Backblaze

0

Backblaze backup software offers business a way to backup their data securely – offsite, onsite and online in the Cloud. Backblaze is based in San Meteo, California USA and has been providing its cloud backup service since 2008. Support staff are available via email. They use encryption to protect your data while in transit between your computer and their servers, and they encrypt all data on your device before sending it to their servers where it is stored encrypted. For greater security you can use your own private key to encrypt your backups – this means that only you can decrypt your data, Backblaze cannot access it. Backblaze does not disclose where its data centres are located. Backblaze data centres have been are secured to a high standard, but they do not disclose if they have been independently certified. Backblaze allows you to automatically & continuously backup your data to their servers and to easily recover backed up files using their web interface or desktop/mobile applications. Backblaze makes no claims to the ownership of your data.

This disclosure was provided and researched by Arrowrock. Sources are cited where possible.

Please report any inaccuracies in this report by leaving a reply below or sending us a private message. Thank you!

Company Identity

Trading Name Backblaze
Company Website http://www.backblaze.com/business.html
Company Phone Number 650.352.3738
Company Email Address helpme@backblaze.com
Physical Address 500 Ben Franklin Ct
San Mateo, CA 94401
USA

What services does this disclosure apply to?
Backblaze

What country holds legal jurisdiction over the service(s)?
USA

How long has your company been operating?
Beta launched in February 2008
http://www.backblaze.com/press_01.html

How long has your company been providing the service(s) covered in this disclosure?
Since 2008
http://www.backblaze.com/press_01.html

Is your company currently profitable?
Backblaze, a leading online backup provider, announced they have inked a deal with TMT Investments Plc to obtain $5 million in equity funding. Backblaze is already profitable and growing quickly and this funding will be used to accelerate hiring for product development, global marketing, and partnerships.
http://www.backblaze.com/press-funding.html

return to the top

Customer Support and Service Level Agreement

What are your standard customer support hours?
Via email, tutorials and FAQ 24/7/365
http://www.backblaze.com/help.html

What channels are available for communication with clients?
Online request message, email, & phone (phone not for customer support).
http://www.backblaze.com/help.html
http://www.backblaze.com/contact.html

Which is your preferred channel for client communications?
Not available

Do you collect any information from client communications?
Not available

What is your standard response time for customer support inquires?
One day.
http://www.backblaze.com/help.html

Do you proactively communicate information about future planned outages and maintenance to clients?
Not available

Do you proactively communicate information about current unscheduled outages and incidents to clients?
Not available

Do you make incident reports available to clients after major incidents?
Yes.
Backblaze publishes information about incidents on its blog.
http://blog.backblaze.com/

What is the expected uptime of the service?
Not available

Has the service experienced any outages in the last 12 months?
Not available

Does the SLA guarantee service uptime?
No
DISCLAIMER OF WARRANTIES. YOUR USE OF BACKBLAZE PRODUCTS IS AT YOUR SOLE RISK. THE BACKBLAZE PRODUCTS ARE PROVIDED “AS IS,” “WITH ALL FAULTS” AND “AS AVAILABLE” FOR YOUR USE, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, UNLESS SUCH WARRANTIES ARE LEGALLY INCAPABLE OF EXCLUSION. SPECIFICALLY, BACKBLAZE AND ITS VENDORS DISCLAIM IMPLIED WARRANTIES THAT THE BACKBLAZE PRODUCTS ARE MERCHANTABLE, OF SATISFACTORY QUALITY, ACCURATE, FIT FOR A PARTICULAR PURPOSE OR NEED, OR NON-INFRINGING. BACKBLAZE AND ITS VENDORS DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE BACKBLAZE PRODUCTS WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE BACKBLAZE PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE BACKBLAZE PRODUCTS WILL BE CORRECTED. BACKBLAZE AND ITS VENDORS DO NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE BACKBLAZE PRODUCTS IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. BACKBLAZE PROVIDES THE BACKBLAZE PRODUCTS ON A COMMERCIALLY REASONABLE BASIS AND DOES NOT GUARANTEE THAT USERS WILL BE ABLE TO ACCESS OR USE THE BACKBLAZE PRODUCTS AT TIMES OR LOCATIONS OF THEIR CHOOSING.
http://www.backblaze.com/terms.html

return to the top

Security

Are logs kept of client logins and locations?
Website Cookies and Logs
When you visit www.backblaze.com and other Backblaze websites, our servers automatically collect certain information such as your IP address, browser type, page requested, cookies, etc. This information is used to provide a custom experience, keep your session active, or improve the service.
http://www.backblaze.com/privacy.html

Does your service support password/account recovery?
Yes.
You can recover your Backblaze login password via password recovery – https://secure.backblaze.com/forgot_password.htm.

