Security at AlreadyBack.

• ·AES-256-GCM for all backup data at rest.
• ·TLS 1.3 in transit, with Post-Quantum readiness (PQC auto via Cloudflare).
• ·Optional BYOK (customer-held keys) on the Immunity plan — we never see your data in the clear.

• ·Defense-in-depth compute infrastructure hardened to industry baselines.
• ·Default-deny network posture at every layer.
• ·Principle of least privilege enforced on all deployed services.
• ·Immutable, cryptographically-pinned production releases.

• ·Multi-tier backup architecture with immutable offsite storage (WORM-locked, 30-day minimum retention).
• ·Restore drills validated quarterly against full production workloads.
• ·Sub-5-minute recovery time objective (RTO) — measured, not aspirational.

• ·EU-West: live today.
• ·US-East: Q2 2026.
• ·APAC (Singapore): Q3 2026.
• ·Enterprise clients on Immunity can replicate backups across multiple regions.

Custom regions, on-premise, and air-gapped deployments available for enterprise. Contact us.

• ·Continuous observability with real-time metrics, dashboards, and centralized logs.
• ·Behavioral threat detection at the edge.
• ·24/7 alerting — critical events wake a human, not a queue.
• ·Every production build scanned for vulnerabilities before deployment.

• ·SOC 2 Type II: in progress, target H2 2026.
• ·GDPR-compliant by design: EU representative, pre-signed DPA with SCCs, public sub-processor list.
• ·CCPA-compliant: rights to know, delete, opt-out, and non-discrimination.
• ·EU Cyber Resilience Act (CRA) reporting ready before the September 2026 deadline.