Legal Centre

Backup and Restore Policy

Effective date: 2 March 2026

This policy defines the minimum backup and restore standard for paid production customer environments. Automated backups are a launch gate, not an optional post-sale task.

1. Backup Standard

  • Daily automated Firestore export is required for paid production.
  • Additional on-demand backups should be taken before high-risk migrations or bulk data changes.
  • Unless otherwise agreed in writing, backup retention should maintain a rolling minimum of 30 days.

2. Restore Objective

  • Target RTO for a scoped data restore is 8 business hours.
  • Target RPO is up to 24 hours unless a customer agreement defines a tighter commitment.

3. Restore Process

  • Confirm whether the restore scope is full environment, single home, or selected collections.
  • Preserve evidence before overwrite when the restore is incident-related.
  • Restore into staging first where practical, then validate tenant isolation, core logins, and critical records before reopening access.

4. Validation

  • Restore testing should be performed at least quarterly.
  • Each test should record the backup date used, restore duration, validation checks, and the responsible owner.
Back to Legal CentreGet in Touch
Backup and Restore Policy | Apworth