Hosting & Infrastructure

• Hosted on Microsoft Azure with hardened, enterprise-level security controls.
• Non-public database access — available only through secured VPN connections.
• Strict firewall, encryption, and access control policies aligned with Azure best practices.

Backups & Retention

• Daily backups for both web and database servers.
• 30-day retention policy, including:
  • 3 days of snapshots for rapid rollback.
  • 27 days of standard backups for long-term recovery.
• Database-level backups retained separately for 7 days as an additional safeguard.
• All backups are encrypted at rest and in transit using Azure Backup with built-in storage encryption.

Encryption & Key Management

• Data at rest is secured with AES-256 encryption, matching industry-leading standards.
• Encryption keys are managed through Azure Key Vault, with controlled access and automated key rotation policies.

Access Control & Monitoring

• Principle of Least Privilege enforced through Role-Based Access Control (RBAC).
• Periodic access reviews ensure only authorized personnel maintain administrative rights.
• All system and admin activities are logged via Azure Monitor and Activity Logs for complete traceability.

Recovery & Continuity

• Full platform restoration available within 24–48 hours depending on the scale of impact.
• Periodic disaster recovery validation ensures readiness and integrity of backup restoration processes.

Compliance

• Our infrastructure and processes align with GDPR principles.
• Built on Microsoft Azure, which maintains certifications including ISO 27001, SOC 2, and HIPAA compliance.