Core Concepts
Understand how your data is protected, in plain English
Snapshots: a time machine for files
Each backup creates a complete "snapshot" — a record of every file's state at that moment. Think of it as a panoramic photo of your folder. 100 snapshots = 100 points in time you can return to. When you browse a snapshot, you see the exact file structure from that moment.
Incremental & dedup: only store what changed
Ginkgo computes a SHA-256 "fingerprint" for each file's content. During backup, it only compares fingerprints:
- File unchanged (same fingerprint) → skip, don't store again
- File changed → back up only the new content; the old version stays in historical snapshots
- Different files with identical content (e.g. two copies of the same photo) → stored only once
Zero-knowledge encryption: only you can open your data
Backup data is encrypted with AES-256-GCM before it leaves your machine. The encryption key lives only on your device — Ginkgo's servers, cloud storage providers, no one can decrypt it. Even if your cloud account is hacked or a server breached, attackers get only unreadable ciphertext.
The 3-2-1 backup rule
The industry-standard golden rule of data protection: 3 copies of data, on 2 different media, with 1 off-site. Ginkgo natively supports "one source, multiple targets" so you can easily achieve it:
- 3 copies: original files + local backup + cloud backup
- 2 media: local drive + NAS / external drive
- 1 off-site: WebDAV cloud / S3 object storage
The "dumb is safe" design philosophy
Backup software is unlike other software: a bug in another app just means a restart, but a bug in backup software means "you thought you were safe but weren't." So every core decision in Ginkgo picks the simplest, least error-prone option:
One file, one blob
No packing/aggregation. A corrupted file only affects itself, not others.
Immutable manifests
Each backup creates a complete, independent manifest. No appending, no chained references. Any single manifest can be parsed on its own.
GC only deletes, never rewrites
Garbage collection only removes unreferenced data, never rewrites. Deletion is idempotent — a wrong delete can be discovered by re-running.
Single encryption mode
Only AES-256-GCM, only one encryption path to audit. No risk of "chose the wrong algorithm."