Backup Retention Policy

Effective Date: January 1, 2025

1. Purpose

This Backup Retention Policy explains how Summit Digital Innovations backs up customer data, how long backups are retained, and the procedures for data restoration in the event of data loss, corruption, or disaster.

2. Scope

This policy applies to all backups of customer data stored in the Summit Digital Innovations platform, including:

Database backups (PostgreSQL)
File storage backups (S3 documents and attachments)
Application configuration backups
Disaster recovery archives

3. Backup Types and Frequency

3.1 Database Backups

Type: Automated continuous backups

Frequency: Continuous (point-in-time recovery enabled)

Provider: Heroku Postgres Continuous Protection (automated by platform)

What's Backed Up:

All customer account data
Financial records (invoices, bills, payments, journal entries)
Chart of accounts and account balances
Customer and vendor records
User accounts, roles, and permissions
System configuration and settings

Recovery Point Objective (RPO): Up to 5 minutes of data loss in worst-case disaster scenario

3.2 Daily Snapshot Backups

Type: Full database snapshot

Frequency: Daily at 2:00 AM UTC

Storage Location: AWS S3 (encrypted)

Purpose: Long-term retention and point-in-time recovery beyond continuous backup window

3.3 File Storage Backups

Type: S3 versioning and replication

Frequency: Real-time (versioning enabled)

What's Backed Up:

Invoice PDFs and attachments
Receipt images
Bill documents
Uploaded bank statements
Other document attachments

Versioning: S3 object versioning retains previous versions of files for 90 days

3.4 Weekly Archive Backups

Type: Full system backup (database + files)

Frequency: Weekly on Sundays at 3:00 AM UTC

Storage Location: AWS S3 Glacier (long-term archive storage)

Purpose: Disaster recovery and long-term compliance retention

4. Backup Retention Periods

4.1 Continuous Backups (Point-in-Time Recovery)

Retention Period: 30 days

Use Case: Restore database to any point in time within the last 30 days

Example: If a user accidentally deletes records on May 15, we can restore the database to May 14 at 11:59 PM

4.2 Daily Snapshot Backups

Retention Period: 90 days

Use Case: Restore database to a specific day up to 90 days ago

Storage: AWS S3 Standard with lifecycle policy to delete after 90 days

4.3 Weekly Archive Backups

Retention Period: 90 days

Use Case: Long-term disaster recovery and compliance retention

Storage: AWS S3 Glacier with lifecycle policy to delete after 90 days

4.4 File Storage Backups (S3 Versioning)

Retention Period: 90 days for previous versions

Current Version: Retained indefinitely while account is active

Use Case: Restore accidentally overwritten or deleted files

5. Backup Security

5.1 Encryption

All backups are encrypted to protect customer data:

In Transit: TLS 1.3 during backup transfer
At Rest: AES-256 encryption for all backup files
Key Management: Encryption keys managed via AWS KMS (Key Management Service)

5.2 Access Controls

Access to backups is strictly controlled:

Administrative Access: Only authorized Summit staff with multi-factor authentication
Audit Logging: All backup access is logged (who, when, what was accessed)
Role-Based Access: Separate roles for backup creation, access, and restoration

5.3 Geographic Redundancy

Backups are stored in multiple AWS regions for disaster recovery:

Primary Region: US East (Virginia)
Backup Region: US West (Oregon)
Purpose: Protection against regional outages or disasters

6. Data Restoration Procedures

6.1 User-Initiated Restoration

If you accidentally delete or modify data and need restoration:

Contact Support: Email support@summit-di.com with details:
- What data was lost or corrupted
- When the loss occurred (date and approximate time)
- Which records or files need restoration
Verification: We will verify your identity and account ownership
Scope Assessment: We will determine the best backup source for restoration:
- Within last 30 days: Point-in-time recovery (fastest, most precise)
- 30-90 days ago: Daily snapshot restoration
- File restoration: S3 versioning (for documents/attachments)
Restoration: We will restore the requested data, typically within 4-24 hours depending on scope
Confirmation: We will notify you when restoration is complete

6.2 Disaster Recovery

In the event of a major system failure or disaster:

Recovery Time Objective (RTO): 4 hours (system restored within 4 hours)
Recovery Point Objective (RPO): 5 minutes (up to 5 minutes of data loss in worst case)
Process: Automatic failover to backup region with most recent backup
Communication: Status updates posted to status.summit-di.com

6.3 Partial Restoration

For granular restoration (specific records, not full database):

