Backblaze Privacy Notice
Last updated: August 27, 2019
We value your business and we know privacy is important to you. Accordingly,
we have implemented this Privacy Notice which describes how we collect and use
your personal information, what we do with the information collected, and how you
can exercise your privacy rights. We also have
terms and conditions
and data processing addendum
which describe what we can expect from each other when you use our products and services.
Backblaze, Inc. (“Backblaze”) is a US headquartered data storage provider that offers two different products:
Computer Backup, which
provides unlimited cloud backup for individuals and organizations
using Macs or PCs (laptops and desktops); and
B2 Cloud Storage, which
provides low-cost cloud storage for individuals and organizations.
You can find our contact details below
Under EU data protection legislation, commonly known as the GDPR, Backblaze is the controller of processing of personal
information described below. With regard to the processing of files uploaded to our platform by our users when using our
Computer Backup and B2 Cloud Storage services, however, Backblaze is the processor and the person or organization owning
the Backblaze account is the controller. We explain more about the distinction between a controller and a processor under
EU data protection legislation here
When requesting to use Backblaze's services we may ask you to provide personal information to us.
For example, when you create a Backblaze account, we will ask you for your email address and a password.
We may also ask for your phone number for purposes such as two-factor verification or for sending you
service alerts. If you choose to sign up for one of Backblaze's services, we will ask you for billing
information. To order a physical item from us, such as a Restore by Mail, we will ask for shipping details.
At times we may ask for other information such as your name or the name of your company name.
During your interaction with Backblaze, you may choose to provide us with personal information when you email
us, chat with us, answer a survey, comment on our blog, or communicate with us through social media services
like Twitter or Facebook.
If you refer a friend to Backblaze, we will ask you for their email address. Backblaze will then contact your
referred friend to determine whether your friend consents to us contacting them.
Our Computer Backup service automatically backs up your files to Backblaze; B2 Cloud Storage allows you to upload
your files to our service. While the content of your files may include personally identifiable information, both
in the content of a file and in metadata, this Privacy Notice, as stated at the outset, only applies to the
information collected in respect of your account and not to the content that you store on our system.
When you use any Backblaze product we may collect certain information automatically from and about your device.
This includes data about your software, the operating system you use when accessing our service, your Internet
Protocol address and the date and time of each request you make to Backblaze. When you use our backup services,
we will also receive information such as the names of external drives, file types transferred, and number and
size of files transferred.
Collecting this information enables us to better diagnose problems with our products, provide customer support
more effectively, inform you about operating systems we no longer support as well as ensure the continuous
functionality of our products.
We may collect additional information about you from third parties primarily to assist us in understanding how we
can maintain and improve the services we offer to better serve you. Third party tools that we use for this are
from: Optimizely, which records a user's clicks and enables Backblaze to test different versions of its website;
HotJar, which is used to record where people move their mouse on key web pages; and Google Analytics which informs
Backblaze about page visits which in turn allows Backblaze to decide if it needs to update certain pages.
SurveyMonkey, which Backblaze uses to distribute surveys, which users can voluntarily complete,
will collect a user's IP address.
Under no circumstances do we rent, trade or share your address or e-mail address with any other company for their
marketing purposes without your consent. We may use the information we collect through our products for a number
of reasons, including to:
- provide, operate, optimize and maintain our online platforms, products and services;
- understand how you use our products and customize your experience;
- set up online accounts;
- process, fulfill and provide any updates on online orders;
send you marketing communications we think you'll find valuable, where it is in accordance with your preferences;
provide customer support via online chat services; deal with your online enquiries and requests sent by email;
and provide you with information and access to resources or services that you have requested from us;
- improve the layout, navigation and content of our online products;
- identify any server problems or other IT or network issues;
- prevent abuse of the products and services we offer; and
carry out other legitimate business purposes, such as to improve our products and services, as well as other
lawful purposes about which we will notify our users and clients.
From time to time, Backblaze will communicate with you via email. There are two types of email you may receive:
Service Emails: These are service related emails such as confirmation
of password change, expiration of credit card, or a reply to a support issue. You cannot opt out of receiving
these messages as they are part of the service which Backblaze provides to you. You can manage certain Service
Emails by signing in to your Account. To stop receiving all Service Emails, you must cancel the service and
uninstall the Backblaze software from your devices.
Marketing Emails: These will include Backblaze company news,
tips-and-tricks, service promotions (e.g., refer-a-friend) and similar types of material.
Upon creating a Backblaze Account you will be able to manage your email preferences, including
opting out of receiving all Marketing Emails. You will also be able to unsubscribe at any time
by using the unsubscribe link provided in any given email.
We will only process personal information in ways that are compatible with the purpose we collected it for or
for the purposes you later authorise. Before we use your personal information for a purpose that is materially
different than the purpose we collected it for or that you later authorised, we will provide you with the opportunity
We may share and disclose your personally identifiable information only in the limited circumstances described below:
To vendors and other third party service providers who require access to your personal information to assist
in providing and improving our products. The third parties that access and use your information only on our
behalf include companies such as Stripe, Salesforce, Google Analytics, Freshbooks, Facebook, Twitter, Hubspot,
MailChimp, Plivo, Slack, SurveyMonkey, SendGrid, Twillio, and ZenDesk. For example, we partner with Stripe and
Freshbooks to assist us in processing your payment; Hubspot enables us to send you marketing emails, subject to
your preferences; SendGrid is used to communicate service emails to you; Twillio and Plivo are used to send SMS
messages to you when you use our 2-factor authentication feature; and Zendesk is used to facilitate our customer
support and online Chat service.
