Secure by design

Keepit was built from scratch for cloud-to-cloud backup, unlike other backup providers with legacy backup systems retrofitted to the cloud.

Designed and built for the cloud

Built for the internet

We aren’t trying to protect an aging platform from the internet. Instead, we built our platform for the internet.

Native multitenancy

Multitenancy wasn’t an afterthought. It was a core design principle and a strategic choice before the first line of code was written.

History matters

This history does matter: Security can’t be bolted on as an afterthought.

The Keepit cloud

Secure and vendor independent

The Keepit cloud is owned and run by Keepit. Our systems, our people, our standards. That’s how we guarantee that the backup data we store is fully isolated from your SaaS vendor's cloud, whether it’s Azure, AWS, G Cloud, or something else.

Keepit doesn't share infrastructure with any public cloud. In the event your SaaS provider’s cloud is down, your data would be inaccessible. But, with Keepit, your data will still be accessible since it’s backed-up on Keepit’s isolated, independent cloud.

Data sovereignty

To meet customer data sovereignty requirements, Keepit operates a cloud in multiple regions — currently Americas, Europe and Asia-Pacific, with data centers in USA, Canada, Australia, Germany, and Denmark.

Each cloud is run from data center locations provided by Keepit data center partners Equinix and Global Connect. Each of the data center regions are completely isolated from each other.

Data encryption in transit

Keepit employs encryption in transit using HTTPS secured with modern TLS when accessing your data through primary workload vendor APIs such as Microsoft Office 365, Salesforce, G Suite, and others. And as an additional physical layer of security, Keepit will typically exchange traffic directly with the workload providers over major internet exchanges, far from the prying eyes of the average Wi-Fi hotspot eavesdropper.

Once data reaches Keepit, it’s encrypted before being stored on our storage systems. For this purpose, we employ AES encryption directly on our storage systems. This is the same encryption algorithm that is used throughout industry. But as an additional physical layer, the storage media upon which your data resides is kept in two mirrored, physically secure data centers. Faulty media is destroyed, not sent back for repairs.

Data availability

The Keepit architecture is centered around a multiple data center strategy for redundancy. Each one of our regions employs two regional data centers, each data center being a complete mirror of the other.

The two data centers operate in active-active mode, continually keeping data replicated between the centers. For this reason, any single system can fail without affecting the operation of the platform, and even a full site can fail without affecting the platform, as it has a separate, mirrored data center operating alongside it. This keeps your data reachable and available for restore even in the unlikely event of the loss of a full data center.

On top of this, all individual systems employ their own component level redundancy. Adding it all up, we keep an equivalent of two copies (or more) of your data in each of the two data centers, giving you the peace of mind that we have a total of four (or more) copies of all of your data, throughout your entire backup history.

Each software component of Keepit has been developed with scale and speed in mind. Below are some important points on the software stack:

  • No single point of failure in the platform — any single system can be lost without affecting the operation
  • Front-end nodes are the load balancers; front-end nodes can be added as needed to scale
  • All internal components are simple single-purpose components
  • All internal components can be scaled vertically and horizontally
  • Any number of full platforms can be deployed for perfect isolation and scalability
  • Each geographic location has two mirrored data centers


  • Seamless scalability to millions of users
  • Storage Islands support to facilitate complete knowledge of customer data location
  • Multi-threaded processes to leverage easy scaling of each important workload. Adjustable down to tenant level
  • Intelligent backup algorithm ensures maximum throughput
    Ability to deploy multiple independent instances of Keepit for increased scalability
  • Fully automated deployments encryption

Ready for tomorrow

  • Not API first – API only
  • One API – integrate once
  • All features available as API endpoints
  • Cloud backup SDK
  • Licensing: license configuration, provisioning, and deactivation through API or Web UI

Data integrity

Keepit has been built to be tamper proof, offering a guarantee that data stays immutable. The application does not expose any APIs or other means that allow data overwrites. Furthermore, the application uses a blockchain algorithm which makes any low-level tampering impossible and easily evident. A given requested data object is unaltered from its original form.

In addition, Keepit features a deletion retention of all configured backup connections of at least one month, thereby completely protecting the customer from data loss due to ransomware attacks.

Data persistence

Data only leaves the platform when it falls outside of the customer-configured retention period.

In the event that the customer (or an attacker who successfully assumed the identity of the customer) deletes a workload from Keepit — or the entire account — data will remain untouched for a fixed retention period of your choice, or the default one month.

This additional precaution protects the customer from a ransomware attack (or worse) where the attacker would first seek to destroy backups before proceeding to encrypt or destroy the primary data.


Keepit meets demanding regulatory requirements. To ensure the highest operational security standards, Keepit holds the following certifications:

  • ISO/IEC 27001:2013 certification for information security management systems. Read more about it. Entire company is ISO27001 certified
  • ISAE 3402-II certification (audited by Deloitte annually)

Read our Online Terms of Service and our Data Processing Agreement to see exactly how we can help you with your compliance needs.
Keepit is proud to serve international customers across all industries and sectors including finance, healthcare, and government. They have all scrutinized and ultimately validated and accepted our solution. We are always here to help you meet your compliance requirements.

Sustainable by design

Renewable resources are (and should be) a big part of being sustainable, but what if — in addition to leveraging regenerative resources — it was possible to reduce the energy use by huge margins?

Unoptimized solutions easily consume up to 100 times more energy than an efficient, purpose-built stack. No, that’s not a typo.

Keepit’s design architecture (deduplication and our purpose-built, lean code) means we have a low energy consumption, especially when compared to bolt-on legacy solutions. By a lot.

If you take the efficiency idea to the extreme, a lean code base will easily be 30-100 times more efficient that a bloated legacy stack using generic technologies on the public cloud.

Fully automated data protection across all the popular SaaS apps

Keep your favorite SaaS application data and metadata immutable, always accessible, and quickly recoverable with our granular restore functionalities. With the broadest services coverage range and transparent pricing, you’ll see why Keepit is the best choice for minimizing risk, strengthening cyber resiliency, and ensuring business continuity.

Tour the Keepit solution

Explore Keepit's industry-leading cloud backup solutions

Our vendor independence, broad coverage of services, fast recovery times, and dedication to security make us #1 in SaaS data backup. Built for the cloud, with simplicity and data security at the core of our identity. Take an interactive tour today: