Data Security

Backup Service protects your information at every stage, from initial backup to final deletion. Our approach includes encryption at rest, secure transmission, and protocols for irrevocable removal, safeguarding your data throughout its lifecycle.

Encryption at Rest

Encryption at Rest involves encrypting data stored on physical media. It protects data from unauthorized access when the data is not actively being used.

• Server-side Encryption: Uses AES-256 to encrypt data on storage devices, preventing unauthorized access outside the server.

• Customer-Side Encryption: Enables customers to encrypt each backup plan using a password, which is then converted into an encryption key for the AES-256 encryption method. Neither Acronis nor IONOS stores the encryption key, and if you forget the password, the backups will be irretrievable.

For the same reason, backups cannot be exported using the Bulk Export procedure, as a password is required to download and decrypt each backup.

Encryption in Transit

Backup Service encrypts all transferred data in real-time using secure protocols (HTTPS, TLS) and strong encryption algorithms. It ensures secure cryptographic key exchange with Diffie-Hellman and RSA.

Secure deletion

• Secure deletion is achieved by using customer-provided passwords for each backup.

• If no password is set, data is still securely deleted when it leaves the Acronis's perimeter.

• Acronis manages the physical infrastructure. When drives or equipment need repair or decommissioning, Acronis ensures complete data erasure from disks and internal memory according to NIST SP 800-88rev1. If erasure is not possible, equipment is physically destroyed to prevent data recovery.