Security and privacy are at the core of what we do!

We build features and architecture our systems in a security-first manner.

Top-notch datacenters

Our applications are running on secure infrastructure operated by AWS and located in Europe and USA.

Secure by design

SimpleBackups is built in a way that no backup data is ever stored or passed through our servers, which drastically reduces the risk of data breach.

User data restrictions

No database access is given to any employees or third-parties.

Backup encryption for all

All backups, on any plan can be fully encrypted using your own RSA keys, meaning you're the only one able to decrypt them.

Your account security

Oauth 2 and 2-Factor Authentication
You can use your Github or DigitalOcean OAuth 2 integration to log in to SimpleBackups and we also support 2FA.
Manage teams and users permissions
Manage who can access your resources, organise them by group and restrict level of access for each team member.
What happens if my account on SimpleBackups is compromised?
The beauty of SimpleBackups is that it allows us to answer all the following questions by a 'No'.
We tried other solutions in the past, and this was not the case, which is why we believe that our solution is the safest bet.
  • Storage secret can be viewed from my account? No.
  • Servers SSH keys could be retrieved from my account? No.
  • Servers SSH passwords could be viewed from my account? No.
  • Backups on my offsite storage could be deleted by any means? No.
  • Encrypted backups could be decrypted by anyone other than the private key owner? No.
  • If SimpleBackups disappears one day, or if my account is deleted, will I not be able to retrieve my backups? No.

Your backups security

Your account, team settings, ...

Encryption with your own RSA key
Backup encryption is fully managed by your own RSA key meaning you're the only one able to read it. Not us. So don't lose your key!
We log activity for all backup operations
Any activity on your backup is logged and displayed on your backup view page.
AES-256 encryption across the board
All backup, server and storage related data is encrypted using AES-256. This means it's impossible to read the data without the encryption key in case of a data breach. Additionally:
  • All backup jobs that run do not work outside the backup directory you set or the /tmp directory
  • The scripts that run are thoroughly tested on our infrastructure continuously (we have automated test cases for all backup types, unit-tests, and minutely running backups for testing)
  • The backup scripts run for all users all the time, including us as well, since SimpleBackups uses itself to maintain its own backups
Store your backups on your storage
You can bring your own storage and connect it to SimpleBackups. In this case the data is sent from your server to your storage, not passing by our servers at anytime.

Your storage security

Leverage S3 permissions
S3 permissions allows you to easily restrict access to only certain folders. We document this process for most providers and encourage you to use the least possible permissions.
Dropbox & Google Drive Permissions
When connecting to Dropbox or Google Drive, SimpleBackups access is restricted to its own folder only.
Support for object-locked storage
You have the option to connect an immutable storage with object-lock activated.
Support for read-only storage
You have the option to connect a read-only storage to ensure that data is never deleted by any means.
SimpleStorage infrastructure & permissions
SimpleStorage is hosted on AWS and is fully managed by us. A unique IAM will be created for each user having their own access to their own bucket space. This guarantees a fully secured storage environment.

Your servers security

Data encryption
All data you enter in SimpleBackups is encrypted using AES-256 encryption. This means it's impossible to read the data without the key in case of a data breach. We never store passwords/secrets in clear text.
We don't need a root access!
The SSH access provide only requires read access to the folders you need to back up, nothing more!

Compliance & Security Standards

GDPR compliance
SSL encryption
Hosted on AWS
Secured by CloudFlare
IS27001

European based company

We're based in Belgium and we're a European based company. We follow the European Data Protection Regulation (GDPR) to ensure the protection of your data no matter where you are in the world.

ISO 27001 Certified

SimpleBackups is ISO 27001 certified. This means that we have a framework of policies and procedures that includes all legal, physical and technical controls involved in our information risk management processes.

SSO and 2FA for all

You can use your Github or DigitalOcean OAuth2 integration to login to SimpleBackups and we also support 2FA for all users.

No third-party data access

We don't let any third-party access the data stored in SimpleBackups or access any of our servers

Automated tests

All our releases are tested by our team of engineers and we make sure that all our releases are safe and secure. We also have automated tests for all our releases.

No access to your data

No data of your backup is accessible by anyone from the team. We do not store any of these on our servers. We only have access to logs and meta data.

Activity Logs

We log all activity performed by our team and by our systems. We can track what action was taken by who, at any moment. Same applies to the actions by your team members on your SimpleBackups account.

Secure by design

simple backups flowchart

No backup data stored

Secure SSL connections

Backup encryption

Frequently Asked Questions

What certification do you have?

What data are your storing?

What about SimpleStorage security?

What if my SimpleBackups account is compromised or deleted?

Would I lose access to my backups if I leave SimpleBackups?