The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brought with it significant changes to data protection law. It requires any data processors and data controls to use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately.
We have taken all necessary measures to ensure that our products and services fully comply with GDPR. We will try to write in plain language because we want to communicate clearly with you. This document may therefore lack some of the precision of a formally prepared statement drafted by legal professionals, but it still represents our good faith effort to protect the personal data information of our customers.
Our product, CubeBackup, is a backup tool which helps G Suite organizations back up their business data to self-hosted storage. We do not store any G Suite data for our customers. By using CubeBackup, you are already standing on very solid ground.
CubeBackup GDPR Compliance Statement
- “CubeBackup” means our business name, CubeBackup Inc.
- “Products” means the software distributed by CubeBackup.
- “Service” means the website https://www.cubebackup.com.
- “Customers” means the G Suite organizations who uses our Products to backup their G Suite data.
- “Personal data” means any personal data of Customers.
CubeBackup is committed to the compliance of GDPR. CubeBackup can specifically confirm the following:
No G Suite data for any Google account of our Customers, including Google Drive files, Shared drives files, Gmail messages, Google Contacts, Google Calendar data, or Google Sites files, is collected or stored by CubeBackup.
CubeBackup confirms that no personal data pertaining to a specific G Suite account for any Customer is collected or stored by CubeBackup, except for the data listed in “Personal Data collected by CubeBackup”.
No configuration settings, metadata, private key files or log files for our Products are collected or stored by CubeBackup, unless specifically provided by our Customers for technical support purposes.
CubeBackup does not share Customer information with any third parties.
Personal Data collected by CubeBackup
CubeBackup holds itself to high standards in handling and processing personal information. The small amount of data we collect at your consent is necessary to provide our products and services. Here is the data we collect and store:
G Suite domain
Number of users
Cookies are used to facilitate and improve your experience on our website and products.
CubeBackup only collects the above data when Customers or representative of Customers purchase our Products or visit our website. CubeBackup does not collect any Personal data when Customers are using our Products.
CubeBackup and our Products employ appropriate security measures to protect personal data against unauthorized access and accidental disclosure. The security measures cover:
SSL encryption for any Google API requests All data transferred between the Customer’s private storage and Google’s Cloud, is HTTPS/SSL encrypted.
AES encryption for backup data By default, all backup data is AES encrypted on the Customer’s private storage. The private key for the AES encryption is also generated and stored on the Customer’s private storage.
Google OAuth login Google domain-wide OAuth for authentication and authorization is used by our Product, so no password is required for Google APIs requests.
More information can be found at CubeBackup Security.
Personal Data Breach
CubeBackup shall notify Customers without undue delay on CubeBackup becoming aware of a personal data breach, and provide sufficient information to each Customer. CubeBackup must inform the applicable supervisory authorities as required by law and regulation.
If you have any questions about our GDPR compliance, please contact our support team via firstname.lastname@example.org