# AccountScope Business Continuity Statement

## 1. Overview and Purpose
This Business Continuity Statement outlines the measures, protocols, and architectural safeguards established by AccountScope to ensure the resilience, redundancy, and continuous availability of our services to UK Top 200 law firms, Big 4 advisors, forensic accounting practices, and HNW family law practitioners.

## 2. Disaster Recovery Metrics
AccountScope operates with clear service targets designed to meet the strict requirements of enterprise risk assessments:
* **Recovery Point Objective (RPO)**: Under 1 hour. In the event of a severe infrastructure failure, data loss is bounded to a maximum of 1 hour of transaction operations.
* **Recovery Time Objective (RTO)**: Under 4 hours. Core application services will be restored to full operational capacity within 4 hours of a declared disaster event.

## 3. Data Backups & Mirroring
All data is stored exclusively in the United Kingdom (AWS London Region - eu-west-2) to ensure compliance with UK GDPR and local data residency protocols.
* **Point-in-Time Recovery (PITR)**: Supabase database instances are configured with continuous physical backups and transaction logs, enabling PITR to any second within the past 14 days.
* **Daily Offsite Backups**: Encrypted database dumps are generated every 24 hours and stored in geographically isolated, secure AWS S3 buckets within the UK.
* **Multi-AZ Replication**: Databases are mirrored in real-time across multiple AWS Availability Zones (AZ) to guard against localized datacentre outages.

## 4. Data Ownership & Export Rights
AccountScope maintains a strict policy of absolute client data ownership.
* **100% Data Ownership**: All processed bank statements, analysis categories, audit trail logs, and custom classifications remain the exclusive property of the subscribing firm/client.
* **Full Portability**: Users can export all analyzed transaction ledgers, evidence logs, and report tables in standardized CSV and Excel formats at any time without restriction.
* **Permanent Evidence Packs**: PDF reports generated through AccountScope include cryptographic SHA-256 hashes verifying their authenticity, ensuring they remain standalone, legally admissible evidence regardless of the platform's active status.

## 5. Security & Isolation
Our architecture uses PostgreSQL Row-Level Security (RLS) to enforce strict tenant isolation, preventing any cross-contamination or unauthorized access. All uploads are encrypted using AES-256 at rest and TLS 1.3 in transit.