Only the minimum amount of data is collected to actually provide you with the service.
Any data that is no longer needed to provide you with the service, will be removed.
Your data is NEVER sold to anyone.
Sams Backup does not generate a profit from your data.
Except noted otherwise, all data is stored on servers in Germany, see:
https://www.hetzner.de/rechtliches/datenschutz (Deutsch)
https://www.hetzner.com/rechtliches/datenschutz (English)
Your E-Mail address serves as a username when logging and, and is used to automatically communicate important service related information:
Your password is used to confirm your identity when logging in.
Your password also serves as a basis for generating a wrapper key, which is used to protect your encryption/decryption key to encrypt and decrypt your files (see below).
Your password is stored as a hash, generated using the bcrypt algorithm.
Your locale is stored to show you the site in your preferred language.
As a minimum your country and your credit card details are required for payment.
Your country is required for correct VAT calculation and payment.
Your credit card details are required for making the recurring payments for using the service.
Depending upon country specific requirements, your name, as well as address information might also be required to generate a valid invoice, see:
http://ec.europa.eu/taxation_customs/tic/public/invRules/invRulesPublicationPage.html (English only)
All listed payment related information is saved exclusively on Stripe, provided by Stripe, Inc.
Credit card information is stored, but not accessible to Sams Backup - excluding the last 4 digits.
Name and address information is accessible, and will be used to create invoices.
Stripe, Inc. is a US company, see:
https://stripe.com/de/privacy#translation (Deutsch)
https://stripe.com/de/privacy (English)
An invoice will be created once a subscription starts, and then reoccurs every month.
An invoice will contain, at the very least, your E-Mail address, which plan(s) you used in the pay period, and the amount of VAT included.
If your country requires it (see above), the invoice will also contain your name, as well as your address.
The invoice will be send to your E-Mail address.
Every invoice will be stored for 10 years, as required by law.
All automatic E-Mails will be send through Mailgun, provided by Mailgun Technologies, Inc..
Mailgun Technologies, Inc. is a US company, see:
https://www.mailgun.com/privacy-policy (English only)
E-Mails send to [email protected] are stored on servers from 1and1, see:
https://hosting.1und1.de/terms-gtc/terms-privacy/ (Deutsch)
http://1and1.co.uk/terms-gtc/terms-privacy (English)
The content, as well as the names of your files and folders, is encrypted before being uploaded.
In addition, the following information is generated, and encrypted before the upload:
Your keys are NEVER STORED WITHOUT PROTECTION.
Upon registration a securely random cryptographic key is generated, which is used to encrypt and decrypt your files.
This key is protected, and then saved. It can only be accessed by using your password, or the automatically generated recovery password, which is presented to you once after registration.
Should you lose access to both your password and your recovery key, you will not be able to decrypt your files any more!