Backblaze Cloud Compliance

Store data in accordance with security and compliance requirements including SOC 2 Type 2, HIPAA, GDPR, and CCPA/CPRA.

How Backblaze Helps Meet Compliance Goals in the Cloud

Backblaze works closely with leading third-party organizations to address security and privacy requirements.

Adding Backblaze to our infrastructure allowed us to satisfy our insurance carrier’s requirements. We could prove that we’re maintaining immutable backups on third-party servers located across the country that comply with industry standards for data security.
Chris Hoiland

IT/Data Center Supervisor, AcenTek

Compliance Documents and Requests

Documents and Questionaires

Access and download Backblaze’s compliance documents and completed questionnaires.

Whistic Sign Up

Data Subject Request

To manage the personal data collected by Backblaze, please fill out the Privacy Request Form

Privacy Request Form

Personal Information Request

To formally request no selling or sharing of your personal information, please fill out this form.

Do Not Sell/Share Form


Can Backblaze help us support our HIPAA compliance requirement?

 Backblaze is compliance friendly, with the ability to provide Business Associate Agreements (BAAs) for entities covered under HIPAA.

What is offered on Whistic for Backblaze customers?

Backblaze currently offers 3 profiles on Whistic: Education Industry profile link, EU Customers profile link, or All Other Customers profile link. Once you have signed up, or signed in, you will be able to view or download the applicable documents and questionnaires.

My organization maintains a lot of sensitive data. What privacy, compliance and security features does Backblaze offer to give confidence in its cloud storage?

The Backblaze Storage Cloud provides a range of compliance achievements and security-related services to safeguard account access and the data within accounts. Backblaze, and our data centers, have received SOC 2 Type 2 certification. Key features to keep your data secure and compliant with GDPR/UK GDPR, PCI-DSS, and ISO 27001 include multi-factor authentication, application keys, access management controls, server-side encryption (SSE), and Object Lock immutability. Data is stored in infrastructure designed for 11 nines durability and Backblaze data centers are equipped with best-in-class security features and staffed 24/7/365.

Does Backblaze sell my personal information?

We do not sell your personal information to third parties. We do sometimes share information, but only as needed to provide you our services, for example to send you a service email or take a support request. You can learn more about our privacy practices here.

What personal information does Backblaze collect?

Backblaze collects two different types of data from our customers, Personal Identifiable Information (PII) and personal files. PII, also referred to as Personal Information, is covered under CCPA/CPRA and GDPR. This is the information we collect from you to provide you with the Backblaze service you are using. Personal files are those files that are backed up or uploaded to our servers. These files do not fall under CCPA/CPRA or GDPR, however, your personal files are kept private and/or encrypted (depending on which service you are using), and is not accessed or shared by Backblaze, unless you explicitly tell us to do so, for example, to download a file or share a link to a file.

What does CCPA/CPRA mean to me?

The California Consumer Privacy Act (CCPA) means that California residents have the right to know what personal information is being collected, used, shared, or sold by companies, whether the company is an online-only company or not. Backblaze believes that data privacy is important to all of our customers and under no circumstances do we rent, trade, or sell your address or e-mail address with any other company for their marketing purposes without your consent. This regulation does pertain specifically to California residents, but Backblaze will apply the regulations to all customers to the best of our ability while abiding with the rules, regulations, and laws imposed by other jurisdictions.  

In addition, the California Privacy Rights Act (CPRA) gives the right to correct inaccurate personal information as well as the right to limit use and disclosure of sensitive personal information. The CPRA expands the right-to-know including personal information that can be shared by Backblaze and expands the opt-out right to encompass the sharing of personal information.

A Publicly Traded Company (BLZE)
Backblaze © 2024