Last updated: July 15, 2024
Backblaze, Inc. (“Backblaze”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Backblaze has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, as well as the UK-U.S. DataBridge. Additionally, Backblaze has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
We value your business and we know privacy is important to you. It’s important to us, too. This Privacy Notice describes how we collect and use your personal information, what we do with the information collected, and how you can exercise your privacy rights.
Certain countries and states, such as the European Union and the state of California, have enacted specific data protection and privacy rules for their residents. Some of these rules overlap, but some don’t. In order to make this privacy notice as understandable as possible, we have split our information into a common notice (where we provide you with information which is generally required), and separate notices specific to certain jurisdictions.
Please also review our Terms of Service and Data Processing Addendum which describe what we can expect from each other when you use our products and services.
Backblaze, Inc. (“Backblaze”) is a US-headquartered data storage provider that offers two different services:
You can contact us as described in the How To Contact Us paragraph.
Under EU data protection legislation, commonly known as the GDPR, Backblaze is the controller of processing of personal information described below. With regard to the processing of files uploaded to our platform by our users when using our Computer Backup and B2 Cloud Storage services, however, Backblaze is the processor and the person or organization owning the Backblaze account is the controller. We explain more about the distinction between a controller and a processor under EU data protection legislation here.
When you use our services, you upload your files to store with us. We call this content your files. We also collect certain information about you in the course of providing our products. We call this your personal information.
When requesting to use Backblaze's services we may ask you to provide personal information to us. For example, when you create a Backblaze account, we will ask you for your email address and a password. We may also ask for your phone number for purposes such as two-factor verification or for sending you service alerts. If you choose to sign up for one of Backblaze's services, we will ask you for billing information. To order a physical item from us, such as a Restore by Mail, we will ask for shipping details. At times we may ask for other information such as your name or the name of your company name.
During your interaction with Backblaze, you may choose to provide us with personal information when you email us, chat with us, answer a survey, comment on our blog, or communicate with us through social media services like Twitter or Facebook.
If you refer a friend to Backblaze, we will ask you for their email address. Backblaze will then contact your referred friend to determine whether your friend consents to us contacting them.
Our Computer Backup service automatically backs up your files to Backblaze; B2 Cloud Storage allows you to upload your files to our service. While the content of your files may include personally identifiable information, both in the content of a file and in metadata, this Privacy Notice, as stated at the outset, only applies to the information collected in respect of your account and not to the content that you store on our system.
When you use any Backblaze product we may collect certain information automatically from and about your device. This includes data about your software, the operating system you use when accessing our service, your Internet Protocol address and the date and time of each request you make to Backblaze. When you use our backup services, we will also receive information such as the names of external drives, file types transferred, and number, name and size of files transferred.
Collecting this information enables us to better diagnose problems with our products, provide customer support more effectively, inform you about operating systems we no longer support as well as ensure the continuous functionality of our products.
We may collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. The type of information we collect from third party tools that we use may include: user's clicks to test different versions of our website; recordings of where people move their mouse on key web pages; page visits which in turn allows Backblaze to decide if it needs to update certain pages; surveys, which users can voluntarily complete, and a user's IP address. Please also review our Backblaze Cookie Statement.
Under no circumstances do we rent, trade, or share your address or e-mail address with any other company for their marketing purposes without your consent. We may use the information we collect through our products for a number of reasons, including to:
From time to time, Backblaze will communicate with you via email. There are two types of email you may receive:
We will only process personal information in ways that are compatible with the purpose we collected it for or for the purposes you later authorize. Before we use your personal information for a purpose that is materially different from the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt-out.
We may share and disclose your personally identifiable information only in the limited circumstances described below:
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required. Reasons we might retain some data for longer periods of time include:
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
When you enter personal information such as a credit card number on our website or via our App we encrypt that information using secure socket layer technology (SSL). For purchases made online with credit cards, we receive your credit card number in encrypted form, and transfer it to our credit card processor, Stripe, for processing. Our employees do not have access to this information. We do not store PIN data or 3-digit security codes.
We use appropriate technical and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security
Like all e-commerce websites we use cookies and similar tracking technology (collectively "Cookies") to collect and use personal information about you. For further information about the types of Cookies we and our partners' use, why and how you can control Cookies, please see our Cookie Statement.
Certain countries and states have enacted data protection and privacy rights for their residents. We strive to respect these rights for all our users, no matter where they happen to be located. You can find more information on objecting to, or restricting certain processing here.
For example, you may:
User requests are subject to the following caveats:
You can review more information as required under European data protection rules about our handling of your personal data and your data subject rights here.
The California Consumer Privacy Act gives California residents additional rights and choices regarding their personal information. To learn more, read our Privacy Notice for California Residents here.
You can exercise your privacy rights by submitting a data subject request with the completion of this form.
Our website contains links to third party websites and third-party plug-ins (such as social media sharing buttons) operated by other companies. We are not responsible for the privacy practices of such other websites. We encourage you to be aware that when you leave our site you read the privacy notices of such other websites. This Privacy Notice applies solely to information collected by Backblaze's products.
Some browsers make it possible for you to signal that you don’t want your Internet browsing activity to be tracked. Because the Internet community hasn’t reached a consensus on how to best honor these signals, Backblaze doesn’t respond to Do-Not-Track requests at this time.
Changes to this Privacy Notice will be made when required in response to changing legal, technical, or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. The new Privacy Notice will apply to all current and past users of the website and will replace any prior notices that are inconsistent with it.
If you have any questions or concerns regarding the collection, use, or disclosure of your personal information, you can contact us by sending an email to privacyrequest@backblaze.com or by contacting us at:
201 Baldwin Avenue,
San Mateo, CA 94401, U.S.
+1 650-352-3738
Recourse, Enforcement and Liability
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Backblaze commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Division of the American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States.
If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Data subjects may contact the relevant independent recourse mechanism listed below:
EU Data Protection Authorities (DPAs) https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Swiss Federal Data Protection and Information Commissioner https://www.edoeb.admin.ch/edoeb/en/home.html
UK Information Commissioner's Office https://ico.org.uk/
Supplemental Privacy Notices
U.S. - California Privacy Rights
For European Economic Area (EEA)