🔒 256-bit AES Encryption
🔐 Zero-Knowledge Architecture
🇪🇺 GDPR Compliant
At Relica, security isn't an afterthought — it's the foundation of everything we build. Your data is encrypted before it ever leaves your device, and only you hold the key.
🔐 Zero-Knowledge Encryption
Relica uses a zero-knowledge architecture, which means your backup data is encrypted on your device before transmission. We never see, store, or have access to your encryption key. Even if our servers were compromised, your data would remain completely unreadable without your personal encryption key.
What this means for you: Only you can decrypt your backups. Not us, not anyone else. Your privacy is mathematically guaranteed.
Encryption Standards
🔒 Data at Rest
All backup data is encrypted using AES-256 encryption before leaving your device. This is the same standard used by governments and financial institutions worldwide.
🔒 Data in Transit
All communications between your device and our servers use TLS 1.2 or higher with modern cipher suites, ensuring your data cannot be intercepted.
🔐 Key Derivation
Your encryption key is derived from your password using industry-standard key derivation functions, making brute-force attacks computationally infeasible.
🛡 Authenticated Encryption
We use authenticated encryption modes that verify data integrity, ensuring your backups haven't been tampered with during storage or transmission.
Infrastructure Security
Multi-Cloud Redundancy
For Relica Cloud customers, your encrypted data is stored across multiple independent cloud providers. This multi-cloud approach ensures:
- High availability — Your data remains accessible even if one provider experiences issues
- Geographic redundancy — Data is replicated across different regions
- No lock-in — You can restore your data even if our services go down using restic
Data Center Security
Our infrastructure providers maintain strict physical and operational security controls including:
- 24/7 security monitoring and access controls
- SOC 2, ISO 27001, and other industry certifications
- Regular security audits and penetration testing
- Redundant power, cooling, and network connectivity
Application Security
Secure Authentication
- Password requirements — We enforce strong password policies and check against known breached passwords
- Session management — Automatic session timeouts protect against unauthorized access
- Secure storage — Account credentials are hashed using modern algorithms with unique salts
Client Application
- Local-only interface — The Relica client interface is only accessible from your local machine
- Code signing — All releases are cryptographically signed to verify authenticity
- Automatic updates — Security patches are delivered automatically to keep you protected
- Open-source foundation — Relica is built on proven open-source components including restic and rclone
Privacy by Design
What We Cannot Access
- The contents of your backup files
- File names or folder structures in your backups
- Your encryption key or password
- Any data that would allow us to decrypt your backups
What We Do Store
- Your email address (for account access and notifications)
- Billing information (processed by our payment provider; we don't store card numbers)
- Backup metadata (sizes, timestamps, and device identifiers for service operation)
- Support communications (when you contact us)
Ransomware Protection
🛡 Immutable Backups
Relica offers immutable backups that cannot be modified or deleted for a customer-defined retention period—even by administrators. This provides true protection against ransomware that targets backup systems.
Why this matters: Modern ransomware specifically targets backups to prevent recovery. Immutable storage ensures your backups remain intact and recoverable, even if attackers gain administrative access.
Compliance Support
Relica's architecture supports compliance with:
- GDPR — EU General Data Protection Regulation requirements for data protection and privacy
- HIPAA — Backup and disaster recovery requirements for healthcare data
- SEC 17a-4 — WORM (Write Once Read Many) storage requirements for financial records
- SOC 2 — Availability criteria for service organization controls
Note: Relica provides technical controls that support these frameworks. Customers are responsible for their own compliance programs and should consult with qualified compliance professionals.
Additional Compliance Features
- Data Processing Agreement — Available for business customers requiring formal data processing terms
- Data portability — You can export or delete your data at any time using industry-standard tools
- Right to erasure — Request complete deletion of your account and all associated data
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
- Email us at security@relicabackup.com
- Include detailed steps to reproduce the vulnerability
- Allow reasonable time for us to address the issue before public disclosure
We appreciate the security research community and will acknowledge valid reports.
Questions?
If you have questions about our security practices, please contact us:
Email: security@relicabackup.com
Support: support@relicabackup.com