Business Continuity Policy

September 2025

1. Purpose and Scope

This BC/DR Plan outlines actionable steps to ensure AdviserGPT's operational continuity in the event of major service disruptions, with a specific focus on failover and redundancy across Supabase, Vercel, and other key subprocessors.

2. Objectives

  • Protect the confidentiality, integrity, and availability of customer data and AdviserGPT systems during disruptive events.

  • Maintain service availability through proven failover techniques.

  • Ensure rapid recovery to meet customer and contractual/regulatory expectations.

3. Front End Continuity

By hosting our front end on Vercel's distributed (US-based) data centers and leveraging Vercel rollbacks and routing, and by maintaining continuous database backups through Supabase, our application is designed for high availability with rapid recovery.

Hosting and Deployment on Vercel

  • Global Edge Network (US Data Centers): The AdviserGPT front end application is served from Vercel's data centers located in the United States, with routing capabilities that direct user traffic to the most optimal location. This reduces latency under normal conditions and provides fallback if a particular region experiences an outage.

  • Static Asset Rerouting: If there is a regional disruption, Vercel automatically reroutes traffic so that static assets remain continuously available.

  • Instant Rollbacks: Vercel's deployment system allows reverting instantly to any previous build. If a critical defect is introduced in production, we can rapidly roll back to a known stable version.

High Availability Measures

  • Granular Caching: Vercel caches pages and assets at the edge. If our backend has an outage, Vercel can continue serving cached content, mitigating downtime for end users.

  • Automatic Scaling: Vercel's serverless and edge infrastructure automatically scales to accommodate traffic spikes, reducing manual overhead for traffic surges.

4. Compute Continuity

Serverless Functions

  • Multi-Region/Zonal Redundancy: Configure and maintain fallback regions in vercel.json and validate provider claims for intra-region zone redundancy as part of vendor due diligence.

  • Versioning: Builds are reproducible and stored with checksums; previous successful versions can be promoted for rapid restore.

Security & Monitoring

  • Vercel Firewall and provider DDoS protections are leveraged.

  • Logs and Traces: Application logs and function telemetry are aggregated.

5. Database Continuity

Supabase PostgreSQL

  • Regular Backups & Point-in-Time Recovery: Our Supabase database is configured for continuous archiving of changes (WAL files) and daily physical backups. This enables us to restore the database to any selected point in time within our retention window.

  • Offsite Storage & Monitoring: Supabase maintains backups in secure offsite storage. We also rely on their monitoring and status pages to alert us of any potential disruptions.

Recovery Process

  1. Identify Desired Timestamp – Choose the point in time prior to an incident or data loss.

  2. Initiate Restore – Through the Supabase Dashboard, we start the restore, which replays WAL files to the chosen second in time.

  3. Verification – After restoration completes, we verify data integrity before putting it back into production.

6. Disaster Recovery

Incident Response
Detection and Alerting

  • Independent synthetic checks plus provider status pages are monitored.

  • Automated alerts are sent to on-call personnel via email and messaging apps.

Initial Assessment and Triage

  • The on-call lead assesses the severity, potential impact, and scope.

  • Triage is performed using predefined playbooks to determine if immediate failover or restore actions are needed.

Failover & Restoration

  • Front End Failover: If a primary region is down, Vercel automatically reroutes front-end traffic to an available region in the United States or globally as configured.

  • Serverless Functions Failover: Vercel Functions shift to a backup region if the primary region becomes fully unavailable.

  • Database Restoration: If the primary database is compromised, we restore from the latest backups or specific point in time, following the steps in Supabase's dashboard.

Communication

  • Internal: The incident response team collaborates via real-time chat. Leadership, engineering, and support staff receive relevant updates.

  • External: Major customer-impacting incidents are communicated via email or direct contact as applicable.

  • Legal/Contractual: Breach notifications follow contractual and regulatory requirements.

Post-Incident Review

  • Once services are stabilized, we conduct a root cause analysis (RCA) to identify lessons learned and improvement areas.

  • Action items (e.g., code fixes, infrastructure modifications) are tracked until fully implemented to prevent recurrence.

Regular Testing

  • We periodically test failover, backup restoration, and rollback procedures to ensure readiness.

  • Drills help keep the team familiar with documented runbooks and identify any gaps in our processes.

7. Testing, Validation, and Maintenance

  • Semi-annual BC/DR drills, covering:

    • Source code compromise restoration

    • Supabase and Vercel failover scenarios

  • Quarterly review of backup integrity and redundancy readiness

  • Plan updated following system changes or incidents

8. Plan Governance

This plan is governed by and cross-references AdviserGPT's Information Security Policy, which define the controls that also apply during recovery.

9. Contact for Emergencies

  • Support: support@advisergpt.ai

  • CEO: Brian Stone, brian@advisergpt.ai

Create a free website with Framer, the website builder loved by startups, designers and agencies.