Security

Security & Compliance Policy: YourBackup

Our users trust us to keep their data safe and secure—a responsibility we take seriously. As an authentic, privacy-first partner, we balance high-level technical safeguards with a transparent approach to how your information is handled.

Vulnerability Disclosure

If you would like to report a vulnerability or security concern regarding YourBackup, please contact our team at [email protected]. We verify all reports and take corrective action with high priority.

1. Compliance

YourBackup operates as a privacy-centric data utility. We act as a data processor when linking your third-party social platforms (Google, TikTok, etc.) to fetch and export your data. We act as a data controller regarding your account information (username and encrypted credentials).

YourBackup is fully GDPR-compliant. We use industry best practices for security and have vetted all third-party subprocessors for compliance. While the data fetched via third-party APIs is ultimately governed by those platforms’ terms, we provide the tools—such as our “Danger Zone” immediate wipe—to ensure you can exercise your “Right to be Forgotten” across our infrastructure instantly.

2. Infrastructure

YourBackup is hosted on the Google Cloud Platform (GCP), which undergoes regular independent audits for standards including ISO 27001, SOC 2, SOC 3, and PCI DSS.

Infrastructure Security

Google’s infrastructure provides the bedrock of our security, including:

Physical Security: Data centers protected by biometrics, laser intrusion detection, and 24/7 security guards.
Hardware Security: Custom-built servers with a chip-based root of trust and a secure boot stack.
Network Security: All internal WAN traffic is automatically encrypted. We utilize logically isolated virtual private clouds to keep your data partitioned.
Data Security: All data is encrypted at rest using AES-256. Encryption keys are regularly rotated and integrated with cryptographically authenticated service identities.

3. Application Security

Authentication and Access Control

As detailed in our Auth Screens, users access YourBackup via a secure Sign Up/Login process.

User Credentials: Passwords are never stored in plain text; they are hashed and salted using industry-standard algorithms.
Session Management: Our Login screen features a “Remember Me” toggle, which manages short-lived, secure session tokens.
OAuth 2.0 Flow: When you use the Connection Cards on your Central Dashboard, YourBackup uses OAuth 2.0 flows to link third-party services. We store these tokens using high-level encryption, and they are only used to facilitate your “Download Data” requests.

Encryption

In Transit: All access to YourBackup is encrypted using HTTPS (TLS 1.2+). We have disabled older, vulnerable protocols like SSLv2 and SSLv3.
At Rest: YourBackup employs full disk encryption for all data storage. Your data never reaches our cloud environment in an unencrypted state during transmission.

Data Retention and Removal

Our Settings / Account Management section is designed for user autonomy:

Immediate Wipe: Clicking the “Delete Account” button in the Danger Zone triggers a confirmation modal. Once confirmed, all OAuth tokens and data archives are wiped from active databases immediately.
Backup Grace Period: Following deletion, data may persist in our encrypted backups for a short period (up to 1 month) to protect against accidental removal, after which it is purged permanently.

4. Application Development Lifecycle

We use Continuous Delivery to develop and deploy YourBackup.

Automated Testing: Every update is subjected to automated security scans and error reporting.
Rapid Response: This allows us to deploy patches for potential vulnerabilities or bugs within hours, reducing the risk of human error in our deployment pipeline.

5. Data Security and Privacy

Employee Access

Zero-Trust Policy: YourBackup staff members adopt a Zero-Trust-Network-Access policy.
Least Privilege: Employees only have access to the specific systems required for their role. Access to central resources requires two-factor authentication (2FA).
Privacy First: Staff will never access user-controlled data.

Geographic Location

By default, all customer data processed via our utility is stored within the European Union (EU). Depending on your configuration and the third-party services you connect, data may transiently pass through CDN caches outside the EU to ensure high performance during data exports.

6. Business Continuity

High Availability

YourBackup is built on fully redundant systems across multiple data centers.

Resilience: Our platform can withstand the loss of a single component or an entire data center without significant service disruption.
DDoS Protection: Our load balancers and CDN are designed to absorb and mitigate Distributed Denial of Service attacks.

Backups

In addition to real-time replication, our databases are continuously backed up to remote storage in multiple EU regions. We can restore the system to any point in time within the past six months with per-transaction precision, ensuring that even in the event of a system-wide failure, your account status and connection metadata remain recoverable.

Last Updated: April 2026

YourBackup Security Team