Backblaze Cloud Compliance
Store data in accordance with security and compliance requirements including SOC 2 Type 2, HIPAA, GDPR, and CCPA/CPRA.
Store data in accordance with security and compliance requirements including SOC 2 Type 2, HIPAA, GDPR, and CCPA/CPRA.
Backblaze works closely with leading third-party organizations to address security and privacy requirements.
Backblaze has achieved Service Organization Control (SOC) 2 Type 2 compliance by an independent third-party firm. Backblaze operates in data centers that are also SOC 2 compliant.
Backblaze can provide a Business Associate Agreement (BAA) upon request for business customers who are Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA).
Backblaze is listed as a Progressing Product in the State Risk and Authorization Management Program (StateRAMP) Authorized Product List.
Backblaze is listed in the Texas Risk and Authorization Management Program (TX-RAMP) Certified Cloud Products list with a Certification Status of TX-RAMP Provisional.
Backblaze completed the Higher Education Community Vendor Assessment Tool (HECVAT) assessment, which can be accessed via Whistic.
Backblaze utilizes Stripe to store and process card information, which, combined with internal security controls, contributes to Backblaze’s adherence to Payment Card Industry Data Security Standard (PCI-DSS) requirements.
Backblaze obtained Trusted Partner Network (TPN) Blue Shield status that is aligned with the Motion Picture Association (MPA) Content Security Best Practices (CSBP) framework.
Backblaze predominantly utilizes data centers that hold International Organization for Standardization (ISO) 27001 certificates, which can be accessed via Whistic.
Backblaze adheres to General Data Protection Regulation (GDPR) privacy policies. Data Processing Agreement Addendums (DPAs) for EEA/EU and UK residents are available for compliance standards.
Backblaze satisfies California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) privacy obligations, including consumer request, data inventory, and a privacy notice.
Backblaze has completed the Internet2 Cloud Scorecard for research and educational institutions, and connects to the Internet2's network as part of the Internet2 Peer Exchange (I2PX) program.
Adding Backblaze to our infrastructure allowed us to satisfy our insurance carrier’s requirements. We could prove that we’re maintaining immutable backups on third-party servers located across the country that comply with industry standards for data security.
Access and download Backblaze’s compliance documents and completed questionnaires.
To manage the personal data collected by Backblaze, please fill out the Privacy Request Form
To formally request no selling or sharing of your personal information, please fill out this form.
Backblaze is compliance friendly, with the ability to provide Business Associate Agreements (BAAs) for entities covered under HIPAA.
Backblaze currently offers 3 profiles on Whistic: Education Industry profile link, EU Customers profile link, or All Other Customers profile link. Once you have signed up, or signed in, you will be able to view or download the applicable documents and questionnaires.
The Backblaze Storage Cloud provides a range of compliance achievements and security-related services to safeguard account access and the data within accounts. Backblaze, and our data centers, have received SOC 2 Type 2 certification. Key features to keep your data secure and compliant with GDPR/UK GDPR, PCI-DSS, and ISO 27001 include multi-factor authentication, application keys, access management controls, server-side encryption (SSE), and Object Lock immutability. Data is stored in infrastructure designed for 11 nines durability and Backblaze data centers are equipped with best-in-class security features and staffed 24/7/365.
We do not sell your personal information to third parties. We do sometimes share information, but only as needed to provide you our services, for example to send you a service email or take a support request. You can learn more about our privacy practices here.
Backblaze collects two different types of data from our customers, Personal Identifiable Information (PII) and personal files. PII, also referred to as Personal Information, is covered under CCPA/CPRA and GDPR. This is the information we collect from you to provide you with the Backblaze service you are using. Personal files are those files that are backed up or uploaded to our servers. These files do not fall under CCPA/CPRA or GDPR, however, your personal files are kept private and/or encrypted (depending on which service you are using), and is not accessed or shared by Backblaze, unless you explicitly tell us to do so, for example, to download a file or share a link to a file.
The California Consumer Privacy Act (CCPA) means that California residents have the right to know what personal information is being collected, used, shared, or sold by companies, whether the company is an online-only company or not. Backblaze believes that data privacy is important to all of our customers and under no circumstances do we rent, trade, or sell your address or e-mail address with any other company for their marketing purposes without your consent. This regulation does pertain specifically to California residents, but Backblaze will apply the regulations to all customers to the best of our ability while abiding with the rules, regulations, and laws imposed by other jurisdictions.
In addition, the California Privacy Rights Act (CPRA) gives the right to correct inaccurate personal information as well as the right to limit use and disclosure of sensitive personal information. The CPRA expands the right-to-know including personal information that can be shared by Backblaze and expands the opt-out right to encompass the sharing of personal information.