BorgBase Privacy and Data Protection Policy
For details on how we implement European GDPR rules, see the our GDPR-compliance document.
Information Collected and Stored by BorgBase
Your Account Data
BorgBase will collect and store certain information that is automatically collected by BorgBase or provided by its users, such as email, name, registration date, last authentication date, last change of details date, hashed password (argon2 format) and public SSH keys you submitted. For paid plans we will ask for billing details, which include address and company name in addition to your name. Such information will be kept private by BorgBase and is not for public distribution. Personal information is used in several ways:
- To enable us to respond to you or to process, validate, and verify service requests and to perform the requested services;
- To allow us to charge and invoice you and to contact you regarding changes to the subscribed services;
- To send you personalized reminders and alerts regarding your BorgBase usage. You can always opt out of receiving reminders and can disable alerts about inactive repositories.
Your Backup Data
The main purpose of BorgBase is to store your backups. The materials you upload to BorgBase are yours and yours alone. You give us permission to use that material solely to do what's necessary to provide our services, including storing, reproducing (in case of server migrations). We don't sell your materials to third parties, and we don't use them for advertising purposes.
Given that Borg (the underlying open source software package) supports encryption we encourage you to encrypt all data submitted to our service. If you choose to not encrypt a backup repository, an icon will signal this in the list of your repositories.
You're solely responsible for the files you upload to BorgBase and assume all risks associated with them, including intellectual property or other legal claims. By storing files with BorgBase, you represent that you have the necessary rights to that material, and that doing so doesn't conflict with any licenses you've granted to others.
Data collected for your audit
To increase the security of your data you can view a list of connections made to your repository. This includes the time and an anonymized IP address with the final /24 (IPv4) or /64 (IPv6) part removed.
BorgBase doesn't use this audit data in any way.
Data collected for debugging
BorgBase will also store information about software failures regarding the BorgBase site/service using Sentry. This information is for BorgBase internal use only and will not be distributed under any circumstances. Your personal data is removed from bug reports before submitting it to Sentry and will only include technical details or an anonymous identifier.
To help us track marketing campaigns, the path and possibly the website you visited before arriving (referer) are saved using Fathom. This data is stored internally and doesn't include your IP or any personal information. No third party service is used and the data is not linked to your account.
We may use your personally identifying information to respond to your inquiries, to process transactions requested by you, to contact you in connection with products or services which may be of interest to you, to send you newsletters or additional offers, to allow you to access your information or for other purposes.
Access to Data and Deletion
If you would like us to remove all your data from our system, please use the form provided under Account > Profile. This will permanently disable your account and remove your personal details and SSH keys. Data required for billing- and tax purposes will be kept as long as required by law. If you would like to receive a copy of the data we store about you, please contact firstname.lastname@example.org.
No Sharing of Information
Disclosures Required By Law
There are a limited number of situations requiring us to disclose your personal information to others without first receiving your consent: (1) when ordered to do so by a subpoena or court order; (2) if you violate or breach an agreement with us; (3) if we believe conduct by you will harm the property or rights of BorgBase or those of BorgBase customers; (4) under exigent circumstances to protect the physical safety of BorgBase, its employees, users, or the general public; (5) to validate credit card numbers.
Your Rights and Choices
If you are located in the European Economic Area (“EEA”), you may direct us not to share your personal information with third parties, except (i) with service providers we have retained to perform services on our behalf, (ii) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), (iii) if disclosure is required by law or legal process, (iv) with law enforcement authorities or other government officials, or (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or other illegal activity.
Subject to applicable law, you may have the right to request access to and receive information about the personal information we maintain about you, update and correct inaccuracies in your personal data, and have the information blocked or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements.
You may contact us as described in the “How to Contact Us” section below to update your preferences, ask us to remove your information from our mailing lists or submit other requests.
When creating a backup repository, you can choose the jurisdiction you want your data to be stored (EU or US). Your data will not be transferred out of this jurisdiction, but may move to a different data processor.
Your personal data, used for account maintenance and billing is stored in Germany and will not be transferred out of the EEA.
If you are located in the European Economic Area (“EEA”), we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA.
Our site/service has physical, electronic, and managerial security measures in place to protect the loss, misuse, and alteration of the information under our control. We take many measures to protect this information while it is stored.
If you have subscribed for some of our services or are a customer seeking access to your account information, you will need to provide passwords. We recommend you do not divulge your password to anyone. BorgBase will never ask you for your password in an unsolicited telephone call or e-mail. You are responsible for the secrecy of your passwords.
No data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security on our systems.
In case of a data breach, we will inform affected customers and the relevant regulatory body within 72 hours.
How to Contact Us