Back-Up and Disaster Recovery

All production data (servers and databases) are stored in physically secure data centres, in Europe-West-2. Enterprise customers have an option to choose the location of data storage.

Backups are performed daily and are typically held for a period of 28 days. With point-in-time restore, the database in its previous state can be restored, if required.

The backup process applies to all application data, including records and processes. Files are stored in object storage with different policies to the content of bases. Raw files, images and other attachments have a minimum 5 year retention policy, but lifetime will be guaranteed for the duration of Seal platform usage, or according to contractual agreements.

All backups are encrypted and replicated across the GCP, providing additional redundancy storage. GCP maintains that the infrastructure systems in place are designed to eliminate points of failure and minimise the impact of environmental risks, with power systems designed in continuous operations for 24 hours a day, 7 days a week.

Seal maintains a variety of channels to monitor security incidents.

The Seal Team have defined roles in the response to incidents, both internally in the resolution of the incident, and externally, including in the communication to customers, promising both transparency and rapid action.

In an event of a Data Incident, Seal is committed to notifying customers promptly and will take swift action to minimize potential harm and secure affected data. Seal also recommends customers to take measures to address data incidents.

For more information, please refer to Incidence Procedure.

Note that Seal is not obligated to review Customer Data for compliance with specific legal requirements, and any notification or response regarding a Data Incident does not constitute an admission of fault or liability.

Seal maintains an internal Disaster Recovery Plan (DRP), with regular exercises being an essential part of our incident preparation. The team ensures the mitigation of disaster through internal practices and a regular alignment on procedures.

The Seal team evaluates the improvements that need to be made during a DRP exercise, and works to swiftly implement these if a need arises. Such DRP exercises ensure that the Seal team are familiar with their roles and responsibilities.

The DRP measures may be updated, and it is ensured that updates do not result in a reduction of data security or data recovery services and measures.

Additionally, GCP has designed and regularly executes its business continuity planning/disaster recovery programs.