However, there is an additional option for clients utilize a unique passphrase to encrypt their data. This passphrase will be used to encrypt your private key. This passphrase is your responsibility to remember and safeguard. This is important: if you forget or lose this passphrase there is no way that anyone, including Backblaze, can decrypt, and thus restore, your data. When you choose to add your own passphrase there is no “forgot passphrase” mechanism as Backblaze does not know your passphrase.
http://www.backblaze.com/backup-encryption.html

Does the service monitor for any suspicious account activity?
Not available

Does your service offer two-step or multi-factor authentication?
No.

Does your service offer login via other services?
No.

Does your service secure all client data in transit?
Yes.
Backblaze products automatically encrypt your data before transmission and send the encrypted data using industry-standard Secure Socket Layer (SSL) encryption.
http://www.backblaze.com/privacy.html
When you use Backblaze, data encryption is built in. Files scheduled for backup are encrypted on your machine. These encrypted files are then transferred over a secure SSL (https) connection to a Backblaze datacenter where they are stored encrypted on disk. We use a combination of proven industry standard public/private and symmetric encryption methods to accomplish this task.
http://www.backblaze.com/backup-encryption.html

Does your service secure client data at rest?
Data is encrypted behind the corporate firewall and/or on the client before being sent over the Internet. This will ensure that data is protected both in transit and at rest.
https://secure.backblaze.com/press/Backblaze_Online_Backup_Benefits.pdf

Your data is encrypted on your computer, sent over an encrypted connection, and stored encrypted. Want more security? You can use your own private key so nobody but you can ever have access.
https://secure.backblaze.com/pics/Backblaze_Datasheet.pdf

For more information, refer to: http://blog.backblaze.com/2008/11/12/how-to-make-strong-encryption-easy-to-use/

Does your service allow clients to collaborate with 3rd parties?
Not available

Does your primary system reside in a data center with a security certification?
Where Your Data is Stored
• Mission Critical Facility
• 24×7 Onsite Staff
• Biometric Security
• N+1 UPS power systems
• 25 Independent Telecom Providers
http://www.backblaze.com/internet-backup.html

Does your backup/disaster recovery system reside in a data center with a security certification?
Not available

return to the top

Data Ownership

Do you claim ownership of any client data or information uploaded to your service?
LOGICALLY NO.. BUT NOT EXPRESSLY DISCLOSED.

From Privacy Page: Users may update or remove their information by signing in to www.backblaze.com or contacting Backblaze support. To remove your information, please visit your account and click “Cancel Account.” If you cancel your account, some of your data may still be retained in our archives or backups.
http://www.backblaze.com/privacy.html

Does the client retain full ownership of any data of information transmitted or stored via upstream providers?
Yes

Does client use of your service generate any metadata or other statistical information?
By using the online backup service, the system automatically encrypts and transfers your files to Backblaze servers. Certain information will be available to Backblaze such as type of operating system, file types, or sizes to enable Backblaze to provide the service or help support you. Backblaze will never look at your actual files.
http://www.backblaze.com/privacy.html

return to the top

Data Location

Where are the primary systems that host client data located?
Outside Sacramento, California, USA

Where are the backup/disaster recovery systems that host client data located?
Not available

Are there any other systems that host client data on behalf of your service?
Not available

return to the top

Data Access and Use

Does the client have full access to their data during the service contract period?
Yes

Can the client freely download their data from the service during the contract period?
Yes. Data is downloaded in the same format in which it originated.

Can the client easily import/upload their data from a competing service provider into your service?
Not available

Does your services include an API to access client data?
Not available

Following termination of the service, will the client be able to access their data?
No

Following termination of the service, is all client data deleted?
No.
If you cancel your account, some of your data may still be retained in our archives or backups.
http://www.backblaze.com/privacy.html

Does anyone in your organization (including contractors and upstream providers) have the ability to directly access client data?
Not available

Does your company use client data or information for any business function (other than the provision of the service)?
Data collected is used exclusively with the goal of providing and improving this service.

No Spam. Backblaze will not sell, rent, trade or give away your email address or other contact information to any other organization.

No Spyware/Adware/Malware. Backblaze software is designed to backup your files online and contains no spyware or other unwanted applications.

No Third Party Advertising. Backblaze does not intend to advertise for other organizations through its website or email communications.

http://www.backblaze.com/privacy.html

Does your company use client data or information to generate revenue (other than the provision of the service)?
No

Do you access client data in any additional circumstance not yet specified in this disclosure?
Not available

return to the top

Data Breach Notification

Do you have a policy in place for dealing with data loss or breach?
Not available

Do you notify clients if their data has been lost or compromised?
Not available

return to the top

Backup and Maintenance

Does your service support data versioning?
Yes.
Backblaze keeps up to four weeks of file versions. Modified a file and need an old version? Just scroll back and pick a file from two weeks ago.
http://www.backblaze.com/internet-backup.html

How often are service/client data backups performed?
Not available

What method is used to perform service/client data backups?
Not available

How long is backup data retained for?
Not available

return to the top

Disclaimer

The information in this report is provided “AS IS” without warranty of any kind, express or implied. Please use good judgement and verify the information you consider important before basing any decisions on it.