At ProBackup, delivering best-in-class data backups starts with making our platform a secure and trustworthy environment. Data security is our highest priority. For transparency, here are the key measures we take to keep your data safe and available around the clock.
Infrastructure Security
User data is stored exclusively in AWS data centres in Dublin, Ireland, certified to industry standards including ISO 27001, SOC 1 & 2, and PCI Level 1. AWS data centres employ rigorous physical security: 24/7 CCTV, intrusion detection, access logging, redundant power, fire suppression, and water leakage detection.
We enforce strict access controls with multi-factor authentication for production environments, limit privileged access to authorised personnel, and promptly revoke access when no longer required. Data encryption keys and production systems are securely managed to minimise risk.
Continuous monitoring covers intrusion detection, performance metrics, log management, and vulnerability assessments. Network segmentation, firewalls, and system hardening bolster resilience. Details on AWS security practices are available at AWS Compliance Programs.
Organisational Security
We apply strict asset disposal policies, maintain detailed inventories of production systems, and deploy up-to-date anti-malware tools.
All staff and contractors undergo background checks, sign confidentiality agreements, and comply with our Code of Conduct, acknowledged at hire and regularly enforced. Annual performance reviews and robust password policies are standard. Mobile devices are centrally managed via Mobile Device Management (MDM). Visitors to secure areas must follow strict sign-in and escort protocols. Security awareness training is mandatory at onboarding and annually thereafter.
Product Security
Our product security protects your data at every stage. Sensitive data is encrypted at rest using AES-256, with keys securely managed by AWS Key Management Service. Data in transit is protected by SSL on port 443 and enforced via HTTP Strict Transport Security (HSTS) to guarantee HTTPS connections.
We conduct annual control self-assessments and penetration tests, remediating vulnerabilities promptly. Policies for vulnerability management and system monitoring ensure proactive risk mitigation and system integrity.
Internal Security Processes
We maintain comprehensive Business Continuity and Disaster Recovery plans to ensure operational resilience and hold cybersecurity insurance for financial protection. Access to production deployments is tightly controlled. Our formal Systems Development Life Cycle (SDLC) governs all system changes.
Regular access reviews and documented approvals enforce appropriate access controls. Security policies are reviewed annually. Incident response procedures enable swift resolution of security or privacy incidents. Quarterly vulnerability scans identify risks, with critical issues remediated promptly. Users can report issues via our support system, and an anonymous whistleblower policy is in place.
Data and Privacy
We are committed to protecting your data and ensuring transparency. Our data retention and disposal policies secure the storage and permanent deletion of customer data upon service termination. A data classification policy safeguards sensitive information, restricting access to authorised personnel only. Please see our Privacy Policy for full details.
ProBackup acts as both data processor and data controller as appropriate. As processor, we handle personal data on behalf of customers, who retain control over purpose and means. This relationship is formalised via our Data Processing Addendum (DPA). As controller, we manage personal data about our customers and comply with data protection regulations including GDPR, as outlined on our website.