OneAnalytics docs

Backup & restore

OneAnalytics runs continuous backups at the infrastructure layer (WAL-streamed Postgres, S3-replicated object storage). On top of that, every tenant can export and import portable tenant archives for migration, DR drills, or side-by-side staging.

What's backed up automatically

  • Postgres: Patroni point-in-time recovery with 7-day WAL retention on Starter, 30 days on Growth, 90 days on Scale.
  • Imported dataset rows: versioned S3 with cross-region replication.
  • Uploaded files: CSV/Excel originals kept 1 year.
  • Secrets (DB creds, cloud keys, SAML certs): envelope-encrypted with the tenant's KMS key; backed up encrypted.

You do not need to configure any of this. RPO < 5 minutes, RTO < 1 hour.

Tenant archive (manual)

A tenant archive is a single .oa-archive file (zstd-compressed tar) containing:

  • manifest.json — tenant metadata, version, timestamp, content hash
  • workspaces/<id>/metadata.json — workspaces, users, teams, roles
  • workspaces/<id>/datasets/<id>/model.yaml — semantic models
  • workspaces/<id>/datasets/<id>/rows.parquet — imported rows (excluded by default; opt-in)
  • workspaces/<id>/reports/<id>.json — reports, visuals, bookmarks
  • workspaces/<id>/alerts/<id>.json — alert rules
  • audit/events.ndjson — audit trail (optional)
  • signatures/<file>.sig — Ed25519 signatures per entry

Create: Settings → Backup → Create archive. Download, store offline.

Restore

  • Into the same tenant: Settings → Backup → Restore → upload → pick assets to restore. Existing assets with the same ID can be overwrite or fork (new UUID).
  • Into a new tenant: contact support — we'll provision a blank tenant and import for you.

Disaster recovery drill

We run a DR drill on a customer-willing subset quarterly: restore a recent archive into a dedicated recovery tenant, run a smoke test (log in, open a report, refresh a dataset), and publish the result in the trust report.

Data export (individual)

Users can export their own data (GDPR/DPDP Article 15): Settings → Privacy → Export my data emits a JSON bundle with their profile, activity, and a reference to every asset they created. Workspace admins can do this for any user in the tenant.

Erasure

GDPR/DPDP Article 17: Settings → Privacy → Erase user blanks the profile, revokes sessions, and tombstones audit events (the event row remains for legal reasons; PII is replaced with redacted-<hash>).

Encryption at rest

  • Postgres: AES-256 via the host's LUKS2 volume
  • S3: SSE-KMS with a per-tenant key
  • Backups (WAL, tenant archives): same as source
  • We never store your data in plaintext outside memory