The GDPR allows Backblaze EU-based customers to manage how we use the personal data we collect from them.  A customer can request a variety of actions be taken related to this data.  Please see our Privacy Notice for an overview of your rights under the GDPR.  Regardless of the GDPR right(s) you are exercising, to ensure that the request is legitimate and to protect the personal and stored data we collect and store on behalf of our customers we require:

Anyone making a request to Backblaze to view/update/delete the personal data or stored data we manage must prove they are the owner of that data before Backblaze will allow that person to view/update/delete such data.

To prove ownership, a customer must be able to successfully sign in to the Backblaze account that contains the personal or stored data they wish to view/update/delete.

Typically a user signs in to their Backblaze account by providing their account email address and the password they created.  If they are unable to remember their password, they can recover their password using our password recovery process.

As a customer, you have the option to add additional account security mechanisms to protect access to your account, for example, two-factor verification, backup codes, and using a private encryption key.  If you utilize an optional security mechanism, you are solely responsible for providing the needed access mechanism (backup code, private encryption key, 2-factor code) when requested by the Backblaze system.  If you are unable to provide the access mechanism, you will not be able to complete the sign in process to the Backblaze account in question.

We encourage anyone who chooses to add an optional security mechanism to ensure that the access mechanism remains available. For example, if you use SMS-based two-factor verification, you will need to have your phone available to receive the access code that will be entered into the Backblaze system to complete the sign in process.