MicroBackupsMicroBackups

Compliance built in from day one

MicroBackups is certified for the world's most stringent data protection standards. Protect your data and your organisation's compliance posture simultaneously.

GDPRHIPAAPCI DSSSOC 2 Type IIISO 27001CCPAPrivacy Shield

GDPR

General Data Protection Regulation

MicroBackups acts as a Data Processor for personal data of EU residents. We sign a Data Processing Agreement (DPA) upon request. EU customer data is stored within the EEA. We support data subject access requests and deletion rights.

DPA available on requestEU data stored within EEAData subject access and deletion supportedData residency enforced at storage layer

HIPAA

Health Insurance Portability and Accountability Act

For healthcare organisations, MicroBackups signs a Business Associate Agreement (BAA). Our systems and processes are designed to comply with the HIPAA Security Rule, including technical safeguards for electronically protected health information (ePHI).

BAA available for eligible customersAES-256 encryption for ePHI at restTLS 1.2 in transitAudit controls and access logging

PCI DSS

Payment Card Industry Data Security Standard

MicroBackups is PCI DSS compliant. Our controls address cardholder data environments and the requirements for organisations that process, store, or transmit credit card data.

PCI DSS certifiedScoped infrastructure controlsNetwork segmentation enforcedQuarterly vulnerability assessments

SOC 2 Type II

Service Organization Control 2

Our SOC 2 Type II report, conducted by an independent CPA firm, verifies that MicroBackups' controls for security, availability, and confidentiality have been operating effectively over the audit period. Report available to customers under NDA.

Independent third-party auditSecurity, availability, and confidentiality TSCsAnnual audit cycleReport available under NDA

ISO 27001

Information Security Management System

MicroBackups maintains an ISO 27001-certified Information Security Management System (ISMS). Annual surveillance audits ensure continued compliance with the international standard for information security.

Certified ISMSAnnual surveillance auditsRisk management frameworkContinuous improvement process

CCPA

California Consumer Privacy Act

MicroBackups complies with the CCPA for California residents. Users can request access to their personal data, request deletion, and opt out of data sale (we do not sell personal data).

Data access requests honouredData deletion requests honouredNo personal data soldPrivacy notice maintained

Privacy Shield

EU–US and Swiss–US Privacy Shield Framework

MicroBackups participates in and has certified compliance with the Privacy Shield Framework, ensuring trans-Atlantic data transfers comply with EU and Swiss data protection requirements.

EU–US Privacy Shield certifiedSwiss–US Privacy Shield certifiedAnnual self-certificationDispute resolution available

Data residency — your data stays where you choose

Select your storage region at setup. Your backup data is stored exclusively in that region — never replicated across borders without explicit configuration.

🇺🇸

United States

us-east-1 / us-west-2

CCPAHIPAAPCI DSS
🇪🇺

European Union

eu-west-1 (Ireland)

GDPRPrivacy Shield
🇬🇧

United Kingdom

eu-west-2 (London)

UK GDPRICO
🇨🇦

Canada

ca-central-1

PIPEDA
🇦🇺

Australia

ap-southeast-2 (Sydney)

Privacy Act 1988

Compliance documentation available on request

Contact our team to request any of the following:

SOC 2 Type II Report

Available under NDA

Data Processing Agreement (DPA)

For GDPR compliance

Business Associate Agreement (BAA)

For HIPAA customers

ISO 27001 Certificate

Available on request

Penetration Test Summary

Annual third-party testing

Sub-processor List

Full list available

Request Documentation

Start compliant from day one

14-day free trial. All compliance features included. No credit card required.

Start Free Trial