Privacy Policy

Backup Engine Inc. ("Backup Engine", "we", "us", or "our") is a British Columbia, Canada corporation that operates the Backup Engine backup and recovery service (the "Service") at backupengine.com.

For most personal data we collect, we are the "controller" in the meaning of the GDPR (account email, billing details, support correspondence). For your backup content — which you encrypt on your device before transmission — we act as a "processor" on your behalf, and you remain the controller.

Account information

• •Email address — required to create your account, send transactional notifications, and recover the account.
• •Display name (optional) and profile photo (optional, only if you sign in via OAuth).
• •Plan and subscription details — selected at signup or in the customer portal.
• •Region preference (US, Canada, or EU) — selected at signup; determines where backup content is stored.
• •MFA configuration (TOTP secret hash, recovery codes hash) — required because all accounts must enable MFA.

Backup metadata (in Supabase, Canada — encrypted at rest, TLS 1.3 in transit)

• •File names, sizes, modification timestamps, content-defined chunk hashes (SHA-256).
• •Backup job timestamps, success/failure status, error messages.
• •Backup-set configuration (folders selected, schedule, retention policy).
• •Device records (display name, OS, agent version, last-seen timestamp, IP at last sign-in).

Backup content (in iDrive e2 in your chosen region — chunked + encrypted client-side)

• •Variable-size content-addressed chunks (FastCDC, AES-256-GCM encrypted on your device with a key derived from your passphrase via Argon2id).
• •We never receive your passphrase or your derived key. We cannot decrypt your backup content.

Billing

• •Stripe handles desktop and server subscriptions; Apple App Store and Google Play handle mobile in-app purchases.
• •We never receive or store full payment card numbers. We receive Stripe Customer IDs, last-4 digits, and invoice history for accounting.

Diagnostics & support

• •Per-run diagnostic logs are written locally on your device under the application support directory; they are not auto-uploaded. You may share them via support@backupengine.com if you open a support ticket.
• •Server-side error logs (anonymous, sampled) for the customer portal and Edge Functions, retained for 30 days.
• •Email correspondence with our support team, retained for the duration of your account plus 24 months.

Cookies & analytics

• •Strictly-necessary cookies: session, CSRF, and locale preference. We do not require consent for these.
• •No third-party advertising trackers, no Facebook Pixel, no Google Analytics today.
• •If we add product analytics in the future, we will update this policy and surface a banner.

• •To provide the Service — orchestrate backups, store chunks, send presigned URLs, render the portal.
• •To bill you — communicate with Stripe, App Store, or Google Play to charge your selected payment method.
• •To send transactional notifications — backup-failed alerts, storage-quota warnings, password resets, MFA codes.
• •To detect abuse — rate-limit signup, block malicious IPs, identify accounts violating the Acceptable Use Policy.
• •To respond to support requests — including reviewing recent activity on your account when you ask us to.
• •To comply with legal obligations — respond to lawful subpoenas, court orders, and tax recordkeeping requirements.

• •Contract (Art. 6(1)(b)) — most processing is necessary to provide the Service you signed up for.
• •Legitimate interest (Art. 6(1)(f)) — abuse detection, infrastructure security, internal analytics.
• •Legal obligation (Art. 6(1)(c)) — tax records, lawful disclosure orders.
• •Consent (Art. 6(1)(a)) — only for non-essential processing; we will surface a clear consent surface before relying on this.

We do not sell your personal data. We share it with the following subprocessors only to the extent necessary to operate the Service. The full and current list — including the data category each subprocessor handles — is on the GDPR page.

• •Supabase (Canada) — auth, database, Edge Functions, transactional email triggers.
• •iDrive e2 (US, Canada, or EU per your region choice) — encrypted backup chunk storage.
• •Stripe (United States) — desktop and server billing.
• •Resend (United States) — transactional email delivery.
• •Cloudflare (United States) — desktop installer distribution and CDN.
• •Google, Microsoft (United States and EU) — only if you sign in with their OAuth providers.
• •Anthropic (United States) — only if you opt into the natural-language Restore Assistant feature (v1.11.0+).

We may also share data when required by law, court order, or to protect the safety of our users or third parties.

Your backup content stays in the region you chose at signup (US, Canada, or EU). It does not leave that region.

Account metadata (email, billing details, device records) is stored on Supabase infrastructure in Canada. Some subprocessors (Stripe, Resend, Cloudflare, Anthropic) are located in the United States. Where personal data of EU/EEA residents is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and on adequacy decisions where they apply. The Canada-EU adequacy decision covers our Canadian processing.

Depending on where you live, you may have the right to:

• •Access — get a copy of the personal data we hold about you.
• •Rectification — correct inaccurate data.
• •Erasure — request deletion of your account and associated data.
• •Restriction — pause certain processing while a dispute is resolved.
• •Portability — receive your data in a machine-readable format.
• •Objection — object to processing based on legitimate interest.
• •Withdraw consent — for processing that relies on consent (without affecting prior lawful processing).
• •Lodge a complaint — with the data protection authority in your country (e.g., the OPC in Canada, your national DPA in the EU/EEA).

To exercise any of these rights, email support@backupengine.com. We respond within 30 days. We may require identity verification before acting on a request that involves disclosure or deletion.

• •Backup content is encrypted on your device with AES-256-GCM using a key derived from your passphrase via Argon2id. We never receive the key.
• •Connections use TLS 1.3 (or TLS 1.2 with strong cipher suites for legacy clients).
• •Authentication requires email + password + MFA (TOTP). OAuth via Google, Microsoft, or Apple is offered as an alternative.
• •Service-role and admin operations require a separate, short-lived bearer that we rotate.
• •We log encryption key changes (rotation, passphrase changes, recovery uses) to an immutable audit log.
• •No system is perfectly secure. If we discover a breach affecting your data, we will notify you and applicable authorities within 72 hours where required.

• •Backup content — retained according to your backup-set retention policy. After account termination, content is retained for 90 days then permanently deleted.
• •Account metadata — retained while your account is active, plus 24 months after termination, then deleted (except where retention is required by law, e.g., tax records).
• •Diagnostic logs — server-side error logs are retained for 30 days. Local diagnostic logs on your device are managed by you.
• •Audit logs (encryption key changes) — retained for the life of the account plus 36 months for incident-response purposes.

The Service is not directed at children under 18, and we do not knowingly collect personal data from children. If we learn that we have inadvertently collected personal data from a child, we will delete it promptly.

We may update this policy from time to time. Material changes will be announced by email and posted with a new effective date at the top of this page at least 30 days before they take effect.

Privacy questions, data subject requests, and DPO matters:
support@backupengine.com (please include "Privacy" or "DSAR" in the subject line for faster routing).