Cloud Storage Privacy Policies: What It All Means

Any good cloud storage or backup privacy policy is going to tell you:

  • What information gets collected
  • How that information is used
  • Who that information is shared with
  • What to do if you don’t like it

To illustrate with a policy that hits all of these points, we’re going to use Carbonite (read our Carbonite review for more information), a backup provider, as an example. While not without it’s moments, the Carbonite privacy policy provides one of the friendlier reads of any privacy policy we’ve analyzed. Any policy that doesn’t take seven shots of espresso and a law degree to interpret is okay in our book.


Following a quick introduction affirming its respect for user privacy and establishing that it won’t use your data for any other means that’s described in the policy, Carbonite launches a rundown of the points listed above. The policy tends to go back and forth a bit, so to keep things simple we’ve extracted the relevant parts for you.

What Information Gets Collected

No surprise, Carbonite collects information like your name, address and email. If you sign up for the service, it also includes your billing information. Carbonite also monitors your website visits and pulls some information from your device. This includes the usual tracking cookies and logging your IP addresses, browser type, browser language and activity dates.

As a backup service, Carbonite also collects file system information from your computer. This includes:  

  • File and folder names
  • File extensions
  • File sizes

And of course, it stores your data, too, which gets kept in secured data centers.

How Your Information is Used and Who it’s Shared With

Carbonite labels the information it collects as either “account information” (name, billing information, etc.) and “diagnostic information” (IP address, file system information, etc.). The purpose of account information is primarily for identification and billing. It would be hard to run a subscription service without it. Diagnostic information is used several things. In part, that’s analytics and customer support. Having your device information helps Carbonite better help you.

However, it’s also used for marketing. Carbonite doesn’t state what specific marketing purposes it has in mind. At the very least, you’re going to start seeing Carbonite ads pop up around the Internet.  

On top of that, Carbonite gives itself leeway to share your information with third parties, whether for analytics, management, support or marketing:

“Carbonite may also use Your Account Information and Diagnostic Information, and share such information with contracted third parties that perform functions on Carbonite’s behalf and under Carbonite’s instruction, in order to perform analytics and assist with customer support, account management, and our marketing efforts.”

Carbonite does affirm that any third parties your information is shared with must abide by the terms in its privacy policy. Such statements should be standard practice. If a service doesn’t explicitly make that connection, stay away, although no examples come to mind.

As far as your files content itself, Carbonite states that its employees “will not view the contents of Your encrypted stored data, which is hosted within the United States and/or internationally with third-party cloud storage providers, without “Your consent” (sic).

That said, there is one big exception to this, which are legal matters: “Carbonite may disclose Your information if such action is necessary to comply with applicable law or to enforce Carbonite’s Terms of Service” (sic). So, if the government comes calling with a warrant or Carbonite decides to sue you for breaching its service’s terms, all bets are off.

What You Can Do If You Don’t Like It

Collecting information for billing and support is a necessary part of providing a subscription service like cloud backup. Collecting information for marketing is not.

People can have varying attitudes towards targeting online marketing that uses their personal information. For some, it’s a way of discovering products they might be interested in. For others, it’s an invasion of privacy. In fact, numbers from a Pew Research study indicated that 28 percent of Americans have used the Internet in some way to block or avoid advertisers.

If you’re anti-marketing, the good news is that Carbonite follows suggestion two of the FIPPS by giving you the ability to opt out of having your information used for that purpose. There are a few different ways you can do this, but the easiest is to just email If you don’t, the company assumes you’re fine with it.


Additionally, as Carbonite notes in its privacy policy, you can set your browser to reject cookies in order to curb targeted marketing.

Source :

Cloud Storage Privacy Policies: What It All Means
Scality Zenko: An Open Source Multi-Cloud Storage Controller
3 Cloud Backup And Storage Services With End-to-End Encryption
Scality brings hybrid cloud storage virtualisation
Cloud Storage Privacy – What’s Really At Stake
What Do Cloud Storage’s Eerie Nudity Policies Mean For Client Confidentiality?
The Cloud vs. on Premise Dilemma
How to Set Up Your Own Private Cloud Storage Service in Five Minutes with OwnCloud
IT is getting cloud storage security all wrong
Bottom line: Cost of cloud storage may be fuzzy