Skip to main content
BackupMaster prioritizes the security of your data, implementing industry-standard measures to prevent breaches and loss. This page provides an overview of the security protocols that protect your business and personal information.

Encryption

BackupMaster encrypts your data at every stage:
  • In transit: All data transferred between your Shopify store and BackupMaster uses the latest recommended secure cipher suites and TLS (Transport Layer Security) protocols.
  • At rest: Backup data stored on Microsoft Azure servers is encrypted using AES-256 encryption.

Microsoft Azure infrastructure

BackupMaster’s infrastructure and your data are hosted on Microsoft Azure in the South East US region. Azure data centers adhere to critical industry standards including ISO/IEC 27001:2013 and NIST SP 800-53, ensuring security and reliability. These facilities are managed and operated by experienced Microsoft operations staff who maintain, monitor, and administer the data centers with 24/7 continuity. Azure provides built-in redundancy and high availability, so your backups remain safe even during temporary service interruptions.

SOC 2 certification

BackupMaster is SOC 2 certified. An independent auditor verifies that BackupMaster’s security controls meet AICPA standards for data security, availability, and confidentiality. Compliance is maintained through continuous monitoring and an annual audit. For more details, see SOC 2 certification.

Access controls

  • BackupMaster connects to your store through the Shopify API using OAuth tokens granted during installation
  • Any staff member with app access in your Shopify admin can open BackupMaster
  • Access within the app is determined by Shopify’s app permissions
  • The external portal uses a separate password and email verification

Internal controls

BackupMaster enforces strict internal policies and processes to safeguard data, protect assets, and restrict access to sensitive systems and infrastructure. Access to customer data and production systems is limited to key staff and is granted strictly on a need-to-know basis. All access is logged.

How BackupMaster processes your data

  • The app reads your store data through the Shopify API to create backups
  • It writes to your store data only when you explicitly run a restore, clone, or import
  • Your data is never sold, shared, or used for any purpose beyond the backup service
  • No code is injected into your storefront

Need help?

If you have questions or need assistance, the support team is here to help. For security-related concerns, contact us at support@backupmaster.io.