In the GDPR, a distinction is made between the so-called "controller" and the "processor". The controller determines why and how data is being processed. The controller can outsource some processing of personal data to a processor, who only processes the data on behalf of, and at the instructions of the controller.
Backblaze has two types of customer data:
Stored data: The data a customer, often you, store with Backblaze for the purpose of being able to recover (restore) some or all of the data at some later date/time. For this type of data the customer is considered the controller under the GDPR and Backblaze is the processor performing functions based on your requests.
Account data: This is the data we collect from you to operate and manage your Backblaze account via the services we provide. Much of the account data we collect is considered personal data as it relates to the GDPR and as such, Backblaze is considered the controller of your personal data since we decide what data we need to collect and how to use it within our system.