Business Continuity
Effective: February 28, 2026Version 1.0
Ataraxia GRC maintains business continuity measures to ensure your compliance data is available when you need it.
Data Redundancy
- Database: PostgreSQL with automated backups via Supabase (point-in-time recovery, daily snapshots)
- File Storage: Replicated across multiple availability zones
- Application: Deployed across Vercel's edge network
Backup & Recovery
- Database backups: Continuous with point-in-time recovery (up to 7 days)
- Evidence files: Stored with redundancy in Supabase Storage
- Recovery Time Objective (RTO): 4 hours for critical services
- Recovery Point Objective (RPO): 1 hour for database, 24 hours for files
Disaster Recovery
In the event of a major outage:
- Automatic failover to redundant infrastructure
- Customer communication within 1 hour
- Service restoration within 4 hours for database services
- Full service restoration within 24 hours
Data Sovereignty
- Application hosted in the United States (Vercel US regions)
- Database hosted in the United States (Supabase/AWS US regions)
- No data processing outside the United States
Your Responsibility
We recommend that customers:
- Regularly export their data using the Data Export feature
- Maintain offline copies of critical compliance documents (SSP, POA&M)
- Document their Ataraxia GRC configuration as part of their own BCP
Contact
For business continuity questions: support@ataraxiagrc.com