industry2026-05-236 min read

When your GDPR auditor asks "why are backups plaintext?" — Cloudflare's server-side encryption doesn't answer it; R2 + AES-GCM does

Name: thMenu
Rating: 4.9 (127 reviews)
Author: thMenu

External GDPR auditor René: "Disk-level server-side encryption only mitigates the lost-disk threat. A leaked R2 token = 1GB plaintext PII dump exfiltrated." Application-layer AES-256-GCM is the answer: PR #585 XX F2 backup-crypto.ts + per-multipart-part wrap.

thMenu Team

thmenu.com

Found this helpful? Share it.

X / Twitter LinkedIn

✦📈

industry

Why Digital Menus Increase Restaurant Revenue by Up to 30%

Studies show restaurants using digital QR menus see measurable increases in aver…

✦🔻

industry

When a Customer Downgrades, What Happens to Old Features? — The Silent Feature-Drift Problem in SaaS

Most SaaS apps run a single line of code when a customer downgrades — but old fe…

✦🛡️

industry

JWT alg-confusion attack — why Supabase's HS256 → RS256/JWKS migration breaks legacy verifiers

Verifiers that never decode the JWT header are wide open to `alg=none` and alg-c…

When your GDPR auditor asks "why are backups plaintext?" — Cloudflare's server-side encryption doesn't answer it; R2 + AES-GCM does

Related articles

Why Digital Menus Increase Restaurant Revenue by Up to 30%

When a Customer Downgrades, What Happens to Old Features? — The Silent Feature-Drift Problem in SaaS

JWT alg-confusion attack — why Supabase's HS256 → RS256/JWKS migration breaks legacy verifiers