Submit Bug Report
Security is a top priority at Backblaze. We believe that no technology is perfect and that working with skilled security researchers across the globe is crucial in identifying possible weaknesses in our systems. If you believe you've found a security bug in our service, we are happy to work with you to resolve the issue promptly and ensure that you are fairly rewarded for your discovery. Our bug bounty program is open to the public and is managed via Bugcrowd. You’ll find everything you need to know at bugcrowd.com/backblaze . We look forward to your help in making our platform even better.
Backblaze office building
Keep customer data safe and secure.
Keep the system easy to use for customers.
Proactively monitor all systems and processes.
Hire third party organizations to continuously test the security of our systems and processes.
Provide our Chief Security Officer the resources needed to enable this security philosophy.
Privacy Policy and SLA
Account Access
Backblaze deploys the best-in-class security to prevent unauthorized use or access.
Single Sign-On via G Suite or Office 365 available for all users
2-Factor Verification via SMS or ToTP Authenticator Apps available for all users
Require account verification prior to accessing private data.
Do not store passwords. Instead, put them through a hash and salt.
Maintain usage and access monitoring on all accounts.
image of man sitting at computer using SSO on phone
Computer Backup
Data is encrypted on your computer, encrypted during transmission, and encrypted while stored.
Data EncryptedPersonal Encryption Key
(“PEK”) option available for all customers. With a PEK, Backblaze cannot access your data (in case of lost password, subpoena, or any other event).
Data Transferred via HTTPS
Using a strong protocol, a strong key exchange, and a strong cipher. We continuously monitor using industry standard, independent sources like SSL Labs
Public/Private Keys
2048 bit public / private keys secure a symmetric AES -128 key
B2 Cloud Storage
Backblaze B2 is our object storage service. It allows you to determine the level of security that is right for you and your data.
SLA of 99.9% Availability .
Durable by design - you can trust that your data is safe with us .
Backblaze B2 stores the data you put in it. Choose to upload only encrypted data, use a third party integration to encrypt data before transmission to Backblaze B2, or store data unencrypted.
Data is immediately encoded for redundancy upon receipt and stored in a data center in your account region.
Data in Private Buckets can only be accessed after account authentication.
Data in Backblaze B2 can be protected from ransomware using object lock and third party integrations, making the data non-erasable and non-modifiable for a user-specified interval.
image of woman sitting at computer
Storage Infrastructure & Data Durability
Our purpose built infrastructure - based on the Backblaze Storage Pod - is designed from the ground up to keep your data safe and secure.
Backblaze Vaults and Backblaze Reed - Solomon Encoding form the backbone of our system. Learn more about how we calculate our durability.
image of red backblaze server
Data Centers
Our physical facilities have best-in-class security features and are staffed every hour of every day of the year.
SSAE-18 / SOC-2 compliant.
Biometric Security.
ID checks and area locks that require badge-level access.
Regions: US West (California & Arizona), US East (Virginia), & EU Central (Amsterdam).
