Druva adheres to the same certifications as inSync.
As an IaaS provider, Amazon regularly updates their compliance certifications for all the standard certifications (See http://aws.amazon.com/compliance/ ). As a SaaS provider, Druva holds a number of certifications for controlling and managing our applications. This includes a SOC2 audit, certifications around Safe Harbor, and a review of our security and privacy controls for handling HIPAA-compliant protected health information (PHI).
To know the certifications that inSync adheres to, contact Support.

To ensure that your data stays protected, Druva uses the 256-bit AES at rest and TLS in transit. Additionally, Druva also employs data scrambling techniques to obscure access to your data.

Yes, Druva does. While configuring a server, the server data can be scoped to administrative groups within a specific geography (known as “availability zone” within Amazon Web Services). This can provide complete assurance that data never leaves a specific geography.