BBackupy

Privacy Policy

Last updated:

This Privacy Policy describes what personal data the Backupy service (the "Service") processes, for what purposes, and on what legal basis. It is prepared in accordance with Russian Federal Law №152-ФЗ "On Personal Data".

1. Who we are

The Service is operated by Backupy. The legal entity is being registered; corporate details will be updated here once available. For privacy questions, contact us at privacy@backupy.ru.

2. What data we collect

We process the following categories of data:

  • Account data: email address, display name, hashed password, authentication method (email/password, OAuth via Yandex/GitHub/Google).
  • Technical data: last-seen IP address, User-Agent, login timestamps, session identifiers.
  • Backup metadata: backup names, file sizes, checksums, retention policy, database and container names.
  • Payment data (when commercial pricing launches): invoice details and payment status. Full card data is never stored on our infrastructure — it is handled by the payment provider.

We do not read the contents of your backups, and we cannot read them. Backups are encrypted on the agent side with your key before upload (end-to-end encryption). We only store encrypted blobs.

3. Purposes and legal basis

  • Performance of contract with you: account registration, authentication, displaying backup metadata, support.
  • Legitimate interest: service security, incident investigation, fraud and abuse prevention.
  • Your consent: product news (only if you explicitly subscribe).
  • Legal obligation: data we are required to keep under Russian law (e.g. payment records).

4. Where we store data

All personal data is stored on servers in the Russian Federation, specifically in Yandex Cloud region ru-central1. This is a 152-ФЗ data localisation requirement for Russian citizens.

We do not transfer your personal data to third parties outside the Russian Federation. Exceptions are only possible in response to lawful requests from authorised government authorities.

Backupy staff access is restricted on a least-privilege basis. All administrator actions are recorded in an audit log.

5. Retention periods

  • Account and backup metadata: for as long as you use the Service. After account deletion — an additional 30-day grace period (in case of accidental deletion), then permanent removal.
  • Encrypted backup blobs: as configured by your agent's retention policy. Expired data is removed automatically.
  • Security and audit logs: 12 months.
  • Payment records: 5 years (Russian Tax Code requirement).

6. Your rights

Under Article 14 of 152-ФЗ you have the right to:

  • obtain confirmation of whether we process your personal data;
  • request a copy of the data we process, as well as information about its sources, purposes and retention periods;
  • request correction of inaccurate data;
  • request blocking or erasure of data processed in violation of the law;
  • withdraw consent (where consent is the legal basis);
  • file a complaint with Roskomnadzor or with a court at your place of residence.

To exercise these rights, email privacy@backupy.ru. We will respond within 30 days as required by law.

7. Cookies

The Service only uses strictly necessary cookies (an authentication session token). Analytics and advertising cookies are not used in the current version. See our Cookie Policy for details.

8. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced on this page and emailed to registered users at least 14 days before they take effect.

9. Contact

For any privacy-related questions, email privacy@backupy.ru.