Policies & Compliance

Home/Policies

Disaster Recovery Policy

Last Updated: January 24, 2026

Purpose

This policy describes the disaster recovery procedures and business continuity practices for the Elevate for Humanity platform. It outlines how we protect data, maintain service availability, and recover from potential disruptions.

Scope

This policy applies to all platform infrastructure, databases, application services, and associated data managed by Elevate for Humanity.

Recovery Objectives

Recovery Time Objective (RTO)

< 4 hours

Maximum acceptable downtime

Recovery Point Objective (RPO)

24 hours

Maximum acceptable data loss

Backup Strategy

Database Backups

  • Automated daily backups via Supabase infrastructure
  • Point-in-time recovery (PITR) capability
  • 7-day retention for backup snapshots
  • Encrypted at rest using AES-256

Application Code

  • Version controlled in GitHub with full history
  • Immutable deployments via Netlify
  • Instant rollback to previous deployments

File Storage

  • Redundant storage via Supabase Storage (S3-compatible)
  • Multi-region replication for uploaded files

Disaster Scenarios

Database Failure

Response: Restore from most recent backup to new database instance

Expected Recovery: 15-30 minutes

Application Deployment Failure

Response: Instant rollback to previous stable deployment

Expected Recovery: < 5 minutes

Infrastructure Provider Outage

Response: Monitor provider status, communicate with users, restore when available

Expected Recovery: Dependent on provider

Data Corruption

Response: Point-in-time recovery to state before corruption

Expected Recovery: 30-60 minutes

Recovery Procedures

  1. Detection: Automated monitoring alerts team to incident
  2. Assessment: Determine scope and impact of the incident
  3. Communication: Notify affected users via status page and email
  4. Recovery: Execute appropriate recovery procedure
  5. Validation: Verify system functionality and data integrity
  6. Documentation: Record incident details and lessons learned

Testing

Disaster recovery procedures are tested quarterly to ensure effectiveness and identify areas for improvement. Tests are conducted in isolated environments without impacting production systems.

Latest DR Test: Passed

Our most recent disaster recovery drill was completed successfully on January 24, 2026.

View Full Test Report →

Responsibilities

  • Platform Team: Maintain backup systems, execute recovery procedures
  • Operations: Monitor systems, coordinate incident response
  • Communications: Notify users and stakeholders during incidents

Contact

For questions about disaster recovery procedures or to report an incident:

Related Policies:

Questions about our policies? Contact us at our contact form