Core Concepts

Understand how your data is protected, in plain English

Snapshots: a time machine for files

Each backup creates a complete "snapshot" — a record of every file's state at that moment. Think of it as a panoramic photo of your folder. 100 snapshots = 100 points in time you can return to. When you browse a snapshot, you see the exact file structure from that moment.

💡 Snapshots are read-only and never modified. Even if you delete the source file, the version in historical snapshots remains intact.

Incremental & dedup: only store what changed

Ginkgo computes a SHA-256 "fingerprint" for each file's content. During backup, it only compares fingerprints:

  • File unchanged (same fingerprint) → skip, don't store again
  • File changed → back up only the new content; the old version stays in historical snapshots
  • Different files with identical content (e.g. two copies of the same photo) → stored only once
💡 That's why backups after the first one feel instant — only truly changed parts are processed. Change 3 files out of 100,000, and only those 3 are backed up.

Zero-knowledge encryption: only you can open your data

Backup data is encrypted with AES-256-GCM before it leaves your machine. The encryption key lives only on your device — Ginkgo's servers, cloud storage providers, no one can decrypt it. Even if your cloud account is hacked or a server breached, attackers get only unreadable ciphertext.

💡 This means: forget the password = data is unrecoverable. Always export the recovery code and keep it safe.

The 3-2-1 backup rule

The industry-standard golden rule of data protection: 3 copies of data, on 2 different media, with 1 off-site. Ginkgo natively supports "one source, multiple targets" so you can easily achieve it:

  • 3 copies: original files + local backup + cloud backup
  • 2 media: local drive + NAS / external drive
  • 1 off-site: WebDAV cloud / S3 object storage
💡 Accidental deletion, drive failure, ransomware, theft — 3-2-1 lets you recover from any single disaster.

The "dumb is safe" design philosophy

Backup software is unlike other software: a bug in another app just means a restart, but a bug in backup software means "you thought you were safe but weren't." So every core decision in Ginkgo picks the simplest, least error-prone option:

One file, one blob

No packing/aggregation. A corrupted file only affects itself, not others.

Immutable manifests

Each backup creates a complete, independent manifest. No appending, no chained references. Any single manifest can be parsed on its own.

GC only deletes, never rewrites

Garbage collection only removes unreferenced data, never rewrites. Deletion is idempotent — a wrong delete can be discovered by re-running.

Single encryption mode

Only AES-256-GCM, only one encryption path to audit. No risk of "chose the wrong algorithm."

💡 Every design decision can be verified in one sentence. That's the power of "dumb" — simple enough to confirm it's correct.