support, 8h business response
Order Dedicated Single

Dedicated Performance

High-throughput dedicated for production workloads.

€749 / month

Live in 7 to 10 business days

Ideal for

Large platforms, exchanges with significant volume, multi-domain operations, content distribution.

  • 24-core CPU (Xeon Gold / EPYC), 128 GB DDR4 ECC RAM
  • 4x 3.84 TB NVMe in RAID 10, hot-swappable
  • /28 dedicated IP block (13 IPs), IPv6 /64
  • 150 TB/month bandwidth at 10 Gbps
  • Volumetric DDoS protection up to 100 Gbps
  • Advanced routing options available on request
  • Hardware replacement SLA: 4h business hours, 8h after-hours
  • Email and chat support, 4h business response
Order Dedicated Performance

Custom

Multi-server, multi-domain, signed SLA, dedicated support.

Custom annual

Onboarding 10 to 20 business days

Ideal for

Large operations needing multi-server clusters, formal SLA, custom hardware, advanced routing.

  • Build-to-spec hardware configurations
  • Multi-server clusters with private interconnect
  • Custom IP allocations (/27 or /26)
  • Custom log retention policies
  • Signed SLA with service credits
  • Dedicated technical contact
  • Custom contractual structures
  • 1-hour incident response SLA, 24/7
Talk to sales

High-risk verticals (KYC-compliant exchanges, licensed gaming operators, adult content platforms) require submission of relevant licenses or compliance documentation during onboarding. AUP screening is performed on every new account regardless of payment method. We have rejected applications and continue to do so. Cryptocurrency is accepted on all plans. Annual prepay saves 15%.

How onboarding actually works

How long does offshore hosting setup take?

From application to live server is 1 to 7 days. Onboarding for offshore differs from our standard products in two ways: the AUP screening adds 24 to 72 hours to provisioning, and high-risk verticals require KYC documentation review. Below is the realistic timeline.

  1. Step 1

    Application and AUP review

    You submit an application via the website with basic details about the intended use. For non-high-risk verticals (journalism, political content, educational, general legal use), the review is mostly a content compliance check and takes 24 to 48 hours. For high-risk verticals (crypto exchanges, licensed gaming, adult content), additional documentation is required: business registration, relevant licenses (gaming license, exchange registration, age verification system documentation). KYC documentation review takes 48 to 72 hours. Applications that fail screening receive a brief decline notice without further explanation. Applications that pass move to step 2.

  2. Step 2

    Payment and provisioning

    Once the application is approved, we send an invoice in EUR or accept payment in Bitcoin, Monero, or USDT. After payment confirmation (15 minutes for Bitcoin/USDT, 30 minutes for Monero), we provision the server. VPS plans deploy automatically within 1 to 2 hours after payment. Dedicated plans take 5 to 10 business days for hardware allocation and setup. You receive credentials via encrypted email or PGP, your choice.

  3. Step 3

    DNS and authentication setup

    For customers using their own domains, we provide the IP details for SPF, DKIM, DMARC, and any other authentication records needed. For customers wanting our authoritative DNS, we configure the records and propagate within an hour. We do not require domain registration through us; you can keep your domains anywhere.

  4. Step 4

    Steady-state operation

    After provisioning, the relationship runs as month-to-month operation. Monthly invoicing in EUR or via cryptocurrency. Support tickets handled by the same engineering team that runs the EU infrastructure. Hardware maintenance scheduled with 7 days of notice. We do not auto-renew cryptocurrency payments; you reauthorize each month, which is the correct pattern for cryptocurrency-paid services.

Real questions from prospective customers

What buyers ask before they apply

Are you bulletproof?

No. The word "bulletproof" implies impunity, and impunity is not what we sell. We operate under Panamanian law, our AUP excludes content that is illegal in Panama or in major receiving jurisdictions, and we respond to lawful court orders from courts with proper jurisdiction. What we do offer is a hosting jurisdiction where frivolous DMCA notices, abusive lawfare campaigns, and US administrative pressure do not have direct effect. The distinction matters and we will not blur it for marketing.

Do you ignore DMCA notices?

Panama does not recognize the US DMCA. A DMCA notice from a US copyright holder, sent to us, has no automatic legal effect. We forward the notice to the customer for awareness and we move on. If the underlying complaint represents an actual copyright violation under Panamanian law, the rights holder has a path through Panamanian courts and we respect that path. If it is the typical DMCA template letter from a copyright bot, it does not result in your site disappearing.

Will you respond to legal requests from US or EU authorities?

We respond to lawful court orders from courts with proper jurisdiction. A US federal court order for data on a server in Panama runs into Panamanian sovereignty, which means the order has to be transmitted via the appropriate diplomatic channel (mutual legal assistance treaty) and then evaluated by a Panamanian court. The friction is significant and the bar is much higher than a US-domestic request. For requests that arrive without proper procedure, we decline. For requests that arrive properly through the right channel and meet Panamanian legal standards, we comply because we are not a criminal organization.

