Backup & Disaster Recovery Policy
How Oceum protects data through continuous backups and ensures rapid recovery from service disruptions.
1. Database Backups
- Provider: Supabase Postgres (us-east-1)
- Backup Type: Point-in-Time Recovery (PITR) — continuous WAL archiving
- Retention: 7 days of point-in-time recovery
- Granularity: Restore to any second within the retention window
- Encryption: Backups encrypted at rest with AES-256
2. Recovery Objectives
| Metric | Target | Details |
|---|---|---|
| RTO | 4 hours | Restore database to a new instance from PITR backup |
| RPO | Near-zero | PITR with continuous WAL streaming — data loss limited to in-flight transactions |
| Degraded Mode | Automatic | Static pages remain available via Vercel edge cache during database outage |
3. Application Recovery
- Compute: Vercel serverless — no single point of failure, auto-scaling across global edge network.
- Code: All source in GitHub (private repo) with CI/CD. Redeploy in under 5 minutes from any commit.
- Secrets: Vercel environment variables, not stored in code. Rotation documented in key management policy.
- DNS: Vercel-managed with automatic failover.
4. Monitoring & Detection
- Uptime Health: Cron job every 15 minutes checks endpoint availability, database connectivity, and agent heartbeat.
- Watchdog: Cron job every 5 minutes for critical path verification.
- Alerting: Telegram and Slack notifications within 60 seconds of detected failure.
- Error Tracking: Sentry with environment-based sampling for real-time exception monitoring.
5. Incident Classification (for DR)
| Severity | Description | Response |
|---|---|---|
| P1 (Critical) | Full platform unavailable — database down, Vercel outage | Immediate — RTO applies |
| P2 (Major) | Partial degradation — single agent failures, integration timeouts | 1 hour |
| P3 (Minor) | Performance degradation — elevated latency, non-critical cron failures | Next business day |
6. Testing
- Frequency: DR drill conducted annually (minimum).
- Scope: Database restore to staging environment, full API verification, agent health check.
- Documentation: Drill results documented and reviewed by the security team.
7. Data Redundancy
- Database: Supabase manages replication within the us-east-1 availability zone.
- Static Assets: Vercel CDN — cached at 100+ edge locations globally.
- Logs: Retained per organization plan (7 days free, 90 days pro/enterprise).
8. Contact
For DR-related questions, contact security@oceum.ai.
Last reviewed: 2026-03-30