Privacy Policy
Last updated: July 11, 2026
The short version: we hold as little of your data as the service allows. Your backups go to your own bucket, not to us. What we do hold is listed below, in plain language.
1. What we hold
- Your account email — to sign you in, send drill reports, and alert you when a backup or drill fails.
- Database connection strings and bucket credentials — stored sealed-box encrypted; they are decrypted only inside the worker at run time to perform your backups and drills.
- Operational metadata — run history, backup sizes, drill results, and timings, so the console can show you what happened and alerts can fire.
2. What we never store
Your backup data. Database dumps and Storage files are written directly to your own S3, R2, or B2 bucket. During a backup the bytes stream through our workers and are never written to our disks. During a restore drill, the worker downloads your snapshot into an isolated temporary sandbox that exists only for that drill and destroys it as soon as verification finishes. We keep no lasting copy of your data — we cannot browse your backups.
3. Our role
For the contents of your database and Storage files, you are the data controller and we act as a data processor: we touch that data only to perform the backups and restore drills you configured, and for nothing else.
4. Services we rely on
- Stripe — payment processing. Your card details go to Stripe, not to us.
- Resend — delivers alert and transactional email to your account address.
- Vercel Web Analytics — cookie-free, aggregate page analytics on this site. No cross-site tracking, no ad profiles.
- Attribution cookie— one first-party cookie (bd_attr, expires after 90 days) stores only: the path you landed on, the referring site’s origin (never the full referrer URL), up to five utm_ campaign tags from the landing link (each truncated), and a timestamp. If you sign up, we read it once and keep that snapshot with your account as its signup attribution — deleted when the account is deleted. We put no name, email, or identifier in it, never share it, and do no cross-site tracking; utm_ values are set by whoever built the link you clicked and are used solely for source reporting. For visitors from the EU/EEA, the UK, or Switzerland it is not set at all — instead a one-day flag cookie (bd_noattr, containing only “1”) tells our pages not to store attribution, and any previously set bd_attr is deleted.
- Cloud infrastructure providers — run the console and the backup/drill workers.
5. Retention and deletion
Delete your account and we delete your stored connection strings, bucket credentials, and account data. Snapshots already in your bucket are yours and are not touched — remember that after leaving, their retention is entirely under your control (see the terms).
6. Your rights
You can ask us to show, correct, or delete the personal data we hold about you at any time — email support@backupdrill.com and we will handle it.
7. Changes
If this policy changes in a way that matters, we will notify you by email before the change takes effect.