Privacy Policy

Last updated: February 2026

1. Introduction

Stora ("we", "us", or "our") operates the website storabackup.com and the Stora backup platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using Stora, you consent to the data practices described in this policy.

2. Information We Collect

We collect the following types of information to provide and improve our service:

Account Information

When you create an account, we collect your name, email address, and organization name. This information is necessary to set up and manage your account.

Usage Data

We collect information about how you use the service, including backup logs, feature usage patterns, and interaction data. This helps us improve the product and diagnose issues.

Payment Information

Payment processing is handled by Paddle, our merchant of record. We do not store your credit card details or other payment instrument information on our servers. Paddle processes and stores this information in accordance with their own privacy policy and PCI DSS compliance requirements.

Data You Backup

When you use Stora to back up your SaaS data, the backed-up content is stored encrypted on our servers. We access this data only as necessary to provide the backup and restore service, and we do not use your backed-up data for any other purpose.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the Stora backup and data exploration service, including executing backups, enabling restores, and resolving linked records.
  • To send you service-related notifications, such as backup completion confirmations, failure alerts, schema change notifications, and account-related communications.
  • To improve the product by analyzing usage patterns, identifying bugs, and developing new features based on how the service is used.
  • To process billing and manage your subscription through our payment provider, Paddle.

4. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data is stored on dedicated, secure servers with strict access controls.
  • Backed-up data is encrypted at rest using AES-256 encryption.
  • All data in transit is protected using TLS 1.3 encryption.
  • Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.

5. Data Retention

We retain your data according to the following policies:

  • Active accounts: Your data, including backup snapshots, is retained for as long as your account remains active and your subscription is in good standing. Backup retention periods vary by plan.
  • Deleted accounts: When you delete your account, all associated data, including backup snapshots and account information, is permanently removed from our servers within 30 days of the deletion request.

6. Third-Party Services

We use the following third-party services to operate Stora. Each service has access only to the data necessary to perform its function:

  • Paddle -- Subscription billing and payment processing. Paddle acts as our merchant of record and handles all payment-related data.
  • Cloud Infrastructure Provider -- Cloud hosting and storage infrastructure for application servers and backup storage.
  • Sentry -- Error monitoring and performance tracking. Sentry receives anonymized error reports to help us identify and fix issues.
  • Resend -- Transactional email delivery. Used to send backup notifications, account alerts, and other service-related emails.
  • PostHog -- Product analytics. Used in cookieless mode to track page views and feature usage. No personal data or IP addresses are stored.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). You have the right to:

  • Access -- Request a copy of the personal data we hold about you.
  • Rectification -- Request that we correct any inaccurate or incomplete personal data.
  • Erasure -- Request that we delete your personal data, subject to certain legal obligations.
  • Portability -- Request a copy of your personal data in a structured, machine-readable format.
  • Restrict processing -- Request that we limit the processing of your personal data under certain circumstances.

To exercise any of these rights, please contact us at privacy@storabackup.com. We will respond to your request within 30 days.

8. Cookies

Stora uses session cookies that are strictly necessary for the functioning of the service. These cookies are used to maintain your authenticated session and ensure the security of your account. Our analytics tool (PostHog) operates in cookieless mode and does not store any cookies, local storage data, or personal identifiers. We do not use third-party tracking cookies or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. For material changes, we will notify you via the email address associated with your account before the changes take effect. We encourage you to review this page periodically for the latest information on our privacy practices.

10. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

privacy@storabackup.com