We may also disclose your information to third parties: (a) where required by law or regulatory requirement,
court order or other judicial authorization, (b) in response to lawful requests by public authorities, including
for the purposes of meeting national security and law enforcement requirements; (c) in connection with the sale,
transfer, merger, bankruptcy, restructuring or other reorganization of a business; (d) to protect or defend our
rights, interests or property, or that of third parties; (e) to investigate any wrongdoing in connection with our
products and services; and (f) to protect the vital interests of an individual.
- To any other person with your consent.
If you use our services as part of a business, group, or organization where Backblaze was set up by an administrator,
the administrator may be able to access and control your account. Refer to your organization's internal policies for
B2 Cloud Storage users can give third parties the ability to access information and content in their account
(e.g., through APIs). When other services access and use your information, their conduct is governed by their own
terms and policies.
The settings for B2 Cloud Storage also give you the option to make information and content available to other people.
- We may disclose aggregate, non-identifying information about how our users use Backblaze products.
If you are a visitor/customer located in the European Economic Area ("EEA"), our legal basis for collecting and using the
personal information described above will depend on the personal information concerned and the specific context in which we
collect it. We will normally collect personal information from you only where we have your consent to do so, where we need
the personal information to perform a contract with you, or where the processing is in our legitimate business interests.
In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to enter into a contract with you, we
will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or
not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and
use your personal information in reliance on our legitimate business interests, we will make clear to you at the relevant time
what those legitimate business interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal
information, please contact us using the contact details provided under the 'How to contact us'
information about you. For further information about the types of Cookies we and our partners' use, why and how you can control
Cookies, please see our Cookie Statement
Your personal information is stored and processed by us in the U.S. Specifically, your personal and non-personal information will be transferred to Backblaze for storage and processing in the U.S.
When transferring any personal information from the EEA and Switzerland to the U.S., we adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce. Backblaze has certified adherence to and commits to apply the Privacy Shield Principles to all personal information it processes in reliance on the Shield.
For the purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
For more information about the Privacy Shield, and to view our certification, see the U.S. Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov
If we have received your personal information in the U.S. and subsequently transfer it to a third-party agent or service provider for processing, and such third party agent or service provider processes your personal information in a manner inconsistent with the Privacy Shield Principles, we remain responsible under the Privacy Shield unless we can prove we are not responsible for the event giving rise to the damage.
You can direct any questions or complaints about the use or disclosure of your personal information to us at firstname.lastname@example.org
. We will investigate and resolve any complaints or disputes regarding the use of personal information within forty-five (45) days of receiving your complaint.
We have further committed to using the American Arbitration Association (AAA)
to provide an independent recourse method. AAA
will handle any complaints Backblaze is unable to resolve.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances. To find out more about the Privacy Shield's binding arbitration scheme please see https://www.privacyshield.gov/article?id=ANNEX-I-introduction
For information on how to request access, rectification or deletion of your personal information if it is inaccurate or processed in violation of the Privacy Shield, see Section 10
below on "Your data protection rights & choices".
The security of your personal information is very important to us.
When you enter personal information such as a credit card number on our website or via our App we encrypt that information
using secure socket layer technology (SSL). For purchases made online with credit cards, we receive your credit card number
in encrypted form, and transfer it to our credit card processor, Stripe, for processing. Our employees do not have access to
this information. We do not store PIN data or 3-digit security codes.
We use appropriate technical and organizational security measures to protect your personal information from loss, misuse,
and unauthorized access, disclosure, alteration and destruction, both during transmission and once we receive it. However,
no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore we cannot guarantee
its absolute security.
You have the following rights:
If you wish to access your personal information that Backblaze collects, you can do so at any time by contacting
us using the contact details provided under 'How to contact us' heading below.
You can correct, update or request deletion of your details in your Account by logging in to your Account. You
can also contact us using the contact details provided under 'How to contact us' heading below in order
to request that your data is deleted.
If you are a resident of the EEA, you can object to processing of your personal information, ask us to
restrict processing of your personal information or request portability of your personal information where
it is technically possible. Again, you can exercise these rights by contacting us using the contact details below.
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent
at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it
affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information.
Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada)
are available here.)
You have the right to opt-out of marketing communications
we send you at any time. You can exercise this right by clicking
on the “unsubscribe” link in the marketing e-mails we send you. Alternatively, please contact us at
. Please include your complete name and e-mail address. Note that it may take
up to 3 business days to remove you from our marketing lists and after this point you will still receive Service Emails from us.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data
Our Website contains links to third party websites and third party plug-ins (such as social media sharing buttons) operated by other companies.
We are not responsible for the privacy practices of such other websites. We encourage you to be aware that when you leave our site you read the
privacy notices of such other websites. This Privacy Notice applies solely to information collected by Backblaze's products.
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer
retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is
not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal
information and isolate it from any further processing until deletion is possible.
Changes to this Privacy Notice will be made when required in response to changing legal, technical or business developments. When we update
our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
The new Privacy Notice will apply to all current and past users of the website and will replace any prior notices that are inconsistent with it.
If you have any questions or concerns regarding the use or disclosure of your personal information, you can contact us by sending an email
or by contacting us at:
500 Ben Franklin Ct,
San Mateo, CA 94401, U.S.