Supported: Individual invoices, bills, customers, vendors, journal entries
Process: We extract the specific records from backup and import them into your active database
Limitations: May not restore all relational data if dependent records have changed

6.4 Self-Service File Restoration (Planned Feature)

Future enhancement (not yet available):

Users will be able to restore previous versions of uploaded documents directly from the UI
Similar to "Version History" in Google Drive or Dropbox

7. Backup Testing and Validation

7.1 Monthly Backup Testing

We test backup integrity monthly:

Frequency: First Sunday of each month
Process: Restore a backup to a test environment and verify data integrity
Validation: Run automated checks to ensure all data is present and uncorrupted
Documentation: Test results logged for audit purposes

7.2 Disaster Recovery Drills

We conduct full disaster recovery drills quarterly:

Frequency: Quarterly (January, April, July, October)
Process: Simulate complete system failure and restore from backup
Metrics: Measure RTO and RPO to ensure we meet targets
Improvements: Update procedures based on drill findings

8. Backup Lifecycle

8.1 Active Backups

Status: Backups for active accounts are created and retained per this policy

8.2 Expired Backups

Automated Deletion: When retention periods expire, backups are automatically purged:

Continuous backups older than 30 days: Purged by Heroku platform
Daily snapshots older than 90 days: Deleted via S3 lifecycle policy
Weekly archives older than 90 days: Deleted via S3 Glacier lifecycle policy
S3 file versions older than 90 days: Deleted via S3 versioning lifecycle policy

8.3 Closed Account Backups

After Account Closure:

Day 0-30: All backups retained (account recovery period)
Day 31-90: No new backups created; existing backups age out per normal lifecycle
Day 91+: All backups purged; data cannot be recovered

Recommendation: Export all data before closing your account. We cannot restore data after backups are purged.

9. Limitations and Exclusions

9.1 Third-Party Data Not Backed Up

Data stored by third-party services is not included in our backups:

Stripe: Payment data stored by Stripe (we store only references/IDs)
Plaid: Bank connection credentials stored by Plaid (we never see these)
Twilio: SMS logs stored by Twilio (we store only success/failure status)

If third-party data is lost, contact the respective provider directly.

9.2 No Guarantee of Zero Data Loss

While we implement robust backup procedures, we cannot guarantee zero data loss in all scenarios:

Continuous backups have a 5-minute RPO (up to 5 minutes of recent data may be lost in disaster)
Corrupted data may not be detected until after backup creation (backup contains corrupted data)
User-initiated permanent deletion (voided records) cannot be restored unless specifically requested

9.3 Restoration May Not Be Immediate

Restoration times depend on the scope of data loss:

Single Record: 1-4 hours
Multiple Records: 4-12 hours
Full Company Restoration: 12-24 hours
Disaster Recovery: Up to 4 hours (RTO)

10. User Responsibilities

10.1 Export Critical Data

We recommend periodically exporting critical data as an additional backup:

Financial Reports: Download PDF copies of P&L, Balance Sheet, General Ledger
Transaction History: Export CSV files of invoices, bills, payments
Customer/Vendor Lists: Export contact lists
Attachments: Download uploaded documents locally

10.2 Report Issues Promptly

If you notice data loss or corruption, report it immediately:

The sooner you report an issue, the more restoration options we have
Point-in-time recovery is only available for the last 30 days
Delayed reporting may mean the corrupted data has propagated to all backups

10.3 Verify Restoration

After we restore data, you are responsible for verifying:

All expected records are present
Data is correct and uncorrupted
Account balances are accurate
No unintended side effects from restoration

11. Compliance and Legal Holds

11.1 Legal Hold Exception

If your data is subject to a legal hold (e.g., litigation, regulatory investigation):

Backups may be retained beyond the normal 90-day period
You will be notified if a legal hold is placed on your data
Deletion is suspended until the legal hold is lifted

11.2 Regulatory Requirements

Our backup retention policy supports compliance with:

IRS: 7-year retention of financial records (see Data Retention Policy)
SOX: Audit trail and backup requirements for financial data
GDPR: Right to erasure (backups are purged after 90 days)
CCPA: Data deletion requests (backups are purged after 90 days)

12. Changes to This Policy

We may update this policy to reflect changes in backup technology, legal requirements, or business practices. Material changes will be communicated via:

Email notification to active account holders
In-app notice upon next login
Updated effective date on this page

13. Contact Us

For questions about backups or to request data restoration:

Summit Digital Innovations
Email: support@summit-di.com
Data Restoration Requests: support@summit-di.com
Emergency Contact: Include "URGENT - Data Loss" in subject line

Related Policies: