GoRefer Trust Center
Business Continuity & Disaster Recovery
Updated April 2026
GoRefer maintains documented business continuity and disaster recovery plans that are tested regularly. This page defines our recovery targets, backup architecture, and the procedures we follow when things go wrong.
We believe in publishing these commitments openly — because a vendor who can't describe how they recover from failure is one you shouldn't trust to hold your firm's data.
Recovery Time Objective
< 4 hrs
For critical services
Recovery Point Objective
< 1 hr
Max data loss target
Backup Frequency
Oplog streaming + daily snapshots
DR Test Cadence
Quarterly
Full restore verified
Recovery Targets by Service
Updated April 2026
RPO (Recovery Point Objective) defines the maximum acceptable data loss — how far back in time we could recover to after an incident. RTO (Recovery Time Objective) defines the maximum time we target to restore service to operational status.
| Service | Priority | RPO | RTO | Recovery Mechanism |
|---|---|---|---|---|
API & Application | Critical | < 1 hour | < 4 hours | Multi-AZ failover + automated health-check restart |
Primary Database | Critical | < 1 hour | < 2 hours | Replica set automatic primary election; point-in-time recovery as fallback |
File Storage | Critical | Near-zero (multi-region replication) | < 15 minutes | Cloud storage built-in regional redundancy |
Email Delivery | Important | N/A | < 30 minutes | Queued retry with exponential backoff; provider-level redundancy |
AI Features (Gio) | Important | N/A | < 30 minutes | Automatic fallback to secondary AI provider |
Analytics & Reporting | Standard | < 24 hours | < 24 hours | Rebuild from primary data store; non-critical path |
Backup Architecture
Updated April 2026
GoRefer runs a multi-tier backup strategy. All backups are encrypted with AES-256, stored separately from the primary data, and tested on a defined schedule.
| Frequency | What's Backed Up | Retention | Verification Cadence |
|---|---|---|---|
| Continuous (oplog) | Primary database — all write operations | Until point-in-time window expires | Monthly automated restore verification |
| Daily | Full database snapshot | 7 days rolling (Growth), 30 days (Scale+) | Monthly automated restore verification |
| Weekly | Full database snapshot + configuration state | 90 days | Quarterly full restore test |
| Monthly | Full environment configuration snapshot | 12 months | Annual disaster recovery exercise |
Backups are encrypted and geographically separated
All backups are encrypted with AES-256 before storage. Backup storage is in a separate geographic region from the primary infrastructure, providing protection against regional outages.
Disaster Recovery Plan
Updated April 2026
Incident Classification
Tier 1 — Total service loss
All production services unreachable. Immediate DR activation. RTO target: 4 hours.
Tier 2 — Partial service degradation
One or more services impaired. Targeted recovery. RTO target: 2 hours.
Tier 3 — Data integrity concern
Potential data corruption or loss. Recovery initiated from last verified clean backup.
Tier 4 — Single-component failure
Isolated component failure with automatic failover. Usually transparent to users.
Recovery Procedures
Runbooks maintained and version-controlled
Step-by-step recovery procedures are documented and updated after each DR exercise
On-call rotation
24/7 on-call schedule ensures qualified staff are available to respond to Tier 1/2 incidents at any time
Communication plan
Customer notification within 1 hour of Tier 1/2 incident declaration via status page and email
Post-incident review
Full post-mortem completed within 5 business days of any Tier 1/2 incident
DR Testing Program
Updated April 2026
A disaster recovery plan that isn't tested is a plan that hasn't been proven. GoRefer follows a structured testing cadence to validate our recovery capabilities.
Monthly
Automated database restore verification
Backup integrity validation
Monitoring alert simulation
Quarterly
Full recovery drill from snapshot
Failover simulation for critical services
Runbook review and update
Annual
Full disaster recovery exercise (Tier 1 scenario)
Business continuity plan review
External review of DR posture