How Capsule Backup Protects Your Data
SMB3 encryption, VPN access, IP whitelisting, and DoD-compliant data destruction — your backups deserve the highest level of protection.
SMB3 Encrypted Transport
All data in transit is encrypted by the SMB3 protocol. No unencrypted connections allowed.
Time Machine Encryption
Enable encrypted backups directly in Time Machine preferences. Your data is encrypted before it leaves your Mac.
IP Whitelisting
Restrict access to your backup volume to specific IP addresses. Available in beta via our support team.
VPN Access
Connect via WireGuard or OpenVPN for an additional layer of network security. Included in all plans.
Data Sovereignty
Choose where your data lives: Germany, Finland, or the USA. Your data never leaves your selected region.
Secure Data Destruction
When you cancel, we perform a DoD 5220.22-M compliant 3-pass wipe. Your data is irrecoverably destroyed.
GDPR Compliant
We are fully GDPR compliant. Contact our DPO at support@capsulebackup.com for any data protection inquiries.
Security Architecture
Your data is protected at every step of the journey, from your Mac to our servers.
End-to-End Encryption
SMB3 creates an encrypted tunnel between your Mac and our servers. Combined with Time Machine's built-in AES-XTS encryption, your data is protected both in transit and at rest.
No Intermediate Storage
Your backups travel directly from your Mac to our servers through the encrypted SMB3 tunnel. There is no intermediate storage, no third-party relay, and no unencrypted hops.
Your Keys, Your Data
Time Machine encryption keys stay on your Mac. Even Capsule Backup cannot read your data. Set up your encrypted backup in under 5 minutes.
Why SMB3?
The modern, secure protocol purpose-built for file sharing — and the only protocol macOS uses for network Time Machine backups.
Encryption by Default
SMB3 enforces AES-128-CCM or AES-128-GCM encryption on every connection. Unlike older protocols, encryption is not optional — it is always on, protecting your backup data from eavesdropping.
No Legacy Fallback
Capsule Backup refuses connections using older, insecure protocol versions. There is no downgrade to SMB1 or SMB2, eliminating known vulnerabilities and man-in-the-middle attacks.
Built for macOS
Since macOS Catalina, Apple uses SMB3 exclusively for Time Machine network backups. It is the native, recommended protocol — no adapters, no workarounds, no compatibility issues. See how easy it is to get started.
| Feature | SMB1 | SMB2 | SMB3 |
|---|---|---|---|
| Encryption | None | None | AES-128-CCM/GCM |
| macOS Time Machine | Dropped | Dropped | Required |
| Secure Negotiation | No | Partial | Yes |
| Legacy Vulnerabilities | Many (WannaCry) | Some | Mitigated |
Security FAQ
Can Capsule Backup employees access my data?
If you enable Time Machine encryption, your backup data is encrypted with a password only you know. Even with physical access to the servers, your data would be unreadable. We strongly recommend enabling this option.
What is IP whitelisting and should I use it?
IP whitelisting restricts access to your backup volume to specific IP addresses. This means only connections from your approved IPs can reach your data. It is ideal for businesses with static IPs or users who want an extra layer of security.
Is SMB3 really secure enough for cloud backups?
SMB3 includes mandatory encryption of all data in transit, similar to HTTPS. Combined with Time Machine encryption for data at rest, your backups are protected by two layers of encryption — comparable to banking-level security.
What happens to my data if Capsule Backup goes out of business?
We would provide a minimum 90-day notice period for users to download their data. Your Time Machine backups can be accessed directly via SMB from any Mac, so you can retrieve your data independently.
How does the DoD 5220.22-M data destruction work?
When you cancel your subscription, after the billing period ends we perform a 3-pass overwrite on the disk area containing your data. This U.S. Department of Defense standard ensures data cannot be recovered by any known method.
Have more questions? Visit our complete FAQ for detailed answers.
Explore More
Capsule Backup is not affiliated with or endorsed by Apple Inc. Time Machine, macOS, Finder, and Migration Assistant are trademarks of Apple Inc.
"The IP whitelisting and VPN options make this the most secure cloud backup for Mac I've found. My clients love it."