There’s no shortage of reasons for why WhatsApp is as popular as it is, but the service’s focus on user privacy has got to be one of the big ones. With end-to-end encrypted messages, people using the app can feel secure that their messages are headed right to the eyes of their intended recipient, without the risk of any looky-loos peeking along the way. Now Facebook’s talking about its plans for taking that kind of protection to its next logical step, as end-to-end encryption expands to cover WhatsApp backups.

We’ve been hearing whispers about this support for a long time now, and although it seemed clear that progress was being made, we still didn’t have an official take on what exactly we could hope to expect, nor how it would all work.

Basically, we’re looking at two options here. Regardless of which you choose, your backup is encrypted with a unique client-generated key before being uploaded to a cloud host like Google Drive or Apple’s iCloud. Users who are particularly concerned with their data’s privacy will likely elect to store the 64-digit key themselves, which they’ll then have to provide again when using the app to retrieve their backup.

Opt for ultimate security by keeping your own 64-digit encryption key…

… or embrace a trusted HSM and use an easy-to-remember password of your choice.

If that sounds like a recipe for lost data to you, there’s also a much more manageable option. Here, that cumbersome encryption key is stored in a cloud-based hardware security module, which you then secure with a convenient password you decide on yourself.

That’s the gist of it — pretty straightforward, and it’s nice to see options here that give users control over how they want to balance privacy and security, even when we’re just talking about backups. Look for the feature to finally hit phones sometime within the next few weeks.