Data Backup and Disaster Recovery

All production data (servers and databases) are stored in physically secure data centres, in Europe-West-2. Enterprise customers have an option to choose the location of data storage.

Backups are performed daily and are typically held for a period of 28 days. With point-in-time restore, the database in its previous state can be restored, if required.

The backup process applies to all application data. Uploaded files are stored in object storage. Raw files, images and other attachments have a minimum 5 year retention policy, but lifetime will be guaranteed for the duration of Seal platform usage, or according to contractual agreements.

All backups are encrypted and replicated across the GCP, providing additional redundancy storage. GCP maintains that the infrastructure systems in place are designed to eliminate points of failure and minimise the impact of environmental risks, with power systems designed in continuous operations for 24 hours a day, 7 days a week.

Availability Upon Customer Request

Seal is committed to ensuring customer confidence in the way data is stored within the platform — it is possible to adapt to be compliant with our clients’ data integrity requirements. Upon request, backups may be held for longer periods of time. Furthermore, we are also able to assist in the deployment of a self-hosted platform for enterprise clients.

Seal maintains a variety of channels to monitor data and security incidents.

The Seal team have defined roles for incident response, both internally in the resolution of the incident, and externally, in the communication to customers. We promise both transparency and rapid action.

Quarterly, there is refinement of our internal processes within our leadership team to ensure that a timely and effective response plan is in place. Seal maintains a thorough internal disaster mitigation plan, to design and build our platform and services in a way that minimises security threats.

We also maintain an ongoing, internal on-call rota to minimise incident response time and provide out-of-hours support.

In an event of a Data Incident, Seal is committed to notifying customers promptly and will take swift action to minimize potential harm and secure affected data. Seal also recommends customers to take measures to address data incidents.

For more information, please refer to the .

Note that Seal is not obligated to review Customer Data for compliance with specific legal requirements, and any notification or response regarding a Data Incident does not constitute an admission of fault or liability.

Seal maintains a , with regular exercises being an essential part of our incident preparation. The team ensures the mitigation of disaster through internal practices and a regular alignment on procedures.

The alert workflow graphic below represents our mechanism of response to incidents

Any incident must be communicated to the disaster recovery lead (or the first-responder responsible at the time, as defined by our on-call rota) in a timely manner. This must be communicated in parallel to the customer deployments manager and senior engineering contact.

In the event of an incident, the team ensures regular communication with the customer via the customer deployment manager and senior engineering contact, with frequent and timely updates on actions and progress.

The Seal team evaluates the improvements that need to be made during a DRP exercise, and works to swiftly implement these as necessary. Such DRP exercises ensure that the Seal team are familiar with their roles and responsibilities.

The DRP measures may be updated, and it is ensured that updates do not result in a reduction of data security or data recovery services and measures.

Additionally, GCP has designed and regularly executes its business continuity planning/disaster recovery programs.