Crashplan (Code 42)

0

Crashplan backup software offers business a way to backup their data securely – offsite, onsite and online in the Cloud. Crashplan is based in Minneapolis, Minnesota USA and has been providing its cloud backup service since 2007. Real, live, support staff are available via online support portal, chat, email, & phone. They use encryption to protect your data while in transit between your computer and their servers, and they encrypt all data on your device before sending it to their servers where it is stored encrypted. This means that only you can decrypt your data, Crashplan cannot access it. Crashplan maintains data centres that are widely distributed in: the USA, Ireland, Japan, Singapore, & Australia. Crashplan data centres have been independently audited to ensure that your data is stored securely while still being easily available to you. Crashplan allows you to automatically & continuously backup your data to their servers and to easily recover backed up files using their web interface or desktop/mobile applications. Crashplan makes no claims to the ownership of your data (after all, your data on their servers is encrypted so they couldn’t access it even if they wanted to).

This disclosure was provided and researched by Arrowrock. Sources are cited where possible.

Please report any inaccuracies in this report by leaving a reply below or sending us a private message. Thank you!

Company Identity

Trading Name Code 42
Company Website http://www.code42.com/
Company Phone Number +1-612-333-4242
Company Email Address information@code42.com
Physical Address 1 Main St SE, #400
Minneapolis, MN, 55414-1035
USA

What services does this disclosure apply to?
Crashplan Pro
http://www.crashplan.com/business/

What country holds legal jurisdiction over the service(s)?
USA

How long has your company been operating?
Since October 2001.

How long has your company been providing the service(s) covered in this disclosure?
Since January 2007.

Is your company currently profitable?
Yes. Code 42 has been profitable since its launch, but it also received $52.5M (USD) via venture funding in January 2012.
http://allthingsd.com/20120117/code-42-the-company-behind-crashplan-lands-52m-funding-round/

return to the top

Customer Support and Service Level Agreement

What are your standard customer support hours?
Chat support is available Mon – Fri 9 AM – 5 PM (US Central time)

Phone support is available:
For US & International clients – Mon – Fri: 7 AM – 7 PM & Sat – Sun: 9 AM – 5 PM (US Central time)
For Aus & NZ Clients – Mon – Fri: 0800 – 1800 (Australian Eastern Time)

What channels are available for communication with clients?
Online Support Portal
https://crashplan.zendesk.com/anonymous_requests/new

Chat
https://secure.livechatinc.com/licence/1790841/open_chat.cgi?groups=0

Email
support@crashplanpro.com

Phone
US – 855.411.4242
International – +1 612.333.4242 option 2
Aus – 1800 042 042
NZ – +64 9 887 3317

For more information, please refer to:
http://www.crashplan.com/business/support/

Which is your preferred channel for client communications?
Not available

Do you collect any information from client communications?
Code 42 may obtain various types of Personal Data about our clients and Web Site visitors. Such data may include contact information names, address, phone number, and email address; information about products and services ordered or provided; payment information(such as credit card number, cardholder name, credit card verification number and expiration date), passwords, and information collected through Internet-based and e-commerce activities, and other transaction-related data.
The personal information we collect through our downloadable software is: name, email address, and password.
http://www.crashplan.com/privacy.html

What is your standard response time for customer support inquires?
Not available

Do you proactively communicate information about future planned outages and maintenance to clients?
We will send you service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
http://www.crashplan.com/privacy.html

Do you proactively communicate information about current unscheduled outages and incidents to clients?
We will send you service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
http://www.crashplan.com/privacy.html

Do you make incident reports available to clients after major incidents?
Not available

What is the expected uptime of the service?
Not available

Has the service experienced any outages in the last 12 months?
Not available

Does the SLA guarantee service uptime?
Not available

return to the top

Security

Are logs kept of client logins and locations?
Not available

Does your service support password/account recovery?
Yes.
The account password can be reset from: https://www.crashplanpro.com/console/forgot.html
The system emails the user a link beginning with http://www.crashplanpro.com//console/password-reset.html (url has an additional encrypted string at the end). From address is support@crashplanpro.com.
User clicks link in email and is taken to a page where they are immediately asked to change their password

Does the service monitor for any suspicious account activity?
Not available

Does your service offer two-step or multi-factor authentication?
Not available

Does your service offer login via other services?
No.

