Privacy Policy

1. Introduction

Safe Backup ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our backup service for Airtable databases.

We are based in France and process data in accordance with applicable data protection laws. While we implement measures aligned with GDPR principles, we are a growing company working toward formal compliance certifications.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store your full credit card details.
• OAuth Tokens: Access tokens for Airtable and cloud storage services you connect. These are encrypted before storage.
• Communications: Information you provide when contacting our support team

2.2 Information We Collect Automatically

• Usage Data: How you interact with our Service, including backup schedules and restore operations
• Device Information: Browser type, operating system, and IP address
• Cookies: Session cookies for authentication and optional analytics cookies for service improvement
• Log Data: Server logs including access times, pages viewed, and error information

2.3 Your Airtable Data

When you use our Service, we access and backup your Airtable data. This data is encrypted and stored securely. We do not access, analyze, or use your Airtable data for any purpose other than providing the backup service you have requested. Your data remains your property at all times.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process your transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Comply with legal obligations

Legal Basis for Processing (for EU users): We process your data based on: (a) your consent; (b) performance of our contract with you; (c) our legitimate business interests; or (d) compliance with legal obligations.

4. Data Storage and Security

4.1 Where We Store Your Data

Our primary infrastructure is hosted on Amazon Web Services (AWS) in the eu-west-3 region (Paris, France). This means your account data and backup metadata are stored within the European Union.

Your actual backup files are stored in the cloud storage destination you choose (Google Drive, OneDrive, Dropbox, or Amazon S3). The location of that data depends on your cloud storage provider's infrastructure.

4.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption at Rest: Data is encrypted using AES-256 encryption
• Encryption in Transit: All data transfers use TLS 1.3 encryption
• Access Controls: Role-based access controls for our team members
• Token Security: OAuth tokens are encrypted using AES-256-GCM before storage
• Password Security: Passwords are hashed using industry-standard algorithms

Important: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With third-party vendors who assist in providing our Service (e.g., payment processing via Stripe, email delivery, hosting via AWS)
• Legal Requirements: When required by law, subpoena, or other legal process, or to respond to government requests
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets
• With Your Consent: When you have given us explicit permission

6. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We honor these rights for all users where reasonably practicable:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request transfer of your data in a machine-readable format
• Restriction: Request limitation of processing
• Objection: Object to processing of your data
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@safebackup.app. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Backup data is retained according to your subscription plan's retention policy. When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes. Backup files stored in your connected cloud storage are your responsibility to manage.

8. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Analytics Cookies: Help us understand how you use our Service (optional, can be disabled)

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. Third-Party Services

Our Service integrates with third-party services:

• Airtable: To access and backup your data
• Google Drive, OneDrive, Dropbox: To store your backups (at your choice)
• Stripe: To process payments securely
• AWS: To host our infrastructure

These services have their own privacy policies. We encourage you to review them. We are not responsible for the privacy practices of third-party services.

10. International Data Transfers

Our primary data processing occurs in the European Union (France). However, some of our service providers may process data in other countries. When data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

14. Supervisory Authority

If you are located in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).