# Data Security

<code class="expression">space.vars.backup\_service</code> protects your information at every stage, from initial backup to final deletion. Our approach includes encryption at rest, secure transmission, and protocols for irrevocable removal, safeguarding your data throughout its lifecycle.

## Encryption at Rest

Encryption at Rest involves encrypting data stored on physical media. It protects data from unauthorized access when the data is not actively being used.

* **Server-side Encryption:** Uses AES-256 to encrypt data on storage devices, preventing unauthorized access outside the server.
* **Customer-Side Encryption:** Enables customers to encrypt each backup plan using a password, which is then converted into an encryption key for the AES-256 encryption method. Neither Acronis nor <code class="expression">space.vars.ionos\_cloud</code> stores the encryption key, and if you forget the password, the backups will be irretrievable.

For the same reason, backups cannot be exported using the Bulk Export procedure, as a password is required to download and decrypt each backup.

## Encryption in Transit

<code class="expression">space.vars.backup\_service</code> encrypts all transferred data in real-time using secure protocols (HTTPS, TLS) and strong encryption algorithms. It ensures secure cryptographic key exchange with Diffie-Hellman and RSA.

## Secure deletion

* Secure deletion is achieved by using customer-provided passwords for each backup.
* If no password is set, data is still securely deleted when it leaves the Acronis's perimeter.
* Acronis manages the physical infrastructure. When drives or equipment need repair or decommissioning, Acronis ensures complete data erasure from disks and internal memory according to NIST SP 800-88rev1. If erasure is not possible, equipment is physically destroyed to prevent data recovery.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/backup-and-storage/backup-service/overview/data-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.