Backups
| What | Provider | Frequency | Retention | Encryption |
|---|---|---|---|---|
| Hetzner volumes | Hetzner Online GmbH | Daily snapshot | 30 days rolling | LUKS at rest |
| Supabase Postgres | Supabase managed PITR | Continuous | 7 days PITR + 30 days rolling | Encrypted |
| GitHub repo | GitHub Inc. | On every push | Permanent | TLS in transit |
| Customer evidence-bundles | Supabase Storage | On creation | Permanent (7y post-delivery + customer copy) | Encrypted |
| Council-vote audit log | Supabase Postgres + Ed25519 chain | Real-time | Permanent | Cryptographic chain |
Restore test: quarterly restore-test from Hetzner snapshot to staging environment. Last test: 2026-04-22 (PASS, RTO 2.5 hours).
Data retention
Customer-related data follows the windows shown on /trust/data-types. Total retention = active retention + backup window (typically 30-60 days post-purge).
Customer-data deletion (GDPR Article 17)
Upon Customer request to dpo@powerquant.dk:
- Active Postgres deletion: within 30 days
- Backup purge: within 60 days (30-day backup rolling window + 30-day purge SLA)
- Council-vote audit-log: Customer's identifying tags redacted, but cryptographic chain is not deleted (would break tamper-evidence). Retained per Article 17(3)(b) GDPR — legal obligation for audit-trail integrity. Documented in DPA §11.
Termination data return
On contract termination, Customer receives:
- All evidence-bundles in JSON + PDF (downloadable from Supabase Storage)
- All Council-vote audit-log entries pertaining to Customer (filtered by customer-token-hash)
- Confirmation-of-deletion certificate signed Ed25519 by PowerQuant