Backblaze Security

Keeping our customer data safe is apart of our DNA

Our Philosophy

Protection of customer data is a top priority which merits continuous investment in our security systems and processes.

  • Keep customer data safe and secure.
  • Keep the system easy to use for customers.
  • Proactively monitor all systems and processes.
  • Hire third party organizations to continuously test the security of our systems and processes.
  • Provide our Chief Security Officer the resources needed to enable this security philosophy.

Privacy Policy and SLA

Account Access

Backblaze deploys the best-in-class security to prevent unauthorized use or access.

  • 2-Factor Verification via SMS or ToTP Authenticator Apps available for all users
  • Require account verification prior to accessing private data.
  • Do not store passwords. Instead, put them through a hash and salt.
  • Maintain usage and access monitoring on all accounts.

Data Transmission & Storage

Data is encrypted on your computer, encrypted during transmission, and encrypted while stored.

Personal Encryption Key

(“PEK”) option available for all customers. With a PEK, Backblaze cannot access your data (in case of lost password, subpoena, or any other event).

Data Transferred via HTTPS

Using a strong protocol, a strong key exchange, and a strong cipher. We continuously monitor using industry standard, independent sources like SSL Labs

Public/Private Keys

2048 bit public / private keys secure a symmetric AES -128 key

B2 Cloud Storage

B2 is our object storage service. It allows you to determine the level of security that is right for you and your data.

Storage Infrastructure & Data Durability

Our purpose built infrastructure - based on the Backblaze Storage Pod - is designed from the ground up to keep your data safe and secure.

Backblaze Vaults and Backblaze Reed - Solomon Encoding create a system designed for 99.999999% data durability.

Data Centers

Our physical facilities have best-in-class security features and are staffed every hour of every day of the year.

  • SSAE-16 / SOC-2 compliant.
  • Biometric Security.
  • ID checks and area locks that require badge-level access.
  • Locations in California and Arizona.

Sacramento Data Center PDF