Data Recovery Policy

The objective of our data recovery program is to reduce the risk of permanent loss of customer data and to support timely restoration of critical services after operational failures, security incidents, accidental deletion, or infrastructure disruptions.

This page provides a standard policy baseline. Recovery commitments, if any, may be further defined in a customer's signed service agreement, hosting architecture, or support SLA.

• Depending on the product and environment, controls may include database backups, snapshots, log retention, versioned storage, replication, infrastructure redundancy, and configuration recovery records.
• Backup frequency, storage class, retention period, and geographic placement may vary by service tier, region, technical architecture, and regulatory requirements.
• Some transient, cached, derived, or customer-managed integrations may not be recoverable in the same manner as primary production data.

XYLEX may define internal restoration targets for particular services, but unless expressly stated in a signed agreement, published internal targets are operational goals rather than contractual guarantees.

Recovery point objective and recovery time objective expectations can differ between products, managed deployments, and enterprise engagements. Customers with specific continuity requirements should address them during contracting and implementation.

• We may perform restoration tests, tabletop exercises, platform failover checks, and other validation steps appropriate to the service.
• Test cadence and depth may vary according to system criticality, architectural change, and risk level.
• Where a test reveals material gaps, remediation is prioritized based on severity and operational impact.

• Customers are responsible for configuring user permissions, integration scopes, retention settings, and export routines in a way that matches their own business continuity requirements.
• Customers should maintain their own copies of information they regard as mission critical if their legal or operational obligations require independent retention.
• Customers should report suspected data integrity or availability issues promptly through our Support page or account channels.

We may provide updates through account contacts, service channels, or direct communications describing impact, containment status, expected restoration path, and recommended customer actions.

If an event also involves a security issue affecting personal data, communication and escalation will additionally follow our security and privacy procedures.

This policy may not apply in the same way to proof-of-concept environments, beta features, customer-managed deployments, or systems explicitly designated as non-production.

We may revise this policy as infrastructure providers, platform architecture, and customer requirements evolve. Questions can be sent through our contact page.