Disaster recovery plan
RPO ≤ 1 hour / RTO ≤ 4 hours, contractual on Enterprise tier. Annual DR test.
What we commit to
These commitments are written into the MSA / DPA at signing — published here so prospects can verify without needing the full playbook.
- RPO (Recovery Point Objective): ≤ 1 hour of data loss in any scenario
- RTO (Recovery Time Objective): ≤ 4 hours to restored service on Enterprise tier
- Annual full-DR drill with documented results
- Customer notification within 1 hour of declared disaster (Enterprise)
- All commitments written into MSA at signing for Enterprise customers
Full runbook available under NDA
Full plan covers: 7 disaster scenarios (Vercel regional outage, Supabase failure, region-wide AWS outage, compromised platform admin, key-vendor SaaS down, DNS hijack, ransomware) with per-scenario response procedures, escalation tree, recovery dependencies, and the annual DR-drill log.
We previously published this runbook in full publicly. After a security review we've moved the implementation detail under NDA — pre-prepared, clickwrap NDA, typical turnaround 3 business days. The high-level commitments above stay public so you don't need the NDA pack just to verify the basics.
Request the full runbookPublic security artifacts (no request needed)
- ← Trust Center — controls, compliance status, verifiable parameters
- status.getleanos.com — real-time uptime + incident history
- Vulnerability disclosure policy — coordinated disclosure + safe harbor for researchers
- Subprocessors — every vendor that touches customer data