Backupify security overview

Data security is our #1 priority

Backupify is the leading backup provider for cloud application data, offering an all-in-one archiving, search, and restore solution for the most popular online services, including Google Apps, Salesforce, Box, Social Media, and more. Backupify ensures that companies can access and control the data they entrust to these systems and prevents data loss from external threats, user error or service failure. Keeping your valuable data secure is a top priority at Backupify and at the core of how we build out product.


SOC 2 Type II audited

Backupify has completed a SOC 2 Type II audit against the AICPA Service Organization Control Trust Services Principles, Criteria, and Illustrations for security, availability, processing integrity, confidentiality, and privacy. The audit firm concluded that controls were suitably designed and operating effectively to provide reasonable assurance that control objectives would be achieved.


Safe Harbor compliant

Backupify is self-certified in compliance with the US Department of Commerce Safe Harbor program. We maintain and enforce privacy practices that comply with the EU Privacy Directive on the protection of customer data. We have controls to give notice to customers when collecting personal data, allow customers to access and update their own information, and provide adequate security around all personally identifiable information.


Data control and monitoring

Backupify gives you advanced admin controls to manage and monitor your data, including:

  • Ability to download and export data
  • Ability to restore data back into the app
  • Configurable data retention
  • Audit log of account activity


Vulnerability management

Backupify undergoes regular penetration testing and daily vulnerability scanning to maintain the security of our app. We’re continually scanning and testing the app internally, as well as contracting with external firms.


Skyhigh Network’s CloudTrust member

Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.


HIPAA compliant

Backupify has successfully completed a HIPAA audit by an independent 3rd party, certifying that Backupify has met all administrative, technical, and physical requirements in compliance with the HIPAA security rule.

Built-in data encryption

Every account Backupify protects receives a unique AES 256-bit encryption key. All data written for the account is encrypted with that key prior to storage.

  • All authenticated user interaction (login, service configuration, settings changes, accessing archived data) occurs over a 256-bit encrypted channel (SSL).
  • All data transmissions with third-party APIs (e.g. Google Apps, Salesforce) occur over a 256-bit encrypted channel (SSL).
  • All data at rest is stored in Amazon S3, which includes your complete Backupify service archives, and is encrypted using a randomly generated AES-256 bit key unique to each user.


Internal controls

Backupify grants access to stored data internally using the principle of least privilege through appropriate roles and only on a need-to-know basis, and manages its systems in line with security industry best practices, including the ISO 27000 series and NIST Security Publications.


Cloud Security Alliance member

Backupify is a member of the Cloud Security Alliance (CSA), a nonprofit organization dedicated to promoting best practices for providing assurance within cloud computing.