Backup & Recovery (MonPG's own)
How MonPG itself backs up your data + RTO / RPO commitments.
What we back up
The PostgreSQL operational store gets full daily snapshots plus continuous WAL archiving to Azure Blob. Restore window is 35 days; RPO under 5 minutes for that store. ClickHouse gets daily logical backups of the analytical schema plus WAL of system tables; per-tenant data is partition-aligned so a tenant-specific restore can be bounded in scope. Azure Key Vault has soft-delete + purge protection enabled for 90 days, so an accidental key deletion is recoverable.
SLAs
| Metric | Pro | Business | Enterprise |
|---|---|---|---|
| Uptime SLA | 99.9% | 99.95% | 99.99% with credit ladder |
| RTO | 4 hours | 1 hour | 15 min |
| RPO | 1 hour | 15 min | 5 min |
| Status page | status.monpg.app | status.monpg.app | + private incident calls |
The Enterprise credit ladder is in the contract — short version, every percentage point of downtime past 0.01% gets you a service credit on the next invoice.
DR drills
Quarterly. Full restore from snapshots into a clean isolated environment, then a validation pass over the critical paths: auth still works, ingest accepts a snapshot, alerts fire correctly, billing webhooks process. Results posted to the Trust Center.
Data export
Settings → Data → Request export. We assemble a tar.gz with everything we hold for your org and deliver it within 24 hours. Useful for migration off, archival, or off-platform analysis. The format is documented in the export README inside the archive — JSON for operational data, CSV for time-series.
Account deletion
Delete account triggers a 7-day cool-off (in case you change your mind), then permanent purge from primary, replicas, and backups within 30 days. We retain an audit log of the deletion itself for 7 years for compliance — but it's just metadata about that the deletion happened, not your data.