Summary
Personal data at rsync.net takes two forms - the very limited contact and payment information that is associated with your account and how you pay us and your actual stored, or backed up, data itself that you hold in your account.
It is important to note that nobody in the world except for full time employees of rsync.net have any access whatsoever to the first category of data - your contact and payment information - and that we never share any piece of that with any party for any reason whatsoever (other than charging you). We have no "partners" or "affiliates" or "marketing associates" or parent company relationships. This data is used only for the purposes of serving you as a customer and charging you for our services.
Further, only full time employees of rsync.net have any access of any kind to the storage arrays where your saved, or backed up, data is kept.
Finally, your data never leaves the geographic location that you have chosen - if you have chosen Zurich as your rsync.net location, not one bit of data will ever leave Switzerland.
Retention of Data
The very limited personal information (name, address, phone number, email, etc.) that you provide when you initiate service with rsync.net is retained indefinitely, even if your account is cancelled or abandoned. You may contact our data controller / data protection officer and ask that your old, or cancelled, account be expunged.
The actual data that you store, or back up, to rsync.net is completely destroyed with no backups within 30 days of the cancellation of your account. Typically this destruction happens immediately but in the case of very large accounts, it is sometimes staged, or scheduled.
Your payment information is expunged from your account upon cancellation.
Technical Details
The data that you store, or back up, to rsync.net storage arrays is protected by stripping down the FreeBSD operating system and limiting it to providing no services other than OpenSSH, on TCP port 22. This limited functionality is enforced by firewall rules.
Inside the systems themselves, we very frequently (every five minutes) run a script that resets the proper ownerships, permissions, flags, and chroot settings of the filesystem. There are no reasonable mechanisms by which these settings would be altered, but if they were, they would be reset in five minutes or less.
Each rsync.net account (user filesystem) is inside of its own chroot jail - totally isolated from all other user filesystems on the storage array in question.
These processes are documented and maintained in an internal company wiki which serves as our quality control and process management framework.
GDPR Contacts
The data controller of rsync.net is the rsync.net technical support team which can be reached at support@rsync.net and the Data Protection Officer is John Kozubik who can be reached at john.kozubik@rsync.net
More Information
rsync.net publishes a wide array of support documents as well as a FAQ
You, or your CEO, may find our CEO Page useful.
Please see our HIPAA and Sarbanes-Oxley compliance statements.
Contact info@rsync.net for more information, and answers to your questions.