This Backup Policy outlines the procedures and controls for safeguarding all Optizio app-related data stored in Cloudflare. The policy ensures data integrity, availability, and compliance with business, legal, and regulatory requirements.
This policy applies to all Optizio data stored in Cloudflare services, including Cloudflare D1 databases and Cloudflare R2 object storage, as well as any associated backup automation or management tools.
Primary Storage: All Optizio app data is stored in Cloudflare (D1, KV, or other relevant services), and Shopify Metafields.
Cloudflare D1: Cloudflare provide point-in-time recovery to restore data to any minute within the last 30 days. Manual backups are performed before significant migrations.
Shopify Metafield Data: Versioned backups of critical data stored in Shopify Metafields are stored in Cloudflare KV on every create/update event.
Cloudflare KV: No critical data is held in KV that cannot be reconstructed from other sources.
Encryption: All backups are encrypted in transit and at rest using industry-standard encryption protocols (e.g., TLS 1.2+ for data in transit).
Backup Monitoring: Regularly monitor backup status and logs to ensure successful completion. Automated notifications are configured for backup failures.
Access Control: Only authorized personnel may configure, access, or restore backups. Access to backup locations is protected using API tokens and access keys with least-privilege permissions.
Retention Period: Backups are retained for a minimum of 30 days (or longer, as required by business or regulatory needs).
Rotation: Older backups are automatically deleted when no longer required to optimize storage usage and comply with data minimization principles.
Data Destruction: Expired backups are securely deleted to prevent unauthorized access or data leakage.
Recovery Testing: Periodic tests are conducted to verify the integrity and recoverability of backups.
Restoration Procedures: In the event of data loss or corruption, the most recent valid backup is restored following documented procedures. Restoration activities are logged and reviewed.
Disaster Recovery: In case of a major incident, the recovery process prioritizes restoring critical systems and data to minimize business disruption.
IT/Admin Team: Responsible for configuring, monitoring, and testing backups, as well as restoring data when required.
Management: Ensures adequate resources are allocated for backup operations and reviews policy effectiveness.
All Staff: Must promptly report any issues or incidents related to data loss or backup failures.
This policy is reviewed annually or upon significant changes to business operations, technology, or regulatory requirements.
Updates are communicated to all relevant staff and stakeholders.