Skip to content
/ HelpLogin

Continuity

Continuity & bus-factor.

bsns.ccis run by a small team. That’s a feature for some of what we do (we move fast, we keep prices low) and a risk for others (what happens if the person running it is unreachable for a week?). This page is the honest answer.

Where your data lives

Customer data lives in a managed Neon Postgres database with point-in-time recovery. Backups are daily; the recovery point objective is < 24h and the recovery time objective is < 4h. A pre-launch snapshot is taken before any major schema change and retained as a long-lived branch.

File artifacts (signed PDFs, attachments, executed contracts) live in Vercel Blob storage with public-read URLs so executed documents are renderable from email forever. The storage adapter is behind an interface so we can swap providers without changing call sites.

Encryption key escrow

Fields holding PII (DOB, EIN, SSN, tax ID, driver license number, telematics tokens, IdP private keys) are AES-256-GCM encrypted with app-scoped key-encryption keys. Those keys are mirrored into two independent escrows:

  • 1Password— operator access via emergency-access grants. An authorized contact can recover keys after a configured waiting period without needing the operator’s master password.
  • Bitwarden— secondary escrow with key-fingerprint verification on every commit. An automated pre-commit gate refuses to push code if the escrow drifts out of sync.

Neither escrow is on the critical path of normal operation; they exist so that a recovering team can always re-derive the keys from a documented chain of custody.

Application code

The source code is in a private Git repository with full commit history. It is replicated to multiple developer machines and to a remote Git host. A documented build runbook lets a competent full-stack engineer recover a production-ready deployment from the repository within a day. There are no hand-rolled binaries or undocumented build steps.

The “what if” runbook

The operational runbook for operator-unavailable scenarios is maintained internally and distributed to a designated continuity contact. It covers: 1Password emergency-access activation, key escrow recovery, Neon database access recovery, DNS / domain rotation, Vercel project access transfer, and customer communication templates.

The runbook is reviewed and rehearsed quarterly. The first full backup-restore drill passed on May 25, 2026; the next cross-vendor restore drill is scheduled for August 25, 2026.

Your data is portable

The deepest form of continuity is being able to leave at any time with the records you put in. See Trust for the export surfaces the tenant apps expose — there is no proprietary format and the archives are designed for migration even when direct import needs support assistance.

Limits we are honest about

  • We are not a SOC 2 audited shop yet. That engagement is on the roadmap; until then, we publish what we do and how we do it so you can evaluate it directly.
  • We are not a HIPAA-eligible processor. Do not store PHI in the suite.
  • We will tell you about any incident that affects your data within 72 hours of detection. We will tell you what we know, what we don’t, and what we’re doing about it.

Questions

If you need a longer continuity / portability commitment in writing for a procurement review or board meeting, contact us and we will share the operational runbook redacted of operator credentials.