saved.sh
Join the waitlist
External backup infrastructure

External backups your attacker can’t reach.

A new way to keep backups secure and stable - protection from ransomware, malicious insiders, and human error. A worker runs inside your own server, so credentials and data can stay in your environment, and every backup is sealed in cold storage your attacker can’t reach.

No credit card. Early access for self-hosted & cloud teams.

Native backups for the systems you already run
PostgreSQLMySQLMongoDBRedisAmazon S3ElasticsearchClickHouse+ 23 more
The single point of failure

Your backups live inside the blast radius.

Almost every backup tool runs inside the same environment it protects. So the moment someone gets in - or someone on the inside turns - your backups fall with everything else. That’s not a backup. That’s a second copy in the same fire.

Ransomware

Modern ransomware hunts for backup volumes and snapshots first, then encrypts or deletes them before touching production - so you can’t recover.

→ internal snapshots = encrypted alongside prod

Compromised credentials

One leaked key or over-scoped role and an attacker has the same reach as your platform team - including every backup bucket and snapshot policy.

→ one breach unlocks data and recovery

Insider & human error

A disgruntled engineer with prod access - or an accidental terraform destroy - can wipe services and their backups in the same breath.

→ prod access often means backup access

Internal backups

  • Same credentials, same network, same blast radius
  • Deletable by anyone with production access
  • Encrypted together with prod during an attack

saved.sh - external by design

  • Stored outside your accounts & provider
  • Out of reach of your prod credentials
  • Verified, encrypted and sealed in immutable cold storage
Security architecture

External by architecture. Verified end to end.

Three ways to back up a source - a local worker, a cloud worker, or a manual push. Whichever you choose, every backup runs the same verified pipeline - scoped credentials, integrity checks, encryption, and retention-locked cold storage.

in your server

Local worker backup

A lightweight worker runs inside your own infrastructure. Your credentials stay local, there’s no need to expose your services to us, and every backup is encrypted internally with your own key before it ever leaves.

  • Credentials stay local - nothing sensitive is sent to us
  • No need to expose your services - no incoming ports
  • Encrypted internally with your own key
Local workerin your server
encrypts with your keyno exposed services
Backend workflowverified
validatechecksumencrypt · AES-256
Cold storageimmutable
encrypted blobsversionedwrite-once
Retention lock & accessprotected
delete blocked until lock expiresrestore · temp URL, logged
Supported services

30 predefined integrations. One backup model.

Databases, caches, queues and object storage - each with native, consistent dumps and restores out of the box.

PPostgreSQL
MMySQL
MMariaDB
MMongoDB
RRedis
SAmazon S3
EElasticsearch
OOpenSearch
CCassandra
CClickHouse
CCockroachDB
DDynamoDB
SSQLite
NNeo4j
IInfluxDB
PPostgreSQL
MMySQL
MMariaDB
MMongoDB
RRedis
SAmazon S3
EElasticsearch
OOpenSearch
CCassandra
CClickHouse
CCockroachDB
DDynamoDB
SSQLite
NNeo4j
IInfluxDB
RRabbitMQ
KKafka
Eetcd
CConsul
MMinIO
GGoogle GCS
BAzure Blob
FFirestore
SSnowflake
BBigQuery
CCouchbase
MMemcached
TTimescaleDB
SSupabase
PPlanetScale
RRabbitMQ
KKafka
Eetcd
CConsul
MMinIO
GGoogle GCS
BAzure Blob
FFirestore
SSnowflake
BBigQuery
CCouchbase
MMemcached
TTimescaleDB
SSupabase
PPlanetScale
Not on the list? Run a manual backup for anything else - push any dump, file or stream through the CLI, SDK or API and it flows through the same verified, encrypted pipeline into cold storage.
Developer surface

A CLI, an SDK and a REST API - same guarantees.

Wire backups into CI, your control plane, or a cron in minutes. Credentials stay sealed in an encrypted secret store - the CLI, SDK and API only ever orchestrate the workers.

CLI

Single binary. Script backups, schedules and restores from anywhere you have a shell.

SDK

Typed clients for TypeScript, Go and Python to embed backups into your own platform.

REST API

Everything the CLI does, over plain HTTPS with scoped bearer tokens and webhooks.

~/deploy.sh
# install the single-binary agent + CLI
curl -fsSL https://saved.sh/install | sh

# authenticate with a scoped, least-privilege token
saved auth login

# register a source - creds come from your secret store
saved source add postgres \
  --name billing-db \
  --from-secret secret/data/prod/postgres

# run a backup now
saved backup run billing-db

# schedule + retention
saved schedule create billing-db \
  --cron "0 */6 * * *" --retain 30d
How we compare

See why teams choose saved.sh.

How external, usage-based backups stack up against traditional tools and hand-rolled scripts.

Featuresaved.shTraditional toolsManual scripts
Automated scheduling
Encryption at rest
Client-side encryption
Point-in-time recovery
API & SDK access
Pay-per-use pricing
Multi-region support
Automatic verification
CI/CD integration
Zero-knowledge security

Zero-knowledge: end-to-end encryption with no incoming ports required.

Pricing

Pay for resources used - not a plan you outgrow.

No seats, no tiers, no “contact sales to unlock Postgres.” You’re billed only for the compute, storage and network a backup actually uses - metered per second. Every feature is available from your first byte.

Source DB
Compress
Encrypt
Store
Verify
Average backup time ~30 secondsfor a 100 GB database

Compute time

Charged for backup workflow execution time
$48.50 / vCPU-hour

Billed per second with a 1-second minimum. A typical 100 GB PostgreSQL backup takes ~30 seconds on 1 vCPU.

Based on $0.00001347 per millisecond

Storage

Hot storage for active backup data
$0.02 / GB-month

Network transfer

Data transfer during backup & restore
$0.02 / GB

Archive storage

Cold storage for long-term retention
$0.007 / GB-month

How we calculate

Billed per second with a 1-second minimum, based on $0.00001347 per millisecond of compute. A typical 100 GB PostgreSQL backup runs in about 30 seconds on 1 vCPU - so a full backup costs well under a dollar.

No surprises

  • Per-second metering, billed monthly
  • Budget alerts & hard caps
  • No egress lock-in - restore anywhere
Enterprise-grade

Security & support, built in.

SOC 2 Type II

Audited security & compliance

99.9% Uptime SLA

Credits for any downtime

30-day money back

Full refund on unused credits

Encrypted at rest

AES-256 encryption standard

GDPR compliant

EU data residency available

24/7 support

Email & chat for all plans

FAQ

Questions, answered.

Put your backups out of reach.

Join the waitlist for early access. We’re onboarding self-hosted and cloud teams in batches.

We’ll only email you about early access. No spam.