OwnBackup takes privacy and security very seriously. Our platform was built from the ground up with security in mind utilizing leading information-security best practices. We help our customers stay in compliance within a variety of data protection regulations.
OwnBackup is SOC2 Type II compliant and completes an annual SOC2 compliance review, audited by licensed PCI QSA auditors, KirkpatrickPrice. This process ensures that information security practices, policies, procedures and operations meet or surpasses the rigorous SOC2 standards for security, availability, confidentiality and processing Integrity.
OwnBackup is working in accordance with both the HIPAA and HITECH regulations. For customers that process Protected Health Information (PHI) and Personally Identifiable Information (PII) we are able to enter into a Business Associate Agreement (BAA). We utilize dedicated and a physically separated environment for HIPAA customers.
OwnBackup instances and storage are available on both AWS and Azure. The service is hosted on AWS cloud platform in the USA and the European Union. On Azure, the service is hosted in the USA. These top-tier, secure facilities hold the following accreditations: SOC1 – SSAE-16, SOC2, PCI DSS Level 1, ISO 27001, HIPAA, FIPS 140-2 FedRAMP and more. These data centers are protected by the strictest security controls and physical access to the servers is restricted to authorized personnel only. OwnBackup’s services run on our own VPC (Virtual Private Cloud) inside AWS or an Azure Virtual Network inside Azure in order to further isolate our networks in accordance with network and security best practices.
OwnBackup’s security features ensure that data is always encrypted: both in transit and at rest. Our state of the art security measures include: TLS1.1 and TLS1.2 on every page in order to ensure all traffic to and from the website is always encrypted. Additionally, while at rest, the OwnBackup platform uses AES 256bit encryption and community-adopted oAuth authentication protocol to ensure passwords are never stored on our servers.
Data Backups and Disaster Recovery Plan (DRP)
OwnBackup’s backup policies and procedures outline the different critical resources that are backed-up automatically. Encrypted production volumes are backed up automatically twice a day onto a separate infrastructure. Furthermore, application level exports are also performed on our various tools and databases.
OwnBackup’s DRP is designed to ensure the continuation of vital business processes in the event of a disaster. The DRP enables recovery within the RPO and RTO needed to meet our SLAs. OwnBackup exercises its DRP twice a year.
For security related questions or to report an incident contact us 24/7 via email: