← Back to Restorely

Trust

Restorely Trust Hub

A plain-language overview of the vendors Restorely depends on, how snapshot encryption works, and how to contact us about trust or security questions.

Encryption

How backup data is protected

Encrypted at rest with AES-256-GCM envelope encryption (per-tenant keys) before any object lands in storage
Encrypted snapshots, plain restore reports, and narrow data scope. Restorely does not claim SOC 2 certification, does not provide procurement documents, and does not support regulated data.

Restorely uses envelope encryption for sensitive backup data. Each tenant gets a data encryption key (DEK). The DEK is wrapped with the platform master key-encryption-key loaded from RESTORELY_MASTER_KEK_V1, and encrypted payloads are bound to the tenant and object key as authenticated data.

Traffic to Restorely uses TLS in transit. Backup objects are encrypted by Restorely before object storage, and Cloudflare R2 server-side encryption remains an additional defense-in-depth layer at the storage provider.

Subprocessors

Vendors used to operate Restorely

We keep the list below current as Restorely changes. Region details are stated only as precisely as the codebase and current product copy support.

SubprocessorRoleRegion
Cloudflare R2Object storage for encrypted snapshots at restEastern North America location hint with Cloudflare default jurisdiction; Cloudflare may store data in other regions it operates
NeonPostgres database for application and tenant metadataUS-east region configuration
VercelApplication hostingConfigurable / US-region by default
StripeBilling and paymentsConfigurable / US-region by default
ResendTransactional emailConfigurable / US-region by default
LinearOAuth target and the SaaS being backed upConfigurable / US-region by default

We update this page when subprocessors change and notify active customers by email before a new subprocessor processes customer data.

Incident response

Breach notification

If we confirm a data breach involving customer personal data, we notify affected customers without undue delay and within 72 hours when legally required, consistent with our Privacy Policy.

Contact

Trust questions

Email hello@restorely.io for trust, security, privacy, or subprocessor questions.

Live checks

Security link-outs

SSL LabsVerify our live TLS configuration.SecurityHeadersVerify our live security headers.

Related

Security methodologyRestorely status