How does the AUP work in practice? What gets rejected?

About 20 to 30 percent of new applications get rejected during the AUP screening phase. The rejection reasons fall into three buckets. First, content explicitly prohibited (CSAM, terrorism, malware infrastructure, fraud) — automatic rejection. Second, applications that look legitimate on paper but raise red flags during the screening (unverifiable business identity, applicant connected to previously banned accounts, content that meets the AUP technically but appears to mask something else) — also rejected. Third, high-risk verticals where the applicant cannot or will not provide the required documentation (no gaming license for a stated gambling operation, no AML procedures for a stated exchange) — rejected. The screening process is the product. Without it, the netblock would be unusable within months.

Can I sign up anonymously? Do you require ID?

For non-high-risk verticals, you provide a working email and a billing address. We do not verify identity beyond that. We do not require government ID, scans, or video calls. For high-risk verticals (KYC-compliant exchanges, licensed gaming, adult content platforms), we require business documentation (license certificates, business registration, AML procedures). The KYC requirement applies regardless of payment method — paying in Bitcoin does not exempt a stated crypto exchange from showing their license. The reason is straightforward: the operational quality of our shared infrastructure depends on the quality of the customers using it.

What payment methods do you accept?

EUR via SEPA bank transfer, EUR via card (Visa/Mastercard for non-high-risk verticals), Bitcoin (BTC), Monero (XMR), and Tether (USDT, both ERC-20 and TRC-20). For high-risk verticals where card processors do not work, cryptocurrency is the practical option. For Bitcoin and Monero, we use a payment processor that does not require KYC for the payment itself — your KYC, where required, is for the AUP, not for the payment. Annual prepay in cryptocurrency gets the standard 15% discount.

How is your operation different from Shinjiru, Abelohost, or AlexHost?

Three differences. First, jurisdiction: Panama only, while Shinjiru and AlexHost operate in multiple jurisdictions with varying quality. Second, AUP enforcement: we filter on the way in, while most offshore providers filter only after complaints arrive. Third, parent entity: we are a registered Austrian GmbH with audited accounts, while most offshore providers are private operations with limited disclosure. Whether these differences matter to you depends on your priorities. Customers who care about long-term operational stability tend to find them important. Customers who only care about initial price often do not.

What about DDoS protection? Offshore tends to attract attacks.

Volumetric DDoS protection up to 100 Gbps is included on every plan. For services that attract larger attacks (often the case for political content and high-profile platforms), we have arrangements with our upstream for additional capacity, and we offer a layer-7 mitigation add-on (€149/mo per node) that handles application-layer attacks. The combination handles real-world attacks at scale. If your threat model includes nation-state-level adversaries, we will tell you that on the discovery call and recommend a specialized DDoS provider in addition.

How does latency from Panama compare to EU and US hosting?

From Panama, latency to North America is around 60-80ms (worse than US hosting, similar to EU hosting), latency to Europe is around 130-160ms (worse than EU hosting, similar to US hosting), latency to LATAM is under 30ms (significantly better than either). For most applications, the latency penalty is acceptable in exchange for the jurisdictional benefit. For applications where every millisecond matters (real-time gaming, financial trading), we recommend a hybrid setup: Panama for the data and main application, plus a CDN with global edge nodes for static content. We can help configure this during onboarding.

What if the Panama datacenter has a major incident?

For customers who need Panama jurisdiction with redundancy, we offer multi-server setups within the Panama datacenter (on different racks, different power feeds, different network paths). We do not currently offer multi-region within Panama because there is only one Tier 3+ datacenter in Panama with the operational standards we require. For customers who need geographic redundancy across jurisdictions, we offer hybrid Panama + EU setups where the production workload runs in Panama and a cold-standby DR runs in our Vienna or Frankfurt PoPs. The DR setup involves accepting that the DR location is in EU jurisdiction; whether that is acceptable depends on your threat model.

Can we mix Panama hosting with EU hosting under one contract?

Yes, and many customers do. The most common pattern: production application in Panama with EU jurisdiction risk, plus EU dedicated hosting for non-sensitive workloads (CI runners, internal tools, dev environments) or for customer-facing services where EU data residency is a contractual requirement. One contract, one invoice in EUR, one technical account spanning both. The split lets you optimize jurisdiction per workload rather than betting everything on a single answer.

What is your stance on adult content?

