# TwentyCore Backup and Restore Policy

Last reviewed: 2026-05-17

This document describes recommended production backup and restore practice for a TwentyCore deployment. Final RPO, RTO, retention, and deletion commitments must be confirmed in the commercial agreement.

## Production Baseline

- Use managed PostgreSQL for production workloads.
- Enable automated database backups.
- Require SSL for production database connections.
- Store production database credentials only in backend environment secrets.
- Use object storage for production attachments rather than local container storage.

## Restore Drill

Before go-live, restore production backup data into an isolated test database and verify:

- Alembic current/head state.
- Login and role access.
- Tenant isolation.
- Invoice list/detail.
- Inventory list/detail.
- Sales order or quotation list/detail.
- Audit/user surfaces.

## Operating Review

- Record date/time of each restore drill.
- Record database source, restore destination, and verification steps.
- Review restore evidence after major infrastructure or schema changes.
- Confirm who is allowed to trigger restore operations.

## Buyer Evidence To Request

- Backup enabled screenshot or provider evidence.
- Latest restore drill result.
- RPO/RTO target.
- Cancellation export and deletion process.