Privacy Policy

Principles:


Only the minimum amount of data is collected to actually provide you with the service.
Any data that is no longer needed to provide you with the service, will be removed.
Your data is NEVER sold to anyone.
Sams Backup does not generate a profit from your data.


What is collected, stored where, and why?


Except noted otherwise, all data is stored on servers in Germany, see:
https://www.hetzner.de/rechtliches/datenschutz (Deutsch)
https://www.hetzner.com/rechtliches/datenschutz (English)


E-Mail address


Your E-Mail address serves as a username when logging and, and is used to automatically communicate important service related information:

  • (New or Changed) E-Mail address confirmation
  • Forgotten password request
  • Password change notification
  • Invoices, attached as a pdf
  • Failed payment notifications
Your E-Mail address will also be used for communication with you, in case you need help / have issues with the service, or have any questions, concerns, or requests.
Your E-Mail address will never be used to send you anything but the purposes listed above.


Password


Your password is used to confirm your identity when logging in.
Your password also serves as a basis for generating a wrapper key, which is used to protect your encryption/decryption key to encrypt and decrypt your files (see below).
Your password is stored as a hash, generated using the bcrypt algorithm.


Locale


Your locale is stored to show you the site in your preferred language.


Payment related information


As a minimum your country and your credit card details are required for payment.
Your country is required for correct VAT calculation and payment.
Your credit card details are required for making the recurring payments for using the service.
Depending upon country specific requirements, your name, as well as address information might also be required to generate a valid invoice, see:
http://ec.europa.eu/taxation_customs/tic/public/invRules/invRulesPublicationPage.html (English only)
All listed payment related information is saved exclusively on Stripe, provided by Stripe, Inc.
Credit card information is stored, but not accessible to Sams Backup - excluding the last 4 digits.
Name and address information is accessible, and will be used to create invoices.
Stripe, Inc. is a US company, see:
https://stripe.com/de/privacy#translation (Deutsch)
https://stripe.com/de/privacy (English)


Invoices


An invoice will be created once a subscription starts, and then reoccurs every month.
An invoice will contain, at the very least, your E-Mail address, which plan(s) you used in the pay period, and the amount of VAT included.
If your country requires it (see above), the invoice will also contain your name, as well as your address.
The invoice will be send to your E-Mail address.
Every invoice will be stored for 10 years, as required by law.


E-Mails


All automatic E-Mails will be send through Mailgun, provided by Mailgun Technologies, Inc..
Mailgun Technologies, Inc. is a US company, see:
https://www.mailgun.com/privacy-policy (English only)
E-Mails send to [email protected] are stored on servers from 1and1, see:
https://hosting.1und1.de/terms-gtc/terms-privacy/ (Deutsch)
http://1and1.co.uk/terms-gtc/terms-privacy (English)


Files and folders


The content, as well as the names of your files and folders, is encrypted before being uploaded.
In addition, the following information is generated, and encrypted before the upload:

  • Crc32 of the file content: For creating zip files
The following meta information is saved without encryption:
  • File size: To calculate the total upload size and generated download traffic for the subscription
  • Creation date: For sorting files and folders
  • Modification date: For sorting files and folders
  • IVs: For later decryption
  • SHA1s: Used to verify that the uploaded files arrived intact
  • File and Folder relationships: Used to display your files and folders as nested structures.
The encrypted content of your files is stored on Backblaze servers, provided by Backblaze Inc.
Backblaze Inc. is a US company, see:
https://www.backblaze.com/company/privacy.html (English only)


Cryptographic Encryption/Decryption keys


Your keys are NEVER STORED WITHOUT PROTECTION.
Upon registration a securely random cryptographic key is generated, which is used to encrypt and decrypt your files.
This key is protected, and then saved. It can only be accessed by using your password, or the automatically generated recovery password, which is presented to you once after registration.
Should you lose access to both your password and your recovery key, you will not be able to decrypt your files any more!