Encryption and authentication
Calmbu snapshots use an encrypted and authenticated .calmbu container. Snapshot validation is part of the recovery model, so corrupt or tampered snapshots can be rejected before restore.
Credential exclusions
Known token and credential files are excluded by default, including auth.json, credentials.json, token files, and .env files. Cache, temporary, and log folders are also excluded by default.
Restore safety
Alternate-folder restore is the default path. Restore-to-live-state is intentionally guarded by snapshot validation, tool-closed confirmation, typed confirmation, emergency backup, staged extraction, and staged replacement.
Diagnostics privacy
Diagnostic summaries are designed to omit Codex or Claude chats, code, file contents, credential values, licence keys, snapshot manifests, and full backup contents.
Hosting and distribution
Calmbu-controlled website and service infrastructure is intended to run on DigitalOcean infrastructure in Australia. Public downloads, installers, release assets, and checksums may be distributed through BunnyCDN edge locations globally.
The CDN distribution path is for public release files, not private backup contents. Users should verify downloaded installers using published checksums or signatures where available.
Operational limits
Calmbu currently targets local backup destinations. Cloud provider APIs, arbitrary project-folder backup, and macOS builds are not part of the Windows beta.
Reporting security issues
If you believe you found a security issue, use the support address shown in the app or purchase receipt and include enough detail to reproduce the issue without sending private Codex or Claude data.