Backup and restore

Backup and restore policy

Operational backup expectations, restore drill requirements, and evidence buyers should request before go-live.

Download markdownRequest evidence pack

Last reviewed: 2026-05-17. Final contractual commitments must be reviewed before signature.

Review status: Operational resilience draft. Final RPO, RTO, retention, and deletion terms require commercial/legal approval.

Production baseline

Production should use managed PostgreSQL with automated backups, SSL-required connections, and clear ownership for restore operations.

  • Use managed PostgreSQL rather than a developer database for production.
  • Enable automated backups and confirm retention in the cloud provider console.
  • Store database credentials only in backend environment secrets.

Restore drill

A backup promise is not enough. Restore into a test database and prove the application can read the restored data safely.

  • Restore to an isolated test database.
  • Run migrations/current-head checks and critical tenant login checks.
  • Smoke test invoice, inventory, sales order, user, and audit surfaces.

Customer commitments

RPO, RTO, retention, deletion, and export expectations should be written into the final commercial agreement.

  • State target RPO/RTO per plan or enterprise agreement.
  • Document cancellation export window and deletion process.
  • Keep restore evidence updated after infrastructure changes.

Buyer checks

Questions this document should help answer.

When was the last restore drill run?

Which database and object-storage backups are enabled?

Who can trigger a restore and who approves it?

What happens to customer data after cancellation?