Start a 14-day trial
Encryption

Encrypted. Recoverable. Ransomware-resistant.

Three guarantees that have to hold at the same time. Zero-knowledge encryption means we can't read your backups. Two verifiable recovery paths mean you always can. Compliance-mode Object Lock on macup Cloud means no one can delete them.

Start a 14-day trial Full trust report →

No card required

AES-256

Every file encrypted on your Mac before it leaves. Keys never uploaded in plain text.

2verifiable

Recovery paths we test at setup: passphrase and one-time recovery code. iCloud Keychain is a convenience secondary.

ObjectLock

macup Cloud snapshots live in compliance-mode immutable storage. Neither you nor macup can delete them early.

Zero-knowledge, explained

We see ciphertext. Not content.

'Encryption at rest' — the standard claim from most cloud services — means the provider holds the keys and could decrypt your data if they wanted (or were compelled). Zero-knowledge means the provider holds neither the keys nor anything that can derive them. macup is the second kind.

How keys work

Two verifiable recovery paths, one convenience layer.

Zero-knowledge is the privacy promise. 100% recoverability is the reliability promise. Both are by design.

Verifiable · Required

Passphrase

At setup you pick a passphrase. macup derives a key from it using Argon2id and uses that key to wrap your data-encryption key. Only the ciphertext goes to our server. When you enter the passphrase on a new Mac, the client unwraps the key locally. We never see the passphrase itself.

  • Verifiable: We store a KDF verifier so we can confirm the passphrase unwraps correctly before returning ciphertext.
  • Rate-limited: 5 attempts per workspace per 15-minute window. Sustained brute-force attempts are throttled and alerted.
  • Rotatable: Change the passphrase from the dashboard any time.
Verifiable · Required

Recovery code

A cryptographically-random 256-bit code generated at setup, shown once, stored in your password manager. Wraps the data-encryption key independently of the passphrase, so forgetting one doesn't lock you out.

  • Verifiable: Same KDF-verifier pattern as the passphrase — we confirm it unwraps before returning ciphertext.
  • Machine-generated: 256 bits of entropy, not a human-chosen phrase. Not memorable. That's the point.
  • Rotatable: Regenerate a new code any time; old one is invalidated.
Convenience · Secondary

iCloud Keychain sync

When iCloud Keychain is on, the device Keychain syncs your encryption key across your Apple-ID Macs automatically. New Mac, sign in, key reappears. Zero-knowledge is preserved — Apple can't read the synced keys either.

Why this isn't a peer of the other two: we can't deterministically verify from a single Mac that iCloud Keychain sync is actually happening. It either shows up on your next Apple-ID device, or it doesn't. So we treat it as a convenience layer that's nice when it works. The passphrase and recovery code are the ones we promise you. If you've successfully used iCloud Keychain between two macup-enabled Macs, we mark it "Verified" in your dashboard — until then, the green badge depends on the other two paths only.
Threat model

Five layers between an attacker and your data.

Concrete is more honest than vague. Hover any ring to see what macup does at that layer. The promise isn't that we stop everything; it's that the failure of any one layer doesn't compromise the layer beneath.

Your data

  • On the wire to the storage destination.

    • TLS 1.3 with certificate pinning to the macup endpoint.
    • No plaintext over the network at any layer — every byte is already-encrypted ciphertext.
    • DNS-over-HTTPS for control-plane lookups; no leaks to network observers.

Where the line is

macup does not protect against active malware or a rootkit on your Mac that can read files before they are encrypted. It does not protect against a compromised macOS Keychain when the attacker is already on the device. It does not protect against a passphrase you shared with someone you trusted, and it does not protect against a court order compelling you to disclose it. If any of these is your threat model, write to security@macup.app before you trial — we'd rather turn you down than mislead you.

Audits & transparency

We publish what we can verify. We wait until we can verify it.

Complete

Third-party penetration test

Completed 2026-Q1 by an independent firm. Scope: cloud control plane, daemon IPC, onboarding wizard. Report available under NDA.

In progress

SOC 2 Type II

Observation period started 2026-Q2. Target report: 2026-Q4. Trust center with control attestations coming soon.

Open

Responsible disclosure

security@macup.app. PGP key at macup.app/.well-known/pgp-key.txt. 90-day disclosure window with safe-harbor language.

Planned

Public bug bounty

Scoped bug bounty opens post-SOC-2. Cash payouts for confirmed cloud + daemon vulnerabilities.

Full security and trust report →
FAQ

About the security model.

Can macup read my data?

No. Your data is encrypted on your Mac with AES-256 before any bytes leave. The encryption key is wrapped by secrets you control. We see ciphertext. We could not read your backups even if served a subpoena — and we would tell you about the subpoena within the bounds of the law.

What happens if I lose my passphrase AND my recovery code?

If you've also never signed into iCloud Keychain on another Mac with the account, your backups become permanently unreadable. This is the cryptographic guarantee that makes the zero-knowledge claim real. That's why we require the passphrase at setup, require you to save the recovery code, and verify both unwrap correctly before we consider the account configured.

Is iCloud Keychain sync actually zero-knowledge?

iCloud Keychain sync is end-to-end encrypted by Apple under your Apple ID. Apple can't read the synced keys either. What macup specifically can't do is verify from a single Mac that Keychain sync is actually working — that's why we treat it as a convenience layer, not a primary recovery method.

Has macup been audited?

SOC 2 Type II is in progress (target 2026 Q4). A third-party penetration test was completed prior to launch; the report is available under NDA. Bug bounty program is at security.macup.app/disclose.

How do you handle key rotation?

Users can rotate the passphrase at any time from the dashboard — the server-side escrow ciphertext re-wraps with the new passphrase-derived key and old cipher is deleted. Recovery code rotation follows the same flow. Data-encryption keys themselves are not rotated by default (they would invalidate every past snapshot), but this is configurable per workspace.

Private. Recoverable. Immutable. Pick all three.

Start a 14-day trial. See the three-path recovery setup for yourself.

Start a 14-day trial Read the trust report