Privacy Policy

Last updated: 23 June 2026 · Draft pending legal review

Who we are

InfluxBackup is a backup service for InfluxDB, operated by milliwatt (Norway). We are the data controller for your account data, and a data processor for the InfluxDB data we back up on your behalf. Questions: privacy@influxbackup.no.

What we collect

  • Your email and a securely hashed password.
  • The InfluxDB connection details you register: URL, organization, and an API token (the token is encrypted at rest and never shown back to you or anyone else).
  • The backup contents: the data we export from your InfluxDB buckets, stored as compressed files.
  • Operational metadata: backup history, alerts, usage figures, and basic server logs (including IP addresses) needed to run and secure the service.
We don't use tracking or advertising cookies; the only browser storage is your login session.

Why we use it (legal basis)

We process your data to provide the service you signed up for (a contract, under GDPR Art. 6(1)(b)) and to keep it secure and reliable (our legitimate interest). We don't sell your data or use it for advertising.

Who we share it with

Only the providers we need to run the service ("sub-processors"):
  • Hetzner: object storage for your backups (EU region).
  • A transactional email provider, for alerts and account emails.
  • Our hosting provider, to run the application.
We don't share your data with anyone else, and we'll tell you before adding a new sub-processor that handles your data.

Where it's stored & how long

Your data is stored in the EU/EEA. We keep backups until you delete them or close your account. There's no automatic deletion. Deleting your account erases all of it (see your rights below).

Your rights

Under the GDPR you can, at any time:
  • Access / export your data: "Download my data" on the account page.
  • Correct it, e.g. change your email on the account page.
  • Delete your account and all its data: "Delete account" on the account page.
  • Object to or restrict processing, and lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Security

Influx tokens are encrypted at rest, passwords are hashed (argon2), sessions are stored only as hashes, and we guard against requests to internal networks. If a breach ever puts your data at risk, we'll notify you and Datatilsynet as the law requires.

See also our Terms of Service.