The only access we get to your server is throught the DBacked agent. It's a simple executable written in NodeJS that will query our server, download
mysqldump, encrypt the backup and stream it to your DBacked Amazon S3 bucket.
We never ask you for a SSH access to your server.
The agent code is open-source and reproductible. You can read it here and build it yourself.
DBacked uses an entreprise grade encryption system for your backup. We cannot read your data even if the NSA ask us to do it.
Before leaving your server, all the data is encrypted with a unique 256-bits AES key generated for each backup. This key is encrypted with your public RSA key that has been generated from the webapp (by default 4096-bits) or that you have provided.
The decryption happens on your server with the DBacked decryption tool and your private RSA key. You also can download the encrypted backup and decrypt it offline if you don't want your key to be on a online server.
Our application servers are hosted by OVH in Roubaix, France. These servers store everything except your backups and we constantly are monitoring them.
Your backups are stored on Amazon S3. You can select the physical location of your data from 18 cities around the world when you first configure your database.
You can get more detailed information about what the agent does on your server by looking at the documentation on the dedicated website: https://dbacked.github.io/agent/