Tech USP: Backups aren’t a feature you turn on — they run continuously by default. The question isn’t whether you can restore, it’s how far back.
Buyer’s view: “Our last backup ran three weeks ago and nobody tested if the restore actually works.” — never again. We hold a recoverable state of every minute of the last 30 days, and we practice the restore on a schedule.
Three layers, all running by default
Layer 1 — Continuous capture. Every change to your database is written to a separate, durable backup stream as it happens. Not “every night at 3am” — as it happens. If something goes wrong at 14:23, you can recover the state from 14:22.
Layer 2 — Daily full snapshot. Once a day, the full database plus all attached files (uploads, generated PDFs, audit log) are bundled into a single recovery point and shipped off-site. Retention: 7 days, 4 weeks, 3 months.
Layer 3 — Practiced restore. Once a quarter, we restore the latest snapshot into a throwaway environment and verify the system actually comes up with your data intact. Restore-on-paper is worthless — restore-on-Tuesday-morning is what counts.
What you can ask for
| Scenario | What you get |
|---|---|
| ”Restore yesterday’s state of this one record” | Single-record rollback from the audit trail — seconds |
| ”Restore the database to 14:23 last Tuesday” | Point-in-time recovery, typically minutes for mid-market databases |
| ”GDPR access request — give me everything we have on customer X” | One-click export, typically a few minutes |
| ”GDPR erasure — delete everything about customer X” | Soft-delete first (audit trail keeps the fact that data existed), hard-delete on retention rollover |
| ”Disaster — the whole instance is gone” | New instance from off-site snapshot, typically under an hour for mid-market data |
Restore times scale with database size. The numbers above are realistic for typical DACH mid-market apps (low-millions of records). Larger databases take longer — we’ll tell you upfront, not afterwards.
Off-site means EU-off-site
Backup storage is EU-only — same compliance posture as the live database. No US transfer, no Schrems-II detour, no cross-Atlantic dependency. The backup of an EU-hosted Kumiko app stays in the EU.
For self-hosted and on-prem customers, the same architecture runs on your own storage — your data, your backup, your control.
Why this matters
Most “we have backups” stories collapse on three questions:
- When was the last successful restore actually tested? — usually “never” or “I think Bernd did it once in 2022”.
- How far back can you recover? — usually “last night” or “no idea”.
- Can you restore one customer’s data without nuking everyone else? — usually a long silence.
Kumiko’s answer to all three: tested quarterly, 30 days, yes — by design, not by sprint.