In our architecture specification, we document how we use end-to-end encryption to ensure that only you have access to your photos.
In this replication specification, we describe how we ensure reliability by keeping multiple copies of your encrypted data, utilizing a provider that offers 11 nines of durability.
Threat Model
Data loss due to machine failure is covered with our single, high-quality cloud provider. For example, our provider ensures 11 nines durability with actively monitored RAID arrays.
This means we are protected from data loss due to hard disk failure.
Our current setup includes:
- Primary hot storage in the provider's central region.
Here’s how it works:
- When a file is initially uploaded, it is stored in our primary hot storage.
We do not utilize deletion locks, as we want you to get the full storage capacity you paid for!
It is recommended to always keep a copy/backup of your pictures offline.
Implementation Details
Database Backups
- Automated snapshots are taken every 6 hours, retained for 3 days.
- Daily isolated backups are created, encrypted, and stored in the provider’s storage.
This ensures that database backups are secure, redundant, and can be restored quickly.
Backup Restoration
To ensure backups can be restored, we have a dedicated machine that:
- Downloads the latest backup daily.
- Restores it to a new database instance.
- Verifies the restore process and logs success messages.
If the restore fails, alerts are triggered to address the issue immediately.
Future Work
Areas for improvement include:
- Offering varying SLAs for customers with different protection needs.
We welcome feedback to prioritize our engineering efforts effectively. engineering@srarna.com