Legal adult content is welcome, with appropriate documentation: age verification system in place, performer consent and age documentation maintained, compliance with the laws of the jurisdictions you actually serve. We do not host content that depicts non-consensual acts, content involving minors (regardless of how it is described or framed), revenge porn, or content distributed without the consent of all participants. Performers whose work appears on customer platforms can submit takedown requests via a documented process and we honor those requests within 48 hours.

How do crypto exchanges fit into this?

KYC-compliant exchanges with proper licensing in their operating jurisdictions are welcome. We require: business registration, AML/CFT procedures documented, evidence of KYC enforcement on user onboarding, and where applicable, licenses from regulators (BitLicense, MAS, FINTRAC, etc.). Exchanges that operate without KYC, that openly advertise jurisdictional arbitrage as the value proposition, or that have been the subject of regulatory enforcement actions, do not pass our screening. Mixers, tumblers, and privacy-coin-only services that do not implement basic AML are categorically excluded.

How long have you been doing this?

OS Domains GmbH has been operating since 2008. The offshore Panama product launched in 2009. The current Tier 3+ datacenter has been our Panama operation since 2015. We have been through enough complaint cycles, takedown attempts, and edge-case legal questions to have working playbooks for most of them. Customers who have spent time with cheaper offshore providers usually notice the operational difference within the first month.

What happens to my data if I cancel or your business ends?

On cancellation, you get 30 days to migrate your data off the platform. We provide standard tooling for export (rsync, snapshots, database dumps) and we will not hold your data hostage during the migration window. After 30 days, the storage is wiped according to NIST 800-88 standards (multiple-pass overwrite for spinning disks, cryptographic erasure for NVMe), and we provide a written certificate of destruction on request. If our business were to end, we have a documented continuity plan: the Austrian GmbH structure means there is a registered legal entity with audited accounts that owes you obligations, the Panama datacenter is operated under a colocation agreement that survives our company status changes for the contract period, and customer notice would be 90 days minimum before any service termination. We are profitable and bootstrapped without VC pressure, so this is unlikely, but the legal structure is designed for it.

Do you accept email infrastructure customers in Panama?

Conditionally yes. Email infrastructure (SMTP relay, MTAs) hosted in Panama works for legitimate transactional and opt-in marketing email targeting LATAM markets, where the local IP origination is actually beneficial for placement. We do not allow cold email infrastructure in Panama because the IP space we use there has to remain clean for the customers who need it for non-email workloads, and cold email has a structural conflict with that. For cold email infrastructure customers, our /smtp-relay, /email-sending-servers, and /cold-email-infrastructure products in EU PoPs are the right answer. The separation is not negotiable: mixing cold email and offshore IPs is how you destroy both products at once.

Can you help with domain registration for offshore use?

Yes, but with caveats. We register domains through partner registrars that are not US-based and that do not impose US-style takedown procedures. The available TLDs include the Panamanian .pa, the Swiss .ch, the Icelandic .is, and a curated list of generic TLDs (.com, .net, .org, .info) registered through registrars in jurisdictions that respect proper due process. We do not register .com or .net through US-based registrars because that creates a parallel takedown vector that defeats the purpose of offshore hosting. Domain costs are passed through at our wholesale rate without markup. WHOIS privacy is included by default where the TLD allows it.

What if a complaint or legal issue affects my account? How do you handle it?

When we receive a complaint or legal request that affects your account, we follow a documented process. First, we evaluate the request: is it a legitimate court order from a court with proper jurisdiction over us, or is it a template letter from a copyright bot, or is it an opportunistic administrative request without proper procedure? For the first category, we comply because we are not a criminal organization. For the latter two, we forward the request to you for awareness, document our position internally, and continue operating your service. We do not preemptively delete content or suspend accounts based on unverified complaints. We do not share your information with complaining parties without legal compulsion. We do tell you what arrived and what we are doing about it, so you can take any actions on your side that make sense (engaging counsel, modifying content if you choose to, or doing nothing if the complaint is meritless).

Is there a discovery call before I commit, or do I just apply directly?

Both options work. For straightforward cases (clear use case, standard verticals, no edge cases), apply directly through the website and the screening team will reach out if anything needs clarification. For cases with operational complexity (high-volume traffic, multiple servers, custom contractual structures, regulatory compliance scenarios) or where you want to verify fit before applying, the 30-minute discovery call is the right starting point. The call is no charge and no obligation. Half the calls we run end with us recommending a different vendor because the use case does not fit our AUP or our operational model. The other half end with a clear path to apply, often with specific recommendations for which plan tier and which configuration fit best.

How to start

Apply, get screened, get provisioned

The process is straightforward but the screening is real. About 20 to 30 percent of applications get rejected, which is high enough that you should treat the application as a real step rather than a formality. If your work is legitimate and matches one of the buyer profiles described above, the screening usually clears within 48 hours and you are live within a week. If you are not sure whether your use case fits, the discovery call is the right starting point.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment