Legal Centre
Backup and Restore Policy
Effective date: 2 March 2026
This policy defines the minimum backup and restore standard for paid production customer environments. Automated backups are a launch gate, not an optional post-sale task.
1. Backup Standard
- Daily automated Firestore export is required for paid production.
- Additional on-demand backups should be taken before high-risk migrations or bulk data changes.
- Unless otherwise agreed in writing, backup retention should maintain a rolling minimum of 30 days.
2. Restore Objective
- Target RTO for a scoped data restore is 8 business hours.
- Target RPO is up to 24 hours unless a customer agreement defines a tighter commitment.
3. Restore Process
- Confirm whether the restore scope is full environment, single home, or selected collections.
- Preserve evidence before overwrite when the restore is incident-related.
- Restore into staging first where practical, then validate tenant isolation, core logins, and critical records before reopening access.
4. Validation
- Restore testing should be performed at least quarterly.
- Each test should record the backup date used, restore duration, validation checks, and the responsible owner.