Data residency and backups
Where your clinic's data physically lives, how often it's backed up, and how to recover from a disaster.
Overview
Your clinic's database, files, and audit logs are hosted in regional infrastructure — Nigeria-resident for ₦/NGN clinics, Ghana-resident for ₵/GHS clinics. Backups run multiple times a day with off-site copies; restores are practiced regularly.
Steps to understand and verify residency + backup posture
Find your data residency. Country choice at sign-up determines residency. Nigeria-based clinics' data is stored in Lagos data centres; Ghana-based in Accra. Cross-border replication is opt-in only.
Confirm via Settings. Settings → Clinic Profile shows the country. The country can't be changed after sign-up without a manual data migration request.
Backup cadence. The platform backs up the production database every 4 hours via Google Drive (backup-gdrive.js) and full snapshots nightly. File uploads (X-rays, documents) are replicated to object storage with versioning.
Retention. Daily backups are kept 30 days; weekly for 12 weeks; monthly for 12 months; yearly forever. Retention is documented in scripts/disaster-recovery/.
Test restore — clinic level. If you accidentally deleted a patient or appointment, contact support within 24 hours. The platform can pull that record from the most recent backup and restore it without affecting anything else.
Test restore — full disaster. A full disaster (region outage) is mitigated by failover to the alternate region. RPO target is 4 hours; RTO target is 8 hours. The procedure is documented in the platform team's runbook.
Export your own data. Settings → Data → Export lets you pull a full export of your clinic's data as a data file archive. Useful for offline backups, migrations, or compliance.
Right to be deleted. A patient can request deletion via the patient portal. The platform de-identifies the patient's records (preserving statistical data and clinical/financial integrity) within 30 days of the request.