CinderBackup
Legal

Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how CinderBackup ("we", "us"), operated by Marouane El Orfiat 519 8th St, Rawlins, WY 82301, United States, collects, uses and protects information when you use our website and backup service.

1. Data we collect

Account & billing data

  • Full name and email address (collected at signup or via the buy form);
  • Billing country, postal code, and tax-relevant identifiers required by Stripe for the one-time payment;
  • Order details (plan name, amount, currency, timestamp).

Backup data

  • Encrypted file blocks uploaded by the client software;
  • Metadata required to organise restores (file names are encrypted; only block hashes, sizes and timestamps are stored in clear).

Operational data

  • Server logs (IP address, timestamp, user-agent) retained for up to 30 days for security and abuse prevention;
  • Basic, privacy-respecting analytics on the marketing site (aggregated, no cross-site tracking).

2. How we use it

  • To provide, secure and restore your backups;
  • To process your one-time payment via Stripe and issue receipts;
  • To send transactional emails (purchase confirmation, security notices, plan changes);
  • To respond to support requests and refund inquiries;
  • To comply with legal obligations, including accounting and tax law.

We do not sell your personal data, and we do not use your backup contents for any purpose other than serving your restore requests.

3. Legal bases (GDPR)

  • Contract — to provide the Service you purchased;
  • Legal obligation — to retain billing records as required by law;
  • Legitimate interest — to keep the Service secure and prevent abuse;
  • Consent — for any optional marketing emails (you can opt out at any time).

4. Payment processing

Payments are processed by Stripe Payments Europe, Ltd. Card details are entered directly into Stripe's hosted checkout and never touch our servers. Stripe's privacy notice is available at stripe.com/privacy.

5. Storage and security

  • Backups are stored on enterprise-grade object storage with redundant regions;
  • All file contents are encrypted on your device with AES-256 before upload (zero-knowledge architecture);
  • TLS 1.2+ is required for all client/server communication;
  • Access to production systems is limited and audited.

6. International transfers

We are based in the United States; our infrastructure may transfer encrypted data across regions for redundancy. Because file contents are encrypted client-side, we cannot access them regardless of where blocks are stored.

7. Retention

  • Backup data is kept for as long as your plan is active and you have not deleted it;
  • Billing records are kept for the period required by tax law (typically 7 years);
  • Operational logs are kept for up to 30 days.

8. Your rights

Depending on your jurisdiction (including the EU/EEA, UK and California) you have the right to access, correct, export, restrict, or delete your personal data, and to lodge a complaint with a supervisory authority. To exercise any of these rights, email contact@cinderbackup.co. We respond within 30 days.

9. Cookies

See our Cookie Policy for details on what we use and why.

10. Contact

Data controller: Marouane El Orfi (d.b.a. CinderBackup), 519 8th St, Rawlins, WY 82301, United States.
Email: contact@cinderbackup.co