PikaPods Privacy and Data Protection Policy

This privacy policy describes our, PikaPods, current practices for the gathering and use of information from visitors to our own web site/service and from people who register for our services. If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We reserve the right to modify this privacy statement at any time.

For details on how we implement European GDPR rules, see the our GDPR-compliance document.

Information Collected and Stored by PikaPods

Your Account Data

PikaPods will collect and store certain information that is automatically collected by PikaPods or provided by its users, such as email, name, registration date, last authentication date, last change of details date, hashed password (argon2 format) and public SSH keys you submitted. For paid plans we will ask for billing details, which include address and company name in addition to your name. Such information will be kept private by PikaPods and is not for public distribution. Personal information is used in several ways:

  • To enable us to respond to you or to process, validate, and verify service requests and to perform the requested services;
  • To allow us to charge and invoice you and to contact you regarding changes to the subscribed services;
  • To send you personalized reminders and alerts regarding your PikaPods usage. You can always opt out of receiving reminders and can disable alerts about inactive repositories.

Your Backup Data

The main purpose of PikaPods is to store your backups. The materials you upload to PikaPods are yours and yours alone. You give us permission to use that material solely to do what's necessary to provide our services, including storing, reproducing (in case of server migrations). We don't sell your materials to third parties, and we don't use them for advertising purposes.

Given that Borg (the underlying open source software package) supports encryption we encourage you to encrypt all data submitted to our service. If you choose to not encrypt a backup repository, an icon will signal this in the list of your repositories.

You're solely responsible for the files you upload to PikaPods and assume all risks associated with them, including intellectual property or other legal claims. By storing files with PikaPods, you represent that you have the necessary rights to that material, and that doing so doesn't conflict with any licenses you've granted to others.

Data collected for your audit

To increase the security of your data you can view a list of connections made to your repository. This includes the time and an anonymized IP address with the final /24 (IPv4) or /64 (IPv6) part removed.

PikaPods doesn't use this audit data in any way.

Data collected for debugging

PikaPods will also store information about software failures regarding the PikaPods site/service using Sentry. This information is for PikaPods internal use only and will not be distributed under any circumstances. Your personal data is removed from bug reports before submitting it to Sentry and will only include technical details or an anonymous identifier.

To help us track marketing campaigns, the path and possibly the website you visited before arriving (referer) are saved using Fathom. This data is stored internally and doesn't include your IP or any personal information. No third party service is used and the data is not linked to your account.

We may use your personally identifying information to respond to your inquiries, to process transactions requested by you, to contact you in connection with products or services which may be of interest to you, to send you newsletters or additional offers, to allow you to access your information or for other purposes.

Access to Data and Deletion

If you would like us to remove all your data from our system, please use the form provided under Account > Profile. This will permanently disable your account and remove your personal details and SSH keys. Data required for billing- and tax purposes will be kept as long as required by law. If you would like to receive a copy of the data we store about you, please contact [email protected].

No Sharing of Information

Except as may be stated expressly in this Privacy Policy, BorgBase will not share personal information that you give us with any third parties.

Disclosures Required By Law

There are a limited number of situations requiring us to disclose your personal information to others without first receiving your consent: (1) when ordered to do so by a subpoena or court order; (2) if you violate or breach an agreement with us; (3) if we believe conduct by you will harm the property or rights of BorgBase or those of BorgBase customers; (4) under exigent circumstances to protect the physical safety of BorgBase, its employees, users, or the general public; (5) to validate credit card numbers.

Your Rights and Choices

We offer you certain choices about how we communicate with you and what information we obtain from you. You may choose not to receive marketing emails from us by contacting us as specified in the “How to Contact Us” section below and we will honor your request. As required by applicable law, you may withdraw consent you previously provided to us or object at any time on legitimate grounds and free of charge to the processing of your personal information, and we will apply your preferences going forward. If you are located in the European Economic Area (“EEA”), you may direct us not to share your personal information with third parties, except (i) with service providers we have retained to perform services on our behalf, (ii) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), (iii) if disclosure is required by law or legal process, (iv) with law enforcement authorities or other government officials, or (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or other illegal activity. If you are located in the EEA, we use your personal information only for the purposes indicated in this Privacy Policy unless we have a legal basis, such as consent, to use it for other purposes. Where required by law, BorgBase obtains your prior opt-in consent at the time of collection for the processing of (i) personal information for marketing purposes and (ii) personal information deemed sensitive pursuant to applicable law.

If you are located in the European Economic Area (“EEA”), you may direct us not to share your personal information with third parties, except (i) with service providers we have retained to perform services on our behalf, (ii) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), (iii) if disclosure is required by law or legal process, (iv) with law enforcement authorities or other government officials, or (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or other illegal activity.

Subject to applicable law, you may have the right to request access to and receive information about the personal information we maintain about you, update and correct inaccuracies in your personal data, and have the information blocked or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements.

You may contact us as described in the “How to Contact Us” section below to update your preferences, ask us to remove your information from our mailing lists or submit other requests.

Data Transfer

When creating a backup repository, you can choose the jurisdiction you want your data to be stored (EU or US). Your data will not be transferred out of this jurisdiction, but may move to a different data processor.

Your personal data, used for account maintenance and billing is stored in Germany and will not be transferred out of the EEA.

If you are located in the European Economic Area (“EEA”), we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA.

Security Information

Our site/service has physical, electronic, and managerial security measures in place to protect the loss, misuse, and alteration of the information under our control. We take many measures to protect this information while it is stored.

If you have subscribed for some of our services or are a customer seeking access to your account information, you will need to provide passwords. We recommend you do not divulge your password to anyone. BorgBase will never ask you for your password in an unsolicited telephone call or e-mail. You are responsible for the secrecy of your passwords.

No data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security on our systems.

In case of a data breach, we will inform affected customers and the relevant regulatory body within 72 hours.

Governing Terms

If you choose to visit BorgBase, your visit and any dispute over privacy are subject to this Privacy Policy, our EU-US Privacy Shield – Consumer Privacy Policy and our Terms of Use, including as regards limitations of liability and dispute resolution.

How to Contact Us

If you have any question or concern about the privacy of your personal information as used and collected within our site/service or any other questions about this Privacy Policy, please send us a thorough description by clicking on the Contact Us link on our site or sending an email to: [email protected]