CreditAxisCreditAxis
Trust CenterIncident Response and Business Continuity

Incident Response and Business Continuity

Pilot recovery posture, backup configuration, and incident communication — surfaced honestly.

Public SummaryUpdated 2026-04-17
Request full diligence packageBring your last deal
CreditAxis does not make credit decisions. CreditAxis enforces governance, traceability, and audit defensibility. All intelligence-assisted outputs remain human-reviewed and institution-controlled.

Pilot Recovery Targets

CreditAxis maintains defined recovery objectives for the controlled pilot environment. These are targets, not contractual SLAs.

MeasurePilot Target
Recovery Time Objective (RTO)24 hours
Recovery Point Objective (RPO)4 hours
Backup FrequencyDaily automated snapshots
Point-in-Time RecoveryAvailable via Supabase infrastructure

Restore testing is scheduled for Q3 2026. No restore test has been completed at this time. This status is reported accurately and will be updated when a test result exists.

_Last reviewed: February 2026. Evidence: Available (pilot-recovery-profile), Full procedure available under NDA (backup-restore-procedure, latest-restore-test-summary)._

Backup Configuration

Daily automated snapshots are taken by the Supabase infrastructure provider. Point-in-time recovery is available through Supabase's managed database infrastructure.

Backup configuration, retention settings, and detailed restore procedures are documented and available under NDA.

_Evidence: Available under NDA (backup-restore-procedure)._

Incident Response

A formal incident response plan is in place. It covers detection, triage, severity classification, containment, customer notification, recovery, and post-incident review.

Severity model:

SeverityDescription
Sev 1Critical service outage or material security event
Sev 2Significant degradation or contained security event
Sev 3Moderate issue with available workaround
Sev 4Minor issue — low-impact

Customer notification: For confirmed incidents affecting Customer Data, CreditAxis will notify affected customers within 72 hours. Notification includes incident summary, scope assessment, and mitigation actions taken.

_Last reviewed: February 2026. Evidence: Available under NDA (incident-response-plan)._

Business Continuity

CreditAxis maintains a business continuity posture appropriate for the controlled pilot phase. Continuity planning covers service restoration and communication procedures for disruptive events.

The pilot environment is hosted on infrastructure with managed availability guarantees provided by Supabase and Vercel. Specific infrastructure SLAs are documented by those providers.

Crisis Communications

Customer communications during significant incidents follow the incident response plan's defined escalation and notification procedures. Named escalation contacts are established in the pilot agreement.

Recovery Testing

Restore testing is scheduled for Q3 2026. Until that test is completed, this page will reflect "not yet run" status honestly. The test result and summary will be published under NDA when available.

Planned Controls

  • Formal restore test and documented results (Q3 2026)
  • Business continuity tabletop exercise (H2 2026)
  • Production-grade RTO/RPO commitments (under production agreement)
Public summary for due diligence convenience. Full contractual, security, and technical materials are furnished under NDA where applicable.