Security

Encryption

Backups are encrypted with AES-256-CBC before they leave your environment. Encryption keys are managed per organization; lionbackup never receives unencrypted backup contents.

In-transit transfers to storage are over TLS only. Storage backends sit behind provider-managed access control and never carry plaintext data.

Access control

Each organization defines its own roles:

Owner — full control, including billing and member management.
Admin — manages projects, tokens, and members; no billing access.
Writer — uploads backups.
Reader — restores backups.
Billing — invoice + payment access only.

Roles are enforced both in the portal and at the API layer.

Encryption​

Access control​

Encryption

Access control