Where are backups stored?
Backups are hosted exclusively within the European Union. No data is transferred outside the European Union or the European Economic Area as part of the service, and none of Cybee’s data processors are located outside these regions. This commitment is included in Cybee’s contractual documents (Service Description and Terms and Conditions), not just in its communications.
Two European hosting providers, specified in the contract
Backup storage is hosted, in the form of object storage, by one of the following two hosting providers:
- Leviia, a French provider whose data centers are located in France, in Lyon or Marseille. Its infrastructure is certified to ISO/IEC 27001 and HDS (Health Data Host);
- T Cloud Public, a public cloud service operated by T-Systems International (Deutsche Telekom Group), whose regions are located in Germany and the Netherlands. Its data centers are certified to ISO/IEC 27001, ISAE 3402, and PCI-DSS, among other standards.
The allocation applicable to each customer is specified in their service agreement. The Cybee administration console and the service infrastructure are hosted on T Cloud Public.
An open architecture: the S3 object storage standard
Cybee relies on S3-compatible object storage, the de facto standard for cloud storage. This architectural choice has an important implication: the solution is not tied to any specific hosting provider. Cybee backup repositories can be deployed on the infrastructure of any provider offering S3-compatible object storage, including the following European market players:
- OVHcloud (France);
- Scaleway (France);
- Infomaniak (Switzerland);
- or any other S3-compatible object storage provider that meets the customer’s location requirements.
For an organization subject to specific location or vendor-related requirements, this S3 compatibility offers a freedom of choice that proprietary backup solutions—which are tied to their own cloud—do not allow. It also provides future-proofing: changing hosting providers does not mean changing backup solutions.
A contractual guarantee, including long-term stability
Hosting providers are specifically named in the Service Description. Any change in hosting provider is governed by the contract: the customer must be notified three months in advance, the data’s location within the European Union must be maintained, and a certification level at least equivalent to the current one must be retained. European location is therefore not a revocable technical choice, but a commitment that remains in effect for the duration of the contract.
Data Unreadable by the Hosting Provider
Regardless of the infrastructure chosen, the data’s location is complemented by technical protection: data is encrypted using AES-256 at the source before being transmitted. The hosting provider stores only encrypted data, and the encryption keys never pass through its systems. Even in the event of physical access to the storage infrastructure, the contents of the backups remain unreadable.
Finally, the data benefits from native redundancy: it is replicated across two or three availability zones, depending on the hosting infrastructure.
To learn more: