Skip to main content


In this section, you will find a comprehensive glossary of terms that are specific to the Cubbit platform or essential for understanding its features and functionality.


Access Key

“Access Key” refers to an identifier used in combination with the Secret Key to authenticate requests to access a service or resource.


“Account” refers to a user's subscription to Cubbit. Every account is associated with a unique identifier, an email, a password, and it is used to access and manage the resources within the Cubbit services.


An ACL (Access Control List) is a set of rules that define who has access to a service, resource, or file, and what actions they are allowed to perform. It is used to control access and permissions for different users or groups and can be used to restrict or grant access to specific resources.


“Agent” refers to a small piece of software enabling a Cubbit storage node within Cubbit’s peer-to-peer network. It runs inside the Cubbit Cells.


An API (Application Programming Interface) is a set of rules and protocols for building and interacting with software applications. It specifies how software components should interact and allows for communication between different systems.

API key

An API key is a unique code that is passed in by a computer program to access a certain API and authenticate the identity of the calling program. It is used to track and control the usage of the API, and to grant access to certain resources or services. An API key is typically a long alphanumeric string that is unique to the developer or application that is using it.


Availability stands for data availability. It is expressed as a percentage indicating the probability of data being immediately available upon retrieval.


“Bandwidth” refers to the amount of data that can be transmitted over a network connection in a given period of time. It is typically measured in bits per second (bps) or bytes per second (Bps), and it is often used to describe the capacity of a network link or the amount of data that can be transferred in a specific amount of time.


A bucket is a container used to store files in object storage systems.

Bucket Versioning

Bucket Versioning is a feature that allows you to keep multiple versions of an object in the same bucket, preserving every version of it. This can be useful for maintaining different versions of a file, or for restoring a previous version in case the file is accidentally deleted or modified.


“Centralized” refers to a system in which all the components are located in a single location or controlled by a single entity


A chunk is a portion of a file uploaded to Cubbit's geo-distributed network. Chunks are fixed-size portions and represent the minimum unit of redundancy within the Swarm. When a user uploads a file, it is divided into chunks of fixed size.


A CLI (Command-Line Interface) is a type of user interface that allows users to interact with a computer program by typing commands.


A client is a piece of software that interacts with a server to access a service or resource.

Client-side encryption

“Client-side encryption” refers to an encryption method in which files are encrypted with a key generated by the client.

Cloud Act

The Cloud Act is a United States law that expands the ability of U.S. law enforcement agencies to access data stored by American companies, regardless of where that data is stored. The law also allows U.S. agencies to request data stored by foreign companies, as long as the company has a presence in the U.S. The Cloud Act was passed in 2018 and is intended to help law enforcement agencies access data needed for criminal investigations while also providing a framework for international data requests.

The Act also provides a framework for U.S. companies to respond to lawful requests for data stored abroad, and for foreign governments to make similar requests of U.S. companies. The Cloud Act has been controversial and has been criticized for potentially violating privacy rights and for undermining trust in the U.S. technology industry, especially for companies that are providing services to clients outside the United States.


“Cloud-to-cloud” refers to the practice of copying data stored on one cloud service to another cloud service.


The coordinator is a set of centralized microservices designed to coordinate and optimize the Swarm.


CRN (Cubbit Resource Name) is an identifier used by Cubbit to identify a single resource within its cloud services. It is often used to grant permission to access specific resources and make API calls to those resources.

Cubbit Cell

A Cubbit Cell is a device designed and marketed by Cubbit to serve as a node in its geo-distributed network. The Agent is running within it.

Cubbit DS3

“Cubbit DS3” stands for “Cubbit Distributed Simple Storage System.” This term refers to the object storage service offered by Cubbit on top of the Swarm.

Data center

A data center is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression), various security devices, and various other redundant components. These facilities are designed to provide a secure, reliable, and high-availability environment for IT equipment and infrastructure, and can be owned and operated by a third-party provider or by the organization that uses the equipment.

Digital sovereignty

“Digital sovereignty” refers to an individual or organization's ability to control their own data. This includes having control over where and how data is stored, processed, transmitted, and which party is shared with.


A distributed system is a system where the components are spread out across multiple locations or controlled by multiple entities.


Durability stands for data durability. It is expressed as a percentage indicating the probability of data surviving total system failure. Cubbit's durability is 99.999999999% (eleven nines), meaning that the probability of users' data being lost is 1 in 100 billion.

Egress fee

An egress fee, also known as a data egress fee, is a charge assessed by cloud service providers for data that is transferred out of their data centers. An egress fee is typically applied to data that is moved out of the cloud service provider's network to another location, such as another cloud provider, on-premises data center, or a user's device. The fee can be applied to data that is transferred over the internet or through a private network connection.


In computer science, “endpoint” refers to a specific destination or target for network communication. An endpoint is typically defined by a combination of an IP address and a port number, which together uniquely identify a specific device or service on a network. For example, in a client-server architecture, the server would have an endpoint that client applications can connect to. In a web application, a web server listens to incoming requests on a particular endpoint.

In the context of APIs (Application Programming Interfaces), “endpoint” refers to a specific location or URL where the API can be accessed or communicated with. For example, a web-based API may have multiple endpoints, each of which provides access to a different set of functionality or data.

Endpoints can also refer to the physical or logical points where data enters or exits a network.

End-to-end encryption

“End-to-end encryption” refers to a cryptographic scheme where encryption keys are generated, derived, manipulated, encrypted, and decrypted entirely on the client-side.

End User

An end user is a person who ultimately uses a product, service, or system.

Erasure Coding

Erasure coding is a method of data protection that involves breaking a file into smaller pieces and then encoding the pieces in a way that allows them to be reconstructed even if some of the pieces are lost or corrupted.

File Key

“File Key” refers to an AES-256 key generated by the system to encrypt a file within the Cubbit network. Each file uploaded to DS3 is encrypted with a randomly generated File Key.


Gaia-X is a project aiming to develop a federation of data infrastructure and service providers for Europe to ensure European digital sovereignty. The project is part of a broader strategy under the von der Leyen Commission of European strategic autonomy. Gaia-X is incorporated as a non-profit organization and does not intend to become a cloud service provider nor a cloud management platform.

Galois field

Galois field, also known as finite field, is a field containing a finite number of elements where the operations of multiplication, subtraction and division (excluding division by zero) are defined and satisfy the rules of arithmetic known as the field axioms. The elements of the Galois field are often represented by polynomials, and the operations are defined in terms of the polynomials. The Galois field is used in storage systems to streamline encryption and decryption. Data can be represented as a Galois vector, and arithmetic operations that have an inverse can then be applied for encrypting the data. This manipulation, although not sufficiently secure by cryptographic standards, is then combined with other bit shuffling techniques to implement strong symmetric algorithms such as AES. In the context of Reed-Solomon error correcting codes, a Galois field is used as the underlying mathematical structure for the encoding and decoding of data. Reed-Solomon codes use the Galois field to encode data by representing it as a polynomial and then using the operations of the Galois field to produce the encoded data. The encoded data can then be transmitted over a noisy channel, and the original data can be recovered by using the properties of the Galois field to correct errors that may have occurred during transmission.


A gateway is a hardware or software component that acts as an intermediary between two networks or systems. Cubbit uses a gateway to implement the S3 protocol (S3 Gateway).

Gateway-side encryption

“Gateway-Side Encryption (GSE)” refers to an encryption technique whereby the key is generated and managed at the gateway level, prior to sending the request to the service backend.

Geo-Distributed Cloud

A geo-distributed cloud refers to a network of cloud computing resources that are physically located in multiple geographic locations.

Geo-Distributed Simple Storage Service

Geo-Distributed Simple Storage Service is synonymous with Cubbit DS3.


“Geo-distribution” refers to the process of spreading data or resources across multiple nodes in different geographical locations.


“Geo-fencing” refers to a set of techniques used to restrict the distribution of data within a predetermined geographical area. This technique ensures that data do not leave the specified geographic area.

Hybrid Cloud

Hybrid Cloud is the practice of combining an on-premise data center with cloud services from one or more cloud providers. This strategy is often implemented to minimize risks of downtime and data loss and reduce vendor lock-in.


Immutability, in the context of object storage systems, is a construct that indicates what a programmer can do through the normal interface of the object. The term refers to the property of objects to resist modification and deletion from all sources, including ransomware.


Metadata is data that describes other data. It is often used to provide information about a file, such as its size, creation date, and author.


Multi-cloud is the practice of using cloud services from more than one cloud provider. This is often done to minimize risks of downtime and data loss and reduce vendor lock-in.

Multipart Upload

Multipart Upload is a method of uploading large files by splitting them into smaller parts and uploading each part separately.

Next-Generation Cloud (NGC)

Next-Generation Cloud (NGC) is a program dedicated to European companies aimed at pushing the boundaries of cloud technologies. Member companies collaborate at the federal level to create a vast, business-first Cubbit network.


A Cubbit node is identified by a single instance of the Agent software. The set of nodes constitutes Cubbit's peer-to-peer network called Swarm. Each node is responsible for storing the shards of multiple Cubbit users' data.


A DS3 object is a file or other data that is stored within a DS3 bucket. Objects are identified by a unique key within the bucket and can be made up of data and metadata. DS3 objects can be any type of file, such as text, images, videos, backups, and more. They can be easily retrieved, managed, and manipulated using the S3 APIs or other S3 management tools.

Object Locking

​​Object Locking is a feature that allows you to lock an object, preventing it from being deleted or overwritten for a specified period of time. This can be useful to ensure that important or sensitive files are protected from ransomware as well as accidental deletion or modification.

Object storage

Object storage is a type of data storage that uses a flat address space and metadata to store files as objects rather than a hierarchical file system. These objects can be stored in a cloud storage platform, on-premises, or hybrid environments. Object storage is often used for unstructured data, such as images, videos, and backups.


Payloads refer to the data being sent over a network or stored in a file.


A path is the location of an object within a DS3 bucket, specified by the bucket name and the object key. The object key is unique within the bucket and is used to identify the object.

Peer-to-peer network

A Peer-to-peer (P2P) network is a type of network in which each node (or "peer") is both a client and a server and can share resources with other nodes without the need for a central server.


A Cubbit policy is a JSON document that defines the permissions that are granted to different users or groups for accessing Cubbit resources. Policies can be used to control access to specific buckets or objects and define the actions that are allowed or denied.


RAID, short for Redundant Array of Independent Disks, is a storage technology virtualizing multiple hardware disks into one or more logical units for the purpose of improving performance, durability, and availability.


Ransomware is a type of malicious software that encrypts the files of a computer or network and demands payment in exchange for the decryption key to regain access to the files. This type of malware is typically delivered through phishing emails, infected software downloads, or by exploiting unpatched vulnerabilities in the system. Once the malware is activated, it encrypts the files on the infected computer or network and displays a message or ransom note on the screen, demanding payment to regain access to the encrypted files. The payment is usually requested in cryptocurrency and the attackers often set a deadline for the payment. The ransom note usually contains instructions on how to pay the ransom and contact the attackers. Ransomware attacks can have a significant impact on the victim's operations, and it is important to have a data backup and an incident response plan to mitigate the effects of a ransomware attack.

Reed Solomon

“Reed-Solomon”, short for Reed-Solomon error-correcting codes, refers to a subclass of non-binary forward error correction codes based on the Galois field. Unlike a binary encoder, Reed-Solomon error-correcting codes operate on multiple bits. Reed-Solomon derives its name from a paper by Irving S. Reed and Gustave Solomon published in 1960. You can read more about Reed Solomon here.


A script is a program or set of instructions that are executed by a software interpreter, rather than by the computer's central processing unit (CPU). Scripts are often used to automate repetitive tasks, create simple programs and manipulate data. They can be executed directly from the command line, or they can be embedded in other software applications, such as web pages, to provide additional functionality.


An SDK (Software Development Kit) is a collection of tools and resources that developers can use to build software applications.

Secret Key

A Secret Key is a string of characters that is used in conjunction with an access key to authenticate requests to access DS3. The Secret Key is intended to be kept private and should never be shared with anyone.

Server-side encryption

“Server-side encryption” refers to a method of encrypting data at rest on the server before it is stored. It ensures that the data remains private and secure even if the storage device or file system is compromised. The encryption keys are typically managed and controlled by the cloud service provider.


A shard is the result of Cubbit's redundancy process and represents the unit of data saved by a single Agent. Cubbit's redundancy process generates a fixed number of shards from each chunk. Each shard is then sent to an Agent via p2p channels.

Space or Storage space

“Space” or “Storage space” refers to the amount of virtual storage capacity that is available to store data within the Cubbit geo-distributed storage network. It can be measured in various units such as bytes, gigabytes, and terabytes.


A Swarm is a peer-to-peer network created by Cubbit. The term Swarm recalls the world of bees and the collaboration that characterizes their nature, a property that is also shared by Cubbit’s network.

Sync and Share

Sync & Share is a type of software or service that allows users to synchronize and share files across multiple devices and platforms.


S3 stands for Simple Storage Service, i.e. a web-based object storage service offered by Amazon Web Services (AWS). S3 allows developers to store and retrieve data in the form of files and folders, which are called objects in S3.

S3 compatibility

“S3 compatibility” refers to the ability of a storage service or software to be able to work seamlessly with the Amazon S3 object storage service. This means that the service or software can use the same APIs, protocols, and data structures as S3, allowing for easy integration and data migration.

S3 Gateway

“S3 Gateway” refers to a Cubbit service that enables the S3 protocol on top of the Swarm. This service is responsible for translating S3 requests into calls to the Cubbit SDK, enabling Cubbit's S3-compatible storage.


“Uptime” refers to the amount of time that a system or service is available and functional. It is often used to measure the reliability and availability of a service or system and is usually expressed as a percentage of the total time.


A URI (Uniform Resource Identifier) is a string of characters that identifies a name or a resource on the Internet.


A URL (Uniform Resource Locator) is a specific type of URI that identifies the location of a resource on the Internet.

WORM strategy

In computer science, WORM stands for "Write Once, Read Many." “WORM strategy” refers to the practice of creating digital storage systems that allow for data to be written to them only once, and then read multiple times.

This strategy is often used for data archiving, compliance and long-term data preservation as it ensures that data cannot be altered or deleted once it has been written to the storage system. This can be beneficial for regulatory compliance and legal discovery situations where data needs to be preserved in its original state to prove or disprove certain facts.

3-2-1 backup rule

The 3-2-1 backup rule is a data backup strategy that recommends keeping three copies of any important data, on two different types of media, with one copy stored off-site. The idea behind this rule is to ensure that data is protected against various types of failures, such as hardware failures, software corruption, or human error. The three copies of the data provide redundancy, the two different types of media ensure that the data is not lost in the event of a media failure, and the off-site copy protects against disasters such as fire or flood.