AdviserGPT Business Continuity and
Disaster Recovery (BC/DR) Plan

AdviserGPT Business Continuity and Disaster Recovery
(BC/DR) Plan

March 2026

1. Purpose and Scope

This BC/DR Plan outlines actionable steps to ensure AdviserGPT's operational continuity in the event of major service disruptions, with a specific focus on Failover and Redundancy across Supabase, Vercel, Qdrant, and other key subprocessors.

2. Objectives

  • Prevent loss and unauthorized access to customer data, our systems, and source code.

  • Maintain service availability through proven failover techniques.

  • Ensure rapid recovery to meet customer and regulatory expectations.

3. Front End Continuity

By hosting our front end on Vercel's distributed (US-based) data centers and leveraging Vercel rollbacks and routing, and by maintaining continuous database backups through Supabase and Qdrant Cloud, our application is designed for high availability and quick recovery from unexpected events. These capabilities—combined with our documented incident response and testing routines—form a robust Business Continuity and Disaster Recovery plan for maintaining seamless service to end users.

Hosting and Deployment on Vercel

  • Global Edge Network (US Data Centers): The AdviserGPT front end application is served from Vercel's data centers located in the United States, with routing capabilities that direct user traffic to the most optimal location. This reduces latency under normal conditions and provides fallback if a particular region experiences an outage.

  • Static Asset Rerouting: If there is a regional disruption, Vercel automatically reroutes traffic so that static assets remain continuously available.

  • Instant Rollbacks: Vercel's deployment system allows reverting instantly to any previous build. If a critical defect is introduced in production, we can rapidly roll back to a known stable version.

High Availability Measures

  • Granular Caching: Vercel caches pages and assets at the edge. If our backend has an outage, Vercel can continue serving cached content, mitigating downtime for end users.

  • Automatic Scaling: Vercel's serverless and edge infrastructure automatically scales to accommodate traffic spikes, reducing manual overhead for traffic surges.

4. Compute Continuity

Serverless Functions

  • Multi-AZ Redundancy: Each Vercel Function benefits from multiple availability zones for redundancy within a single region. Should one zone fail, traffic shifts to a healthy zone.

  • Multi-Region Failover: When configured with fallback regions in our vercel.json (e.g., “functionFailoverRegions”: [“iad1”, “cle1”]), if the primary region has a full outage, requests automatically fail over to the next healthy region.

Security & Monitoring

Vercel Firewall monitors traffic and provides protection against Distributed Denial of Service (DDoS) attacks. Zero-Trust Isolation ensures each serverless function runs independently, minimizing lateral attack risk.

5. Database Continuity

5.1 Supabase PostgreSQL

  • Regular Backups & Point-in-Time Recovery: Our Supabase database is configured for continuous archiving of changes (WAL files) and daily physical backups. This enables us to restore the database to any selected point in time within our retention window.

  • Offsite Storage & Monitoring: Supabase maintains backups in secure offsite storage. We also rely on their monitoring and status pages to alert us of any potential disruptions.

Recovery Process

  1. Identify Desired Timestamp: Choose the point in time prior to an incident or data loss.

  2. Initiate Restore: Through the Supabase Dashboard, we start the restore, which replays WAL files to the chosen second in time.

  3. Verification: After restoration completes, we verify data integrity before putting it back into production.

5.2 Qdrant Vector Database

  • Data Redundancy: Qdrant currently operates on a single-node configuration to ensure continuity.

  • Snapshots & Offsite Backups: Regular snapshots of all vector collections are captured and stored.

Recovery Process

  • Snapshot Restoration: In the event of a cluster failure, we provision a new Qdrant instance and restore the most recent stable snapshot.

6. Disaster Recovery

Incident Response
  1. Detection and Alerting

  • We leverage Vercel, Supabase and Qdrant status pages and monitoring to detect issues.

  • Automated alerts are sent to on-call personnel via email and messaging apps.

  1. Initial Assessment and Triage

  • The on-call lead assesses the severity, potential impact, and scope.

  • Triage is performed using predefined playbooks to determine if immediate failover or restore actions are needed.

  1. Failover & Restoration

  • Front End Failover: If a primary region is down, Vercel automatically reroutes front-end traffic to an available region in the United States or globally as configured.

  • Serverless Functions Failover: Vercel Functions shift to a backup region if the primary region becomes fully unavailable.

  • Database Restoration: If the primary database is compromised, we restore from the latest backups or specific point in time, following the steps in Supabase's dashboard.

  • Vector Search Restoration: If Qdrant service is interrupted, the engineering team will redirect API traffic to the failover cluster or initiate a snapshot restore as defined in Section 5.1.

  1. Communication

  • Internal: The incident response team collaborates via real-time chat. Leadership, engineering, and support staff receive relevant updates.

  • External: Major incidents that affect customers are communicated through our status page, email notifications, and direct contact as applicable.

  1. Post-Incident Review

  • Once services are stabilized, we conduct a root cause analysis (RCA) to identify lessons learned and improvement areas.

  • Action items (e.g., code fixes, infrastructure modifications) are tracked until fully implemented to prevent recurrence.

  1. Regular Testing

  • We periodically test failover, backup restoration, and rollback procedures to ensure readiness.

  • Drills help keep the team familiar with documented runbooks and identify any gaps in our processes.

7. Testing, Validation, and Maintenance

  • Semi-annual BC/DR drills, covering:

    • Source code compromise restoration

    • Supabase, Qdrant and Vercel failover scenarios

  • Quarterly review of backup integrity and redundancy readiness

  • Plan updated following system changes or incidents

8. Ongoing Alignment with Security Program

This BC/DR plan is aligned with AdviserGPT's Information Security Program, including:

  • Weekly vulnerability scans and patch management

  • Row-Level Security (RLS) and encrypted data storage on Supabase

  • Immutable, HTTPS-secured frontend deployments via Vercel

  • SOC 2 Type II compliance via our primary cloud providers

9. Contact for Emergencies

  • Support: support@advisergpt.ai

  • Executive: Brian Stone, brian@advisergpt.ai.