Skip to main content

Data backups

All production data is stored in Google Cloud Platform data centres. For hosting regions, see Infrastructure. Backups are performed daily and are typically held for a period of 28 days. With point-in-time restore, the database in its previous state can be restored, if required. Seal is designed to be always audit-ready – it is engineered so that all changes are stored in event logs enabling verification of where changes are made, when and by whom. While soft-deletion removes data from the user interface, such as archiving entities, the underlying records and their history are preserved to ensure data integrity and traceability. The backup process applies to all application data. Uploaded files are stored in object storage. Raw files, images and other attachments have a minimum 5 year retention policy, but lifetime will be guaranteed for the duration of Seal platform usage, or according to contractual agreements. All backups are encrypted and replicated across the GCP, providing additional redundancy storage. GCP maintains that the infrastructure systems in place are designed to eliminate points of failure and minimise the impact of environmental risks, with power systems designed in continuous operations for 24 hours a day, 7 days a week.

Availability Upon Customer Request

Seal is committed to ensuring customer confidence in data storage. Backup retention can be extended upon request to meet specific data integrity requirements. Self-hosted deployment is also available for enterprise clients.

Data incidents

Seal maintains a variety of channels to monitor data and security incidents. The Seal team has defined roles for incident response, covering both internal resolution and customer communication. Transparency and rapid action are core to our response process. Our leadership team reviews and refines incident response processes quarterly. Seal maintains a comprehensive disaster mitigation plan, designing and building our platform to minimise security threats. We also maintain an ongoing, internal on-call rota to minimise incident response time and provide out-of-hours support. In an event of a Data Incident, Seal is committed to notifying customers promptly and will take swift action to minimize potential harm and secure affected data. Seal also recommends customers to take measures to address data incidents. See the Disaster recovery plan for details.

Disaster recovery

Seal maintains a Disaster Recovery Plan (DRP), with regular exercises being an essential part of our incident preparation. The team ensures the mitigation of disaster through internal practices and a regular alignment on procedures. The alert workflow graphic below represents our mechanism of response to incidents Screenshot 2025-08-29 at 12.11.15.png Any incident must be communicated to the disaster recovery lead (or the first-responder responsible at the time, as defined by our on-call rota) in a timely manner. This must be communicated in parallel to the customer deployments manager and senior engineering contact. In the event of an incident, the team ensures regular communication with the customer via the customer deployment manager and senior engineering contact, with frequent and timely updates on actions and progress. The Seal team evaluates the improvements that need to be made during a DRP exercise, and works to swiftly implement these as necessary. Such DRP exercises ensure that the Seal team are familiar with their roles and responsibilities. The DRP measures may be updated, and it is ensured that updates do not result in a reduction of data security or data recovery services and measures. Google Cloud Platform also maintains its own business continuity and disaster recovery programs.