Does your service secure all client data in transit?
Yes.
CrashPlan PRO uses 448-bit Blowfish encryption, one of the most robust encryption methods available. Your files are encrypted before they leave your computer and then transferred to our servers using 128-bit Advanced Encryption Standard (AES) protocol.
http://www.crashplan.com/business/

Does your service secure client data at rest?
Yes.
CrashPlan PRO uses 448-bit Blowfish encryption, one of the most robust encryption methods available. Your files are encrypted before they leave your computer.
http://www.crashplan.com/business/

Does your service allow clients to collaborate with 3rd parties?
Only Crashplan Pro Administrators and End Users have access to their own client data.

Does your primary system reside in a data center with a security certification?
All CrashPlan data centers are SAS 70 Type II certified.
http://support.crashplan.com/doku.php/faq/security

Does your backup/disaster recovery system reside in a data center with a security certification?
All CrashPlan data centers are SAS 70 Type II certified.
http://support.crashplan.com/doku.php/faq/security

return to the top

Data Ownership

Do you claim ownership of any client data or information uploaded to your service?
No.

Does the client retain full ownership of any data of information transmitted or stored via upstream providers?
Not available

Does client use of your service generate any metadata or other statistical information?
Not available

return to the top

Data Location

Where are the primary systems that host client data located?
Crashplan has data centers in Minneapolis, IL; Atlanta, GA; Japan; Ireland; Singapore; & Australia.

Where are the backup/disaster recovery systems that host client data located?
Crashplan has data centers in Minneapolis, IL; Atlanta, GA; Japan; Ireland; Singapore; & Australia.

Are there any other systems that host client data on behalf of your service?
Not available

return to the top

Data Access and Use

Does the client have full access to their data during the service contract period?
Yes.
Clients have full access to their data from Crashplan by utilizing the desktop software, mobile software, or the online console. Their data is available to them via any device with an internet connection.

Can the client freely download their data from the service during the contract period?
Yes.
Clients can freely download their data from Crashplan using the “restore” option by utilizing the desktop software, mobile software, or the online console. This allows users to download their data in the same format in which it was uploaded.

Can the client easily import/upload their data from a competing service provider into your service?
Yes.
Clients can backup data of any format with Crashplan.
For more information on the different encryption settings, refer to:
http://www.crashplan.com/business/support/doku.php/reference/online/settings/security

Does your services include an API to access client data?
Yes.
Crashplan uses an API built on REST design principles.
More information can be found at:
http://support.crashplanpro.com/doku.php/api

Following termination of the service, will the client be able to access their data?
Not available

Following termination of the service, is all client data deleted?
Not available

Does anyone in your organization (including contractors and upstream providers) have the ability to directly access client data?
No.
All client data is encrypted on the client’s computer before being sent to Crashplan.

Does your company use client data or information for any business function (other than the provision of the service)?
Not available

Does your company use client data or information to generate revenue (other than the provision of the service)?
Not available

Do you access client data in any additional circumstance not yet specified in this disclosure?
No.
All client data is encrypted on the client’s computer before being sent to Crashplan.

return to the top

Data Breach Notification

Do you have a policy in place for dealing with data loss or breach?
Not available

Do you notify clients if their data has been lost or compromised?
Not available

return to the top

Backup and Maintenance

Does your service support data versioning?
Yes.
By default CrashPlan retains more versions of newer files and fewer versions over time, but you can easily adjust the number of backup versions being retained to meet your requirements. If you have groups of files that you want sent to different destinations or with different backup settings, backup sets give you even more choice about where and how backups take place, allowing you to manage your backup down to individual files.
http://www.crashplan.com/business/

How often are service/client data backups performed?
CrashPlan PRO backs up changed information as often as every minute, and continues to watch for changes to data in real-time. After the first backup completes, CrashPlan checks for data that is already backed up and ignores it, making subsequent backups much smaller because they contain only new or changed information.
http://www.crashplan.com/business/

What method is used to perform service/client data backups?
An easy-to-use desktop that’s also easy on the eyes means anyone can restore lost files without asking for help. Users just open CrashPlan PRO and choose the files or folders they want to restore. Highly flexible, fine-grained controls also let your users adjust their backup settings themselves.
http://www.crashplan.com/business/

How long is backup data retained for?
Backup data is generally retained forever (as long as the client account remains active). Clients can set rules for the retention of file versions and deleted files.

return to the top

Disclaimer

The information in this report is provided “AS IS” without warranty of any kind, express or implied. Please use good judgement and verify the information you consider important before basing any decisions on it.