We are GDPR compliant, all the sensitive data stored is encrypted in our database. Ottomatik is already encrypting (at rest, in the database) any sensitive data like database passwords, server connection information etc.
Will the data from the backups have to be loaded onto your servers as part of the restoration?
We offer self hosted S3 storage, so when you perform backups/restores, it will actually never hit our servers. It would directly download between your servers and perform the backup/restores.