Frequently asked questions

How eazyBackup is PIPEDA compliant

Backing up:

eazyBackup always encrypts all user data before sending or storing it, using strong AES-256-CTR with Poly1305 in AEAD mode with high-entropy random keys. The user’s password is used to derive two 192-bit keys (the “L” and “R” keys) via PBKDF2-SHA512, with hard-coded parameters for repeatable output.

  • The L-key is used to log in to the Auth Role server in place of the real password; the server stores only a bcrypt(sha512) hash of this L-key.
  • The R-key never leaves the client, and is used to encrypt secret keys stored within the user’s profile on the server.

During rest:

When eazyBackup sets up a Storage Vault for the first time, it generates two high-entropy random keys (the 256-bit “A” and 128-bit “E” keys). All user data in the Storage Vault is stored encrypted with the A-key using AES-256 in CTR mode, and authenticated using Poly1305 in AEAD (encrypt-then-MAC) mode. The only party with the decryption key is your company/the backup user. This ensures total privacy of the PHI data.

Does data retention have a limit?

eazyBackup will by default keep all backup data forever. Even if the files are deleted from the customers computer, our default retention policy keeps all data with no time limits.

However, you may choose to change the default policy and keep just the last 30 days of backed-up data, or all data from the last 100 